diff --git a/.buildkite/package-lock.json b/.buildkite/package-lock.json index 8d10b3c2b7bc1..92231d27ea50f 100644 --- a/.buildkite/package-lock.json +++ b/.buildkite/package-lock.json @@ -1515,9 +1515,9 @@ } }, "node_modules/tslib": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz", - "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==" + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz", + "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==" }, "node_modules/type-detect": { "version": "4.0.8", @@ -2742,9 +2742,9 @@ } }, "tslib": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz", - "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==" + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz", + "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==" }, "type-detect": { "version": "4.0.8", diff --git a/.buildkite/pipelines/on_merge.yml b/.buildkite/pipelines/on_merge.yml index e5d28465b2dc3..87bb71c312688 100644 --- a/.buildkite/pipelines/on_merge.yml +++ b/.buildkite/pipelines/on_merge.yml @@ -493,6 +493,21 @@ steps: - exit_status: '-1' limit: 3 + - command: .buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh + label: 'Publish OAS docs to bump.sh' + agents: + image: family/kibana-ubuntu-2004 + imageProject: elastic-images-prod + provider: gcp + machineType: n2-standard-2 + preemptible: true + timeout_in_minutes: 60 + continue_on_failure: true + retry: + automatic: + - exit_status: '-1' + limit: 3 + - command: .buildkite/scripts/steps/bazel_cache/bootstrap_linux.sh label: 'Populate local dev bazel cache (Linux)' agents: diff --git a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh index 83dba04c350d2..fdd6a17e778fd 100755 --- a/.buildkite/scripts/steps/openapi_bundling/final_merge.sh +++ b/.buildkite/scripts/steps/openapi_bundling/final_merge.sh @@ -4,8 +4,16 @@ set -euo pipefail source .buildkite/scripts/common/util.sh +cur_dir=$(pwd) +cd oas_docs + +echo --- Installing NPM modules +npm install + echo --- Merge Kibana OpenAPI specs +make api-docs +# make api-docs-lint <-- Relies on JSONPath version with RCE vulnerabilities based on `npm audit`, https://github.com/advisories/GHSA-pppg-cpfq-h7wr -(cd oas_docs && make api-docs && make api-docs-lint) +cd "$cur_dir" check_for_changed_files "make api-docs" true diff --git a/.buildkite/scripts/steps/openapi_publishing/package-lock.json b/.buildkite/scripts/steps/openapi_publishing/package-lock.json new file mode 100644 index 0000000000000..de64cc35aded2 --- /dev/null +++ b/.buildkite/scripts/steps/openapi_publishing/package-lock.json @@ -0,0 +1,1841 @@ +{ + "name": "serverless", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "serverless", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "bump-cli": "^2.8.4" + } + }, + "node_modules/@apidevtools/json-schema-ref-parser": { + "version": "9.1.2", + "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-9.1.2.tgz", + "integrity": "sha512-r1w81DpR+KyRWd3f+rk6TNqMgedmAxZP5v5KWlXQWlgMUUtyEJch0DKEci1SorPMiSeM8XPl7MZ3miJ60JIpQg==", + "dependencies": { + "@jsdevtools/ono": "^7.1.3", + "@types/json-schema": "^7.0.6", + "call-me-maybe": "^1.0.1", + "js-yaml": "^4.1.0" + } + }, + "node_modules/@asyncapi/specs": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/@asyncapi/specs/-/specs-5.1.0.tgz", + "integrity": "sha512-yffhETqehkim43luMnPKOwzY0D0YtU4bKpORIXIaid6p5Y5kDLrMGJaEPkNieQp03HMjhjFrnUPtT8kvqe0+aQ==", + "dependencies": { + "@types/json-schema": "^7.0.11" + } + }, + "node_modules/@clack/core": { + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/@clack/core/-/core-0.3.4.tgz", + "integrity": "sha512-H4hxZDXgHtWTwV3RAVenqcC4VbJZNegbBjlPvzOzCouXtS2y3sDvlO3IsbrPNWuLWPPlYVYPghQdSF64683Ldw==", + "dependencies": { + "picocolors": "^1.0.0", + "sisteransi": "^1.0.5" + } + }, + "node_modules/@clack/prompts": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/@clack/prompts/-/prompts-0.6.3.tgz", + "integrity": "sha512-AM+kFmAHawpUQv2q9+mcB6jLKxXGjgu/r2EQjEwujgpCdzrST6BJqYw00GRn56/L/Izw5U7ImoLmy00X/r80Pw==", + "bundleDependencies": [ + "is-unicode-supported" + ], + "dependencies": { + "@clack/core": "^0.3.2", + "is-unicode-supported": "*", + "picocolors": "^1.0.0", + "sisteransi": "^1.0.5" + } + }, + "node_modules/@clack/prompts/node_modules/is-unicode-supported": { + "version": "1.3.0", + "inBundle": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@cspotcode/source-map-support": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", + "dependencies": { + "@jridgewell/trace-mapping": "0.3.9" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", + "dependencies": { + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" + } + }, + "node_modules/@jsdevtools/ono": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", + "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==" + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@oclif/command": { + "version": "1.8.36", + "resolved": "https://registry.npmjs.org/@oclif/command/-/command-1.8.36.tgz", + "integrity": "sha512-/zACSgaYGtAQRzc7HjzrlIs14FuEYAZrMOEwicRoUnZVyRunG4+t5iSEeQu0Xy2bgbCD0U1SP/EdeNZSTXRwjQ==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/config": "^1.18.2", + "@oclif/errors": "^1.3.6", + "@oclif/help": "^1.0.1", + "@oclif/parser": "^3.8.17", + "debug": "^4.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "@oclif/config": "^1" + } + }, + "node_modules/@oclif/config": { + "version": "1.18.17", + "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.17.tgz", + "integrity": "sha512-k77qyeUvjU8qAJ3XK3fr/QVAqsZO8QOBuESnfeM5HHtPNLSyfVcwiMM2zveSW5xRdLSG3MfV8QnLVkuyCL2ENg==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/errors": "^1.3.6", + "@oclif/parser": "^3.8.17", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-wsl": "^2.1.1", + "tslib": "^2.6.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/core": { + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/@oclif/core/-/core-1.20.4.tgz", + "integrity": "sha512-giug32M4YhSYNYKQwE1L57/+k5gp1+Bq3/0vKNQmzAY1tizFGhvBJc6GIRZasHjU+xtZLutQvrVrJo7chX3hxg==", + "dependencies": { + "@oclif/linewrap": "^1.0.0", + "@oclif/screen": "^3.0.3", + "ansi-escapes": "^4.3.2", + "ansi-styles": "^4.3.0", + "cardinal": "^2.1.1", + "chalk": "^4.1.2", + "clean-stack": "^3.0.1", + "cli-progress": "^3.10.0", + "debug": "^4.3.4", + "ejs": "^3.1.6", + "fs-extra": "^9.1.0", + "get-package-type": "^0.1.0", + "globby": "^11.1.0", + "hyperlinker": "^1.0.0", + "indent-string": "^4.0.0", + "is-wsl": "^2.2.0", + "js-yaml": "^3.14.1", + "natural-orderby": "^2.0.3", + "object-treeify": "^1.1.33", + "password-prompt": "^1.1.2", + "semver": "^7.3.7", + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1", + "supports-color": "^8.1.1", + "supports-hyperlinks": "^2.2.0", + "tslib": "^2.4.1", + "widest-line": "^3.1.0", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@oclif/core/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/@oclif/core/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@oclif/core/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@oclif/errors": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/@oclif/errors/-/errors-1.3.6.tgz", + "integrity": "sha512-fYaU4aDceETd89KXP+3cLyg9EHZsLD3RxF2IU9yxahhBpspWjkWi3Dy3bTgcwZ3V47BgxQaGapzJWDM33XIVDQ==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "clean-stack": "^3.0.0", + "fs-extra": "^8.1", + "indent-string": "^4.0.0", + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/errors/node_modules/fs-extra": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==", + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^4.0.0", + "universalify": "^0.1.0" + }, + "engines": { + "node": ">=6 <7 || >=8" + } + }, + "node_modules/@oclif/errors/node_modules/jsonfile": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "integrity": "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==", + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/@oclif/errors/node_modules/universalify": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/@oclif/help": { + "version": "1.0.15", + "resolved": "https://registry.npmjs.org/@oclif/help/-/help-1.0.15.tgz", + "integrity": "sha512-Yt8UHoetk/XqohYX76DfdrUYLsPKMc5pgkzsZVHDyBSkLiGRzujVaGZdjr32ckVZU9q3a47IjhWxhip7Dz5W/g==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/config": "1.18.16", + "@oclif/errors": "1.3.6", + "chalk": "^4.1.2", + "indent-string": "^4.0.0", + "lodash": "^4.17.21", + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "widest-line": "^3.1.0", + "wrap-ansi": "^6.2.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/help/node_modules/@oclif/config": { + "version": "1.18.16", + "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.16.tgz", + "integrity": "sha512-VskIxVcN22qJzxRUq+raalq6Q3HUde7sokB7/xk5TqRZGEKRVbFeqdQBxDWwQeudiJEgcNiMvIFbMQ43dY37FA==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/errors": "^1.3.6", + "@oclif/parser": "^3.8.16", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-wsl": "^2.1.1", + "tslib": "^2.6.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/help/node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@oclif/linewrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@oclif/linewrap/-/linewrap-1.0.0.tgz", + "integrity": "sha512-Ups2dShK52xXa8w6iBWLgcjPJWjais6KPJQq3gQ/88AY6BXoTX+MIGFPrWQO1KLMiQfoTpcLnUwloN4brrVUHw==" + }, + "node_modules/@oclif/parser": { + "version": "3.8.17", + "resolved": "https://registry.npmjs.org/@oclif/parser/-/parser-3.8.17.tgz", + "integrity": "sha512-l04iSd0xoh/16TGVpXb81Gg3z7tlQGrEup16BrVLsZBK6SEYpYHRJZnM32BwZrHI97ZSFfuSwVlzoo6HdsaK8A==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/errors": "^1.3.6", + "@oclif/linewrap": "^1.0.0", + "chalk": "^4.1.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/plugin-help": { + "version": "5.2.20", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-5.2.20.tgz", + "integrity": "sha512-u+GXX/KAGL9S10LxAwNUaWdzbEBARJ92ogmM7g3gDVud2HioCmvWQCDohNRVZ9GYV9oKwZ/M8xwd6a1d95rEKQ==", + "dependencies": { + "@oclif/core": "^2.15.0" + }, + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/@oclif/plugin-help/node_modules/@oclif/core": { + "version": "2.16.0", + "resolved": "https://registry.npmjs.org/@oclif/core/-/core-2.16.0.tgz", + "integrity": "sha512-dL6atBH0zCZl1A1IXCKJgLPrM/wR7K+Wi401E/IvqsK8m2iCHW+0TEOGrans/cuN3oTW+uxIyJFHJ8Im0k4qBw==", + "dependencies": { + "@types/cli-progress": "^3.11.0", + "ansi-escapes": "^4.3.2", + "ansi-styles": "^4.3.0", + "cardinal": "^2.1.1", + "chalk": "^4.1.2", + "clean-stack": "^3.0.1", + "cli-progress": "^3.12.0", + "debug": "^4.3.4", + "ejs": "^3.1.8", + "get-package-type": "^0.1.0", + "globby": "^11.1.0", + "hyperlinker": "^1.0.0", + "indent-string": "^4.0.0", + "is-wsl": "^2.2.0", + "js-yaml": "^3.14.1", + "natural-orderby": "^2.0.3", + "object-treeify": "^1.1.33", + "password-prompt": "^1.1.2", + "slice-ansi": "^4.0.0", + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1", + "supports-color": "^8.1.1", + "supports-hyperlinks": "^2.2.0", + "ts-node": "^10.9.1", + "tslib": "^2.5.0", + "widest-line": "^3.1.0", + "wordwrap": "^1.0.0", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@oclif/plugin-help/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/@oclif/plugin-help/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@oclif/plugin-help/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@oclif/screen": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@oclif/screen/-/screen-3.0.8.tgz", + "integrity": "sha512-yx6KAqlt3TAHBduS2fMQtJDL2ufIHnDRArrJEOoTTuizxqmjLT+psGYOHpmMl3gvQpFJ11Hs76guUUktzAF9Bg==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/@stoplight/ordered-object-literal": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/@stoplight/ordered-object-literal/-/ordered-object-literal-1.0.5.tgz", + "integrity": "sha512-COTiuCU5bgMUtbIFBuyyh2/yVVzlr5Om0v5utQDgBCuQUOPgU1DwoffkTfg4UBQOvByi5foF4w4T+H9CoRe5wg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/@stoplight/types": { + "version": "14.1.1", + "resolved": "https://registry.npmjs.org/@stoplight/types/-/types-14.1.1.tgz", + "integrity": "sha512-/kjtr+0t0tjKr+heVfviO9FrU/uGLc+QNX3fHJc19xsCNYqU7lVhaXxDmEID9BZTjG+/r9pK9xP/xU02XGg65g==", + "dependencies": { + "@types/json-schema": "^7.0.4", + "utility-types": "^3.10.0" + }, + "engines": { + "node": "^12.20 || >=14.13" + } + }, + "node_modules/@stoplight/yaml": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/@stoplight/yaml/-/yaml-4.3.0.tgz", + "integrity": "sha512-JZlVFE6/dYpP9tQmV0/ADfn32L9uFarHWxfcRhReKUnljz1ZiUM5zpX+PH8h5CJs6lao3TuFqnPm9IJJCEkE2w==", + "dependencies": { + "@stoplight/ordered-object-literal": "^1.0.5", + "@stoplight/types": "^14.1.1", + "@stoplight/yaml-ast-parser": "0.0.50", + "tslib": "^2.2.0" + }, + "engines": { + "node": ">=10.8" + } + }, + "node_modules/@stoplight/yaml-ast-parser": { + "version": "0.0.50", + "resolved": "https://registry.npmjs.org/@stoplight/yaml-ast-parser/-/yaml-ast-parser-0.0.50.tgz", + "integrity": "sha512-Pb6M8TDO9DtSVla9yXSTAxmo9GVEouq5P40DWXdOie69bXogZTkgvopCq+yEvTMA0F6PEvdJmbtTV3ccIp11VQ==" + }, + "node_modules/@tsconfig/node10": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw==" + }, + "node_modules/@tsconfig/node12": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==" + }, + "node_modules/@tsconfig/node14": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==" + }, + "node_modules/@tsconfig/node16": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==" + }, + "node_modules/@types/cli-progress": { + "version": "3.11.6", + "resolved": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.6.tgz", + "integrity": "sha512-cE3+jb9WRlu+uOSAugewNpITJDt1VF8dHOopPO4IABFc3SXYL5WE/+PTz/FCdZRRfIujiWW3n3aMbv1eIGVRWA==", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==" + }, + "node_modules/@types/node": { + "version": "22.8.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.8.1.tgz", + "integrity": "sha512-k6Gi8Yyo8EtrNtkHXutUu2corfDf9su95VYVP10aGYMMROM6SAItZi0w1XszA6RtWTHSVp5OeFof37w0IEqCQg==", + "dependencies": { + "undici-types": "~6.19.8" + } + }, + "node_modules/acorn": { + "version": "8.14.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", + "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-walk": { + "version": "8.3.4", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz", + "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/ansi-escapes": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", + "dependencies": { + "type-fest": "^0.21.3" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/ansicolors": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "integrity": "sha512-QXu7BPrP29VllRxH8GwB7x5iX5qWKAAMLqKQGWTeLWVlNHNOpVMJ91dsxQAIWXpjuW5wqvxu3Jd/nRjrJ+0pqg==" + }, + "node_modules/arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==" + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/astral-regex": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/async": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", + "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==" + }, + "node_modules/async-mutex": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/async-mutex/-/async-mutex-0.4.1.tgz", + "integrity": "sha512-WfoBo4E/TbCX1G95XTjbWTE3X2XLG0m1Xbv2cwOtuPdyH9CZvnaA5nCt1ucjaKEgW2A5IF71hxrRhr83Je5xjA==", + "dependencies": { + "tslib": "^2.4.0" + } + }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" + }, + "node_modules/at-least-node": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", + "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/axios": { + "version": "1.7.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz", + "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==", + "dependencies": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/bump-cli": { + "version": "2.8.4", + "resolved": "https://registry.npmjs.org/bump-cli/-/bump-cli-2.8.4.tgz", + "integrity": "sha512-FwcsaY1jmCtwXkuIhkPxGLysLrxCJKnl54PHutb7N4FIuO9Hq8Xjn1giEfO3ZK8UGVZ9DiAb11H9ypFP6WNnhQ==", + "dependencies": { + "@apidevtools/json-schema-ref-parser": "^9.0.7", + "@asyncapi/specs": "^5.1.0", + "@clack/prompts": "^0.6.3", + "@oclif/command": "^1.8.36", + "@oclif/config": "^1.18.17", + "@oclif/core": "1.20.4", + "@oclif/plugin-help": "^5.1.10", + "@stoplight/yaml": "^4.2.3", + "async-mutex": "^0.4.0", + "axios": "^1.6.4", + "debug": "^4.3.1", + "jsonpath": "^1.1.1", + "mergician": "^1.0.3", + "oas-schemas": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023", + "tslib": "^2.3.0" + }, + "bin": { + "bump": "bin/run" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/call-me-maybe": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz", + "integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ==" + }, + "node_modules/cardinal": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "integrity": "sha512-JSr5eOgoEymtYHBjNWyjrMqet9Am2miJhlfKNdqLp6zoeAh0KN5dRAcxlecj5mAJrmQomgiOBj35xHLrFjqBpw==", + "dependencies": { + "ansicolors": "~0.3.2", + "redeyed": "~2.1.0" + }, + "bin": { + "cdl": "bin/cdl.js" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/clean-stack": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "integrity": "sha512-lR9wNiMRcVQjSB3a7xXGLuz4cr4wJuuXlaAEbRutGowQTmlp7R72/DOgN21e8jdwblMWl9UOJMJXarX94pzKdg==", + "dependencies": { + "escape-string-regexp": "4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-progress": { + "version": "3.12.0", + "resolved": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "integrity": "sha512-tRkV3HJ1ASwm19THiiLIXLO7Im7wlTuKnvkYaTkyoAPefqjNg7W7DHKUlGRxy9vxDvbyCYQkQozvptuMkGCg8A==", + "dependencies": { + "string-width": "^4.2.3" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==" + }, + "node_modules/create-require": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==" + }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/debug": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", + "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==" + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ejs": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==", + "dependencies": { + "jake": "^10.8.5" + }, + "bin": { + "ejs": "bin/cli.js" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/escodegen": { + "version": "1.14.3", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz", + "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==", + "dependencies": { + "esprima": "^4.0.1", + "estraverse": "^4.2.0", + "esutils": "^2.0.2", + "optionator": "^0.8.1" + }, + "bin": { + "escodegen": "bin/escodegen.js", + "esgenerate": "bin/esgenerate.js" + }, + "engines": { + "node": ">=4.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, + "node_modules/escodegen/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esprima": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz", + "integrity": "sha512-+JpPZam9w5DuJ3Q67SqsMGtiHKENSMRVoxvArfJZK01/BfLEObtZ6orJa/MtoGNR/rfMgp5837T41PAmTwAv/A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/estraverse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-glob": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" + }, + "node_modules/fastq": { + "version": "1.17.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/filelist": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", + "dependencies": { + "minimatch": "^5.0.1" + } + }, + "node_modules/filelist/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/filelist/node_modules/minimatch": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/follow-redirects": { + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz", + "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/get-package-type": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/hyperlinker": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "integrity": "sha512-Ty8UblRWFEcfSuIaajM34LdPXIhbs1ajEX/BBPv24J+enSVaEVY63xQ6lTO9VRYS5LAoghIG0IDJ+p+IPzKUQQ==", + "engines": { + "node": ">=4" + } + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "dependencies": { + "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" + }, + "node_modules/jake": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.2.tgz", + "integrity": "sha512-2P4SQ0HrLQ+fw6llpLnOaGAvN2Zu6778SJMrCUwns4fOoG9ayrTiZk3VV8sCPkVZF8ab0zksVpS8FDY5pRCNBA==", + "dependencies": { + "async": "^3.2.3", + "chalk": "^4.0.2", + "filelist": "^1.0.4", + "minimatch": "^3.1.2" + }, + "bin": { + "jake": "bin/cli.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/jsonpath": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz", + "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==", + "dependencies": { + "esprima": "1.2.2", + "static-eval": "2.0.2", + "underscore": "1.12.1" + } + }, + "node_modules/levn": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", + "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==", + "dependencies": { + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/mergician": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/mergician/-/mergician-1.1.0.tgz", + "integrity": "sha512-FXbxzU6BBhGkV8XtUr8Sk015ZRaAALviit8Lle6OEgd1udX8wlu6tBeUMLGQGdz1MfHpAVNNQkXowyDnJuhXpA==", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, + "node_modules/natural-orderby": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "integrity": "sha512-p7KTHxU0CUrcOXe62Zfrb5Z13nLvPhSWR/so3kFulUQU0sgUll2Z0LwpsLN351eOOD+hRGu/F1g+6xDfPeD++Q==", + "engines": { + "node": "*" + } + }, + "node_modules/oas-schemas": { + "version": "2.0.0", + "resolved": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023", + "integrity": "sha512-B0izsjJFhgA/KCQExAt7cfLyw42KD+r3NE7hKbkmGSqoe3gb57eMUXTlN4MwEicFR86Gno+h3OSnRcHfUlVubQ==" + }, + "node_modules/object-treeify": { + "version": "1.1.33", + "resolved": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "integrity": "sha512-EFVjAYfzWqWsBMRHPMAXLCDIJnpMhdWAqR7xG6M6a2cs6PMFpl/+Z20w9zDW4vkxOFfddegBKq9Rehd0bxWE7A==", + "engines": { + "node": ">= 10" + } + }, + "node_modules/optionator": { + "version": "0.8.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", + "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "dependencies": { + "deep-is": "~0.1.3", + "fast-levenshtein": "~2.0.6", + "levn": "~0.3.0", + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2", + "word-wrap": "~1.2.3" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/password-prompt": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "integrity": "sha512-HkrjG2aJlvF0t2BMH0e2LB/EHf3Lcq3fNMzy4GYHcQblAvOl+QQji1Lx7WRBMqpVK8p+KR7bCg7oqAMXtdgqyw==", + "dependencies": { + "ansi-escapes": "^4.3.2", + "cross-spawn": "^7.0.3" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/prelude-ls": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", + "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/redeyed": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "integrity": "sha512-FNpGGo1DycYAdnrKFxCMmKYgo/mILAqtRYbkdQD8Ep/Hk2PQ5+aEAEx+IU713RTDmuBaH0c8P5ZozurNu5ObRQ==", + "dependencies": { + "esprima": "~4.0.0" + } + }, + "node_modules/redeyed/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "engines": { + "node": ">=8" + } + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==" + }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/slice-ansi": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==", + "dependencies": { + "ansi-styles": "^4.0.0", + "astral-regex": "^2.0.0", + "is-fullwidth-code-point": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "optional": true, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==" + }, + "node_modules/static-eval": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz", + "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==", + "dependencies": { + "escodegen": "^1.8.1" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/supports-hyperlinks": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==", + "dependencies": { + "has-flag": "^4.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-hyperlinks/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/ts-node": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", + "dependencies": { + "@cspotcode/source-map-support": "^0.8.0", + "@tsconfig/node10": "^1.0.7", + "@tsconfig/node12": "^1.0.7", + "@tsconfig/node14": "^1.0.0", + "@tsconfig/node16": "^1.0.2", + "acorn": "^8.4.1", + "acorn-walk": "^8.1.1", + "arg": "^4.1.0", + "create-require": "^1.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "v8-compile-cache-lib": "^3.0.1", + "yn": "3.1.1" + }, + "bin": { + "ts-node": "dist/bin.js", + "ts-node-cwd": "dist/bin-cwd.js", + "ts-node-esm": "dist/bin-esm.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "peerDependencies": { + "@swc/core": ">=1.2.50", + "@swc/wasm": ">=1.2.50", + "@types/node": "*", + "typescript": ">=2.7" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "@swc/wasm": { + "optional": true + } + } + }, + "node_modules/tslib": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz", + "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==" + }, + "node_modules/type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==", + "dependencies": { + "prelude-ls": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz", + "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/underscore": { + "version": "1.12.1", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz", + "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw==" + }, + "node_modules/undici-types": { + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", + "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==" + }, + "node_modules/universalify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/utility-types": { + "version": "3.11.0", + "resolved": "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz", + "integrity": "sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/v8-compile-cache-lib": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==" + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/widest-line": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "integrity": "sha512-NsmoXalsWVDMGupxZ5R08ka9flZjjiLvHVAWYOKtiKM8ujtZWr9cRffak+uSE48+Ob8ObalXpwyeUiyDD6QFgg==", + "dependencies": { + "string-width": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/wordwrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==" + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "engines": { + "node": ">=6" + } + } + } +} diff --git a/.buildkite/scripts/steps/openapi_publishing/package.json b/.buildkite/scripts/steps/openapi_publishing/package.json new file mode 100644 index 0000000000000..fa60b97905b14 --- /dev/null +++ b/.buildkite/scripts/steps/openapi_publishing/package.json @@ -0,0 +1,15 @@ +{ + "name": "serverless", + "version": "1.0.0", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "description": "", + "dependencies": { + "bump-cli": "^2.8.4" + } +} diff --git a/.buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh b/.buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh new file mode 100755 index 0000000000000..2791f9519afd9 --- /dev/null +++ b/.buildkite/scripts/steps/openapi_publishing/publish_oas_docs.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source .buildkite/scripts/common/util.sh + +echo "--- Publish OAS docs" + +echo "--- Installing NPM modules" + +deploy_to_bump() { + local file_path="${1:-}" + local doc_name="${2:-}" + local doc_token="${3:-}" + local branch="${4:-}" + local cur_dir=$(pwd) + + cd "$(dirname "${BASH_SOURCE[0]}")" + npm install + + echo "Checking diff for doc '$doc_name' against file '$file_path' on branch '$branch'..." + local result=$(npx bump diff $file_path --doc $doc_name --token $doc_token --branch $branch --format=json) + local change_count=$(jq '. | length' <<<$result) + if [[ ! -z $change_count && $change_count -gt 0 ]]; then + echo "Found $change_count changes..." + echo "About to deploy file '$file_path' to doc '$doc_name' to '$branch' on bump.sh..." + npx bump deploy $file_path \ + --branch $branch \ + --doc $doc_name \ + --token $doc_token ; + echo "" + echo "Note: if there is a warning of unchanged docs we probably have unpublished deployments waiting." + echo "Go to https://bump.sh/elastic/dashboard to see all the docs in the hub." + else + echo "Did not detect changes for '$file_path'; not deploying. Got response: '$result'" + fi + + echo "Switch back to dir '$cur_dir'" + cd $cur_dir +} + +if [[ "$BUILDKITE_BRANCH" == "main" ]]; then + BUMP_KIBANA_DOC_NAME="$(vault_get kibana-bump-sh kibana-doc-name)" + BUMP_KIBANA_DOC_TOKEN="$(vault_get kibana-bump-sh kibana-token)" + deploy_to_bump "$(pwd)/oas_docs/output/kibana.yaml" $BUMP_KIBANA_DOC_NAME $BUMP_KIBANA_DOC_TOKEN main; + exit 0; +fi + +if [[ "$BUILDKITE_BRANCH" == "8.x" ]]; then + BUMP_KIBANA_DOC_NAME="$(vault_get kibana-bump-sh kibana-doc-name)" + BUMP_KIBANA_DOC_TOKEN="$(vault_get kibana-bump-sh kibana-token)" + deploy_to_bump "$(pwd)/oas_docs/output/kibana.yaml" $BUMP_KIBANA_DOC_NAME $BUMP_KIBANA_DOC_TOKEN 8x-unreleased; + exit 0; +fi + +echo "No branches found to push to; stopping here." \ No newline at end of file diff --git a/oas_docs/README.md b/oas_docs/README.md index 3312bc60771e0..cec4dcb9af441 100644 --- a/oas_docs/README.md +++ b/oas_docs/README.md @@ -39,13 +39,4 @@ The `oas_docs/output` folder contains the final resulting Kibana OpenAPI bundles ## Bundling commands -Besides the scripts in the `oas_docs/scripts` folder, there is an `oas_docs/makefile` to simplify the workflow. The following makefile targets are available: - -| Command | Description | -| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| `api-docs` | Builds ESS Kibana OpenAPI bundle | -| `api-docs-serverless` | Builds Serverless Kibana OpenAPI bundle | -| `api-docs-lint` | Lints built result bundles | -| `api-docs-preview` | Generates (ESS + Serverless) Kibana OpenAPI bundles preview | -| `api-docs-overlay` | Applies [overlays](https://docs.bump.sh/help/specification-support/overlays/) from `overlays` folder to the Kibana OpenAPI bundles and generate `*.new.yaml` files. Overlays help to fine tune the result bundles. | -| `api-docs-overlay-preview` | Generates a preview for bundles produced by `api-docs-overlay` | +Besides the scripts in the `oas_docs/scripts` folder, there is an `oas_docs/makefile` to simplify the workflow. Use `make help` to see available commands. diff --git a/oas_docs/makefile b/oas_docs/makefile index 1bfd2b8db2323..355a7db9ef14e 100644 --- a/oas_docs/makefile +++ b/oas_docs/makefile @@ -14,16 +14,21 @@ # permission is obtained from Elasticsearch B.V. .PHONY: api-docs -api-docs: ## Generate Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler +api-docs: ## Generate Serverless and ESS Kibana OpenAPI bundles + $(MAKE) merge-api-docs + $(MAKE) api-docs-overlay + +.PHONY: merge-api-docs +merge-api-docs: ## Merge Serverless and ESS Kibana OpenAPI bundles with kbn-openapi-bundler @node scripts/merge_serverless_oas.js @node scripts/merge_ess_oas.js -.PHONY: api-docs-stateful -api-docs-stateful: ## Generate only kibana.yaml +.PHONY: merge-api-docs-stateful +merge-api-docs-stateful: ## Merge only kibana.yaml @node scripts/merge_ess_oas.js -.PHONY: api-docs-serverless -api-docs-serverless: ## Generate only kibana.serverless.yaml +.PHONY: merge-api-docs-serverless +merge-api-docs-serverless: ## Merge only kibana.serverless.yaml @node scripts/merge_serverless_oas.js .PHONY: api-docs-lint @@ -39,7 +44,7 @@ api-docs-lint-serverless: ## Run redocly API docs linter on kibana.serverless.ya @npx @redocly/cli lint "output/kibana.serverless.yaml" --config "linters/redocly.yaml" --format stylish --max-problems 500 .PHONY: api-docs-overlay -api-docs-overlay: ## Run spectral API docs linter on kibana.serverless.yaml +api-docs-overlay: ## Apply all overlays @npx bump-cli overlay "output/kibana.serverless.yaml" "overlays/kibana.overlays.serverless.yaml" > "output/kibana.serverless.tmp1.yaml" @npx bump-cli overlay "output/kibana.serverless.tmp1.yaml" "overlays/alerting.overlays.yaml" > "output/kibana.serverless.tmp2.yaml" @npx bump-cli overlay "output/kibana.serverless.tmp2.yaml" "overlays/connectors.overlays.yaml" > "output/kibana.serverless.tmp3.yaml" @@ -48,24 +53,20 @@ api-docs-overlay: ## Run spectral API docs linter on kibana.serverless.yaml @npx bump-cli overlay "output/kibana.tmp1.yaml" "overlays/alerting.overlays.yaml" > "output/kibana.tmp2.yaml" @npx bump-cli overlay "output/kibana.tmp2.yaml" "overlays/connectors.overlays.yaml" > "output/kibana.tmp3.yaml" @npx bump-cli overlay "output/kibana.tmp3.yaml" "overlays/kibana.overlays.shared.yaml" > "output/kibana.tmp4.yaml" - @npx @redocly/cli bundle output/kibana.serverless.tmp4.yaml --ext yaml -o output/kibana.serverless.new.yaml - @npx @redocly/cli bundle output/kibana.tmp4.yaml --ext yaml -o output/kibana.new.yaml + @npx @redocly/cli bundle output/kibana.serverless.tmp4.yaml --ext yaml -o output/kibana.serverless.yaml + @npx @redocly/cli bundle output/kibana.tmp4.yaml --ext yaml -o output/kibana.yaml rm output/kibana.tmp*.yaml rm output/kibana.serverless.tmp*.yaml .PHONY: api-docs-preview api-docs-preview: ## Generate a preview for kibana.yaml and kibana.serverless.yaml + @echo "Rendering stateful docs preview..." @npx bump-cli preview "output/kibana.yaml" + @echo "Rendering serverless docs preview..." @npx bump-cli preview "output/kibana.serverless.yaml" -.PHONY: api-docs-overlay-preview -api-docs-overlay-preview: ## Generate a preview for kibana.new.yaml and kibana.serverless.new.yaml - @npx bump-cli preview "output/kibana.new.yaml" - @npx bump-cli preview "output/kibana.serverless.new.yaml" - help: ## Display help @awk 'BEGIN {FS = ":.*##"; printf "Usage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) #------------- -------------- -.DEFAULT_GOAL := help - +.DEFAULT_GOAL := help \ No newline at end of file diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 2b64330a1937a..10dbdbe44e26a 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -2,61 +2,36 @@ openapi: 3.0.3 info: contact: name: Kibana Team - description: > + description: | **Technical preview** - - This functionality is in technical preview and may be changed or removed in - a future release. - - Elastic will work to fix any issues, but features in technical preview are - not subject to the support SLA of official GA features. - + This functionality is in technical preview and may be changed or removed in a future release. + Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. The Kibana REST APIs for Elastic serverless enable you to manage resources - such as connectors, data views, and saved objects. The API calls are - stateless. Each request that you make happens in isolation from other calls - and must include all of the necessary information for Kibana to fulfill the - request. API requests return JSON output, which is a format that is - machine-readable and works well for automation. - To interact with Kibana APIs, use the following operations: - - GET: Fetches the information. - - POST: Adds new information. - - PUT: Updates the existing information. - - DELETE: Removes the information. - You can prepend any Kibana API endpoint with `kbn:` and run the request in - **Dev Tools → Console**. For example: - ``` - GET kbn:/api/data_views - ``` - ## Documentation source and versions - - This documentation is derived from the `main` branch of the - [kibana](https://github.com/elastic/kibana) repository. - - It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 - International](https://creativecommons.org/licenses/by-nc-nd/4.0/). + This documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository. + It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/). title: Kibana Serverless APIs version: 1.0.2 x-doc-license: @@ -64,23 +39,118 @@ info: url: https://creativecommons.org/licenses/by-nc-nd/4.0/ x-feedbackLink: label: Feedback - url: >- - https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ + url: https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ servers: - - url: http://{kibana_host}:{port} - variables: - kibana_host: - default: localhost - port: - default: '5601' - - url: http://localhost:5622 - url: https://{kibana_url} variables: kibana_url: default: localhost:5601 - - url: / - - description: local - url: http://localhost:5601 +security: + - apiKeyAuth: [] +tags: + - name: alerting + description: | + Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations. + externalDocs: + description: Alerting documentation + url: https://www.elastic.co/docs/current/serverless/rules + x-displayName: Alerting + - description: | + Adjust APM agent configuration without need to redeploy your application. + name: APM agent configuration + - description: | + Configure APM agent keys to authorize requests from APM agents to the APM Server. + name: APM agent keys + - description: | + Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications. + name: APM annotations + - description: Create APM fleet server schema. + name: APM server schema + - description: Configure APM source maps. + name: APM sourcemaps + - name: connectors + description: | + Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met. + externalDocs: + description: Connector documentation + url: https://www.elastic.co/docs/current/serverless/action-connectors + x-displayName: Connectors + - name: Data streams + - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns. + name: data views + x-displayName: Data views + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Agents + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet Server hosts + - name: Fleet service tokens + - name: Fleet uninstall tokens + - name: Message Signing Service + - description: Machine learning + name: ml + x-displayName: Machine learning + - name: roles + x-displayName: Roles + description: Manage the roles that grant Elasticsearch and Kibana privileges. + externalDocs: + description: Kibana role management + url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html + - description: | + Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs. + + To manage a specific type of saved object, use the corresponding APIs. + For example, use: + + [Data views](../group/endpoint-data-views) + + Warning: Do not write documents directly to the `.kibana` index. When you write directly to the `.kibana` index, the data becomes corrupted and permanently breaks future Kibana versions. + name: saved objects + x-displayName: Saved objects + - description: Manage and interact with Security Assistant resources. + name: Security AI Assistant API + x-displayName: Security AI assistant + - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + name: Security Detections API + x-displayName: Security detections + - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + name: Security Endpoint Exceptions API + x-displayName: Security endpoint exceptions + - description: Interact with and manage endpoints running the Elastic Defend integration. + name: Security Endpoint Management API + x-displayName: Security endpoint management + - description: '' + name: Security Entity Analytics API + x-displayName: Security entity analytics + - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + name: Security Exceptions API + x-displayName: Security exceptions + - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + name: Security Lists API + x-displayName: Security lists + - description: Run live queries, manage packs and saved queries. + name: Security Osquery API + x-displayName: Security Osquery + - description: You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. + name: Security Timeline API + x-displayName: Security timeline + - description: SLO APIs enable you to define, manage and track service-level objectives + name: slo + x-displayName: Service level objectives + - name: spaces + x-displayName: Spaces + description: Manage your Kibana spaces. + - name: system + x-displayName: System + description: | + Get information about the system status, resource usage, and installed plugins. paths: /api/actions/connector_types: get: @@ -95,18 +165,24 @@ paths: enum: - '2023-10-31' type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). + - description: A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). in: query name: feature_id required: false schema: type: string - responses: {} + responses: + '200': + description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorTypesServerlessResponse: + $ref: '#/components/examples/get_connector_types_generativeai_response' summary: Get connector types tags: - connectors + x-beta: true /api/actions/connector/{id}: delete: description: 'WARNING: When you delete a connector, it cannot be recovered.' @@ -139,6 +215,7 @@ paths: summary: Delete a connector tags: - connectors + x-beta: true get: operationId: get-actions-connector-id parameters: @@ -180,15 +257,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -200,10 +272,14 @@ paths: - is_preconfigured - is_deprecated - is_system_action + examples: + getConnectorResponse: + $ref: '#/components/examples/get_connector_response' description: Indicates a successful call. summary: Get connector information tags: - connectors + x-beta: true post: operationId: post-actions-connector-id parameters: @@ -225,7 +301,7 @@ paths: - description: An identifier for the connector. in: path name: id - required: false + required: true schema: type: string requestBody: @@ -235,23 +311,77 @@ paths: additionalProperties: false type: object properties: - config: - additionalProperties: {} - default: {} - type: object connector_type_id: description: The type of connector. type: string name: description: The display name for the connector. type: string + config: + additionalProperties: {} + default: {} + description: The connector configuration details. + oneOf: + - $ref: '#/components/schemas/bedrock_config' + - $ref: '#/components/schemas/crowdstrike_config' + - $ref: '#/components/schemas/d3security_config' + - $ref: '#/components/schemas/email_config' + - $ref: '#/components/schemas/gemini_config' + - $ref: '#/components/schemas/resilient_config' + - $ref: '#/components/schemas/index_config' + - $ref: '#/components/schemas/jira_config' + - $ref: '#/components/schemas/genai_azure_config' + - $ref: '#/components/schemas/genai_openai_config' + - $ref: '#/components/schemas/opsgenie_config' + - $ref: '#/components/schemas/pagerduty_config' + - $ref: '#/components/schemas/sentinelone_config' + - $ref: '#/components/schemas/servicenow_config' + - $ref: '#/components/schemas/servicenow_itom_config' + - $ref: '#/components/schemas/slack_api_config' + - $ref: '#/components/schemas/swimlane_config' + - $ref: '#/components/schemas/thehive_config' + - $ref: '#/components/schemas/tines_config' + - $ref: '#/components/schemas/torq_config' + - $ref: '#/components/schemas/webhook_config' + - $ref: '#/components/schemas/cases_webhook_config' + - $ref: '#/components/schemas/xmatters_config' secrets: additionalProperties: {} default: {} - type: object + oneOf: + - $ref: '#/components/schemas/bedrock_secrets' + - $ref: '#/components/schemas/crowdstrike_secrets' + - $ref: '#/components/schemas/d3security_secrets' + - $ref: '#/components/schemas/email_secrets' + - $ref: '#/components/schemas/gemini_secrets' + - $ref: '#/components/schemas/resilient_secrets' + - $ref: '#/components/schemas/jira_secrets' + - $ref: '#/components/schemas/teams_secrets' + - $ref: '#/components/schemas/genai_secrets' + - $ref: '#/components/schemas/opsgenie_secrets' + - $ref: '#/components/schemas/pagerduty_secrets' + - $ref: '#/components/schemas/sentinelone_secrets' + - $ref: '#/components/schemas/servicenow_secrets' + - $ref: '#/components/schemas/slack_api_secrets' + - $ref: '#/components/schemas/swimlane_secrets' + - $ref: '#/components/schemas/thehive_secrets' + - $ref: '#/components/schemas/tines_secrets' + - $ref: '#/components/schemas/torq_secrets' + - $ref: '#/components/schemas/webhook_secrets' + - $ref: '#/components/schemas/cases_webhook_secrets' + - $ref: '#/components/schemas/xmatters_secrets' required: - name - connector_type_id + examples: + createEmailConnectorRequest: + $ref: '#/components/examples/create_email_connector_request' + createIndexConnectorRequest: + $ref: '#/components/examples/create_index_connector_request' + createWebhookConnectorRequest: + $ref: '#/components/examples/create_webhook_connector_request' + createXmattersConnectorRequest: + $ref: '#/components/examples/create_xmatters_connector_request' responses: '200': content: @@ -276,15 +406,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -296,10 +421,20 @@ paths: - is_preconfigured - is_deprecated - is_system_action + examples: + createEmailConnectorResponse: + $ref: '#/components/examples/create_email_connector_response' + createIndexConnectorResponse: + $ref: '#/components/examples/create_index_connector_response' + createWebhookConnectorResponse: + $ref: '#/components/examples/create_webhook_connector_response' + createXmattersConnectorResponse: + $ref: '#/components/examples/get_connector_response' description: Indicates a successful call. summary: Create a connector tags: - connectors + x-beta: true put: operationId: put-actions-connector-id parameters: @@ -331,19 +466,67 @@ paths: additionalProperties: false type: object properties: - config: - additionalProperties: {} - default: {} - type: object name: description: The display name for the connector. type: string + config: + additionalProperties: {} + default: {} + description: The connector configuration details. + oneOf: + - $ref: '#/components/schemas/bedrock_config' + - $ref: '#/components/schemas/crowdstrike_config' + - $ref: '#/components/schemas/d3security_config' + - $ref: '#/components/schemas/email_config' + - $ref: '#/components/schemas/gemini_config' + - $ref: '#/components/schemas/resilient_config' + - $ref: '#/components/schemas/index_config' + - $ref: '#/components/schemas/jira_config' + - $ref: '#/components/schemas/genai_azure_config' + - $ref: '#/components/schemas/genai_openai_config' + - $ref: '#/components/schemas/opsgenie_config' + - $ref: '#/components/schemas/pagerduty_config' + - $ref: '#/components/schemas/sentinelone_config' + - $ref: '#/components/schemas/servicenow_config' + - $ref: '#/components/schemas/servicenow_itom_config' + - $ref: '#/components/schemas/slack_api_config' + - $ref: '#/components/schemas/swimlane_config' + - $ref: '#/components/schemas/thehive_config' + - $ref: '#/components/schemas/tines_config' + - $ref: '#/components/schemas/torq_config' + - $ref: '#/components/schemas/webhook_config' + - $ref: '#/components/schemas/cases_webhook_config' + - $ref: '#/components/schemas/xmatters_config' secrets: additionalProperties: {} default: {} - type: object + oneOf: + - $ref: '#/components/schemas/bedrock_secrets' + - $ref: '#/components/schemas/crowdstrike_secrets' + - $ref: '#/components/schemas/d3security_secrets' + - $ref: '#/components/schemas/email_secrets' + - $ref: '#/components/schemas/gemini_secrets' + - $ref: '#/components/schemas/resilient_secrets' + - $ref: '#/components/schemas/jira_secrets' + - $ref: '#/components/schemas/teams_secrets' + - $ref: '#/components/schemas/genai_secrets' + - $ref: '#/components/schemas/opsgenie_secrets' + - $ref: '#/components/schemas/pagerduty_secrets' + - $ref: '#/components/schemas/sentinelone_secrets' + - $ref: '#/components/schemas/servicenow_secrets' + - $ref: '#/components/schemas/slack_api_secrets' + - $ref: '#/components/schemas/swimlane_secrets' + - $ref: '#/components/schemas/thehive_secrets' + - $ref: '#/components/schemas/tines_secrets' + - $ref: '#/components/schemas/torq_secrets' + - $ref: '#/components/schemas/webhook_secrets' + - $ref: '#/components/schemas/cases_webhook_secrets' + - $ref: '#/components/schemas/xmatters_secrets' required: - name + examples: + updateIndexConnectorRequest: + $ref: '#/components/examples/update_index_connector_request' responses: '200': content: @@ -368,15 +551,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -392,11 +570,10 @@ paths: summary: Update a connector tags: - connectors + x-beta: true /api/actions/connector/{id}/_execute: post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. + description: You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. operationId: post-actions-connector-id-execute parameters: - description: The version of the API to use @@ -429,9 +606,40 @@ paths: properties: params: additionalProperties: {} - type: object + oneOf: + - $ref: '#/components/schemas/run_acknowledge_resolve_pagerduty' + - $ref: '#/components/schemas/run_documents' + - $ref: '#/components/schemas/run_message_email' + - $ref: '#/components/schemas/run_message_serverlog' + - $ref: '#/components/schemas/run_message_slack' + - $ref: '#/components/schemas/run_trigger_pagerduty' + - $ref: '#/components/schemas/run_addevent' + - $ref: '#/components/schemas/run_closealert' + - $ref: '#/components/schemas/run_closeincident' + - $ref: '#/components/schemas/run_createalert' + - $ref: '#/components/schemas/run_fieldsbyissuetype' + - $ref: '#/components/schemas/run_getchoices' + - $ref: '#/components/schemas/run_getfields' + - $ref: '#/components/schemas/run_getincident' + - $ref: '#/components/schemas/run_issue' + - $ref: '#/components/schemas/run_issues' + - $ref: '#/components/schemas/run_issuetypes' + - $ref: '#/components/schemas/run_postmessage' + - $ref: '#/components/schemas/run_pushtoservice' + - $ref: '#/components/schemas/run_validchannelid' required: - params + examples: + runIndexConnectorRequest: + $ref: '#/components/examples/run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/run_jira_connector_request' + runServerLogConnectorRequest: + $ref: '#/components/examples/run_servicenow_itom_connector_request' + runSlackConnectorRequest: + $ref: '#/components/examples/run_slack_api_connector_request' + runSwimlaneConnectorRequest: + $ref: '#/components/examples/run_swimlane_connector_request' responses: '200': content: @@ -456,15 +664,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -476,10 +679,24 @@ paths: - is_preconfigured - is_deprecated - is_system_action + examples: + runIndexConnectorResponse: + $ref: '#/components/examples/run_index_connector_response' + runJiraConnectorResponse: + $ref: '#/components/examples/run_jira_connector_response' + runServerLogConnectorResponse: + $ref: '#/components/examples/run_server_log_connector_response' + runServiceNowITOMConnectorResponse: + $ref: '#/components/examples/run_servicenow_itom_connector_response' + runSlackConnectorResponse: + $ref: '#/components/examples/run_slack_api_connector_response' + runSwimlaneConnectorResponse: + $ref: '#/components/examples/run_swimlane_connector_response' description: Indicates a successful call. summary: Run a connector tags: - connectors + x-beta: true /api/actions/connectors: get: operationId: get-actions-connectors @@ -492,10 +709,18 @@ paths: enum: - '2023-10-31' type: string - responses: {} + responses: + '200': + description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorsResponse: + $ref: '#/components/examples/get_connectors_response' summary: Get all connectors tags: - connectors + x-beta: true /api/alerting/rule/{id}: delete: operationId: delete-alerting-rule-id @@ -533,6 +758,7 @@ paths: summary: Delete a rule tags: - alerting + x-beta: true get: operationId: get-alerting-rule-id parameters: @@ -565,9 +791,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -575,15 +799,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -593,9 +812,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -612,9 +829,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -624,12 +839,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -646,55 +856,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -704,18 +889,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -723,30 +897,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -760,36 +924,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -799,9 +951,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -915,9 +1065,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -967,9 +1115,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -992,18 +1138,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -1028,29 +1170,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -1081,19 +1213,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -1119,9 +1239,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -1157,9 +1275,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -1177,12 +1293,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -1191,13 +1302,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -1208,26 +1313,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -1238,10 +1335,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -1279,23 +1373,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -1331,6 +1416,7 @@ paths: summary: Get rule details tags: - alerting + x-beta: true post: operationId: post-alerting-rule-id parameters: @@ -1349,12 +1435,10 @@ paths: schema: example: 'true' type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. + - description: The identifier for the rule. If it is omitted, an ID is randomly generated. in: path name: id - required: false + required: true schema: type: string requestBody: @@ -1373,12 +1457,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. + description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs. type: object properties: query: @@ -1386,15 +1465,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -1404,9 +1478,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -1423,27 +1495,18 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql - filters timeframe: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -1457,32 +1520,20 @@ paths: type: array hours: additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days @@ -1493,21 +1544,7 @@ paths: type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -1517,17 +1554,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -1535,12 +1562,7 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. @@ -1548,10 +1570,7 @@ paths: params: additionalProperties: {} default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. @@ -1564,30 +1583,20 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string enabled: default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean flapping: additionalProperties: false @@ -1606,49 +1615,26 @@ paths: - look_back_window - status_change_threshold name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert - onThrottleInterval nullable: true type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object rule_type_id: description: The rule type identifier. type: string schedule: additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. + description: The check interval, which specifies how frequently the rule conditions are checked. type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -1659,20 +1645,44 @@ paths: type: string type: array throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string + params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + anyOf: + - $ref: '#/components/schemas/params_property_apm_anomaly' + - $ref: '#/components/schemas/params_property_apm_error_count' + - $ref: '#/components/schemas/params_property_apm_transaction_duration' + - $ref: '#/components/schemas/params_property_apm_transaction_error_rate' + - $ref: '#/components/schemas/params_es_query_dsl_rule' + - $ref: '#/components/schemas/params_es_query_esql_rule' + - $ref: '#/components/schemas/params_es_query_kql_rule' + - $ref: '#/components/schemas/params_index_threshold_rule' + - $ref: '#/components/schemas/params_property_infra_inventory' + - $ref: '#/components/schemas/params_property_log_threshold' + - $ref: '#/components/schemas/params_property_infra_metric_threshold' + - $ref: '#/components/schemas/params_property_slo_burn_rate' + - $ref: '#/components/schemas/params_property_synthetics_uptime_tls' + - $ref: '#/components/schemas/params_property_synthetics_monitor_status' required: - name - rule_type_id - consumer - schedule + examples: + createEsQueryEsqlRuleRequest: + $ref: '#/components/examples/create_es_query_esql_rule_request' + createEsQueryRuleRequest: + $ref: '#/components/examples/create_es_query_rule_request' + createEsQueryKqlRuleRequest: + $ref: '#/components/examples/create_es_query_kql_rule_request' + createIndexThresholdRuleRequest: + $ref: '#/components/examples/create_index_threshold_rule_request' + createTrackingContainmentRuleRequest: + $ref: '#/components/examples/create_tracking_containment_rule_request' responses: '200': content: @@ -1688,9 +1698,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -1698,15 +1706,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -1716,9 +1719,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -1735,9 +1736,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -1747,12 +1746,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -1769,55 +1763,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -1827,18 +1796,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -1846,30 +1804,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -1883,36 +1831,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -1922,9 +1858,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -2038,9 +1972,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -2090,9 +2022,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -2115,18 +2045,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -2151,29 +2077,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -2204,19 +2120,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -2242,9 +2146,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -2280,9 +2182,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -2300,12 +2200,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -2314,13 +2209,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -2331,26 +2220,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -2361,10 +2242,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -2402,23 +2280,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -2444,6 +2313,17 @@ paths: - muted_alert_ids - execution_status - revision + examples: + createEsQueryEsqlRuleResponse: + $ref: '#/components/examples/create_es_query_esql_rule_response' + createEsQueryRuleResponse: + $ref: '#/components/examples/create_es_query_rule_response' + createEsQueryKqlRuleResponse: + $ref: '#/components/examples/create_es_query_kql_rule_response' + createIndexThresholdRuleResponse: + $ref: '#/components/examples/create_index_threshold_rule_response' + createTrackingContainmentRuleResponse: + $ref: '#/components/examples/create_tracking_containment_rule_response' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -2454,6 +2334,7 @@ paths: summary: Create a rule tags: - alerting + x-beta: true put: operationId: put-alerting-rule-id parameters: @@ -2501,15 +2382,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -2519,9 +2395,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -2538,27 +2412,18 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql - filters timeframe: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -2572,32 +2437,20 @@ paths: type: array hours: additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days @@ -2608,21 +2461,7 @@ paths: type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -2632,17 +2471,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -2650,12 +2479,7 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. @@ -2663,10 +2487,7 @@ paths: params: additionalProperties: {} default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. @@ -2679,15 +2500,11 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active @@ -2708,24 +2525,10 @@ paths: - look_back_window - status_change_threshold name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -2742,9 +2545,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -2755,18 +2556,15 @@ paths: type: string type: array throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: - name - schedule + examples: + updateRuleRequest: + $ref: '#/components/examples/update_rule_request' responses: '200': content: @@ -2782,9 +2580,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -2792,15 +2588,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -2810,9 +2601,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -2829,9 +2618,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -2841,12 +2628,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -2863,55 +2645,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -2921,18 +2678,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -2940,30 +2686,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -2977,36 +2713,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -3016,9 +2740,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -3132,9 +2854,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -3184,9 +2904,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -3209,18 +2927,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -3245,29 +2959,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -3298,19 +3002,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -3336,9 +3028,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -3374,9 +3064,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -3394,12 +3082,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -3408,13 +3091,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -3425,26 +3102,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -3455,10 +3124,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -3496,23 +3162,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -3538,6 +3195,9 @@ paths: - muted_alert_ids - execution_status - revision + examples: + updateRuleResponse: + $ref: '#/components/examples/update_rule_response' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -3550,6 +3210,7 @@ paths: summary: Update a rule tags: - alerting + x-beta: true /api/alerting/rule/{id}/_disable: post: operationId: post-alerting-rule-id-disable @@ -3599,6 +3260,7 @@ paths: summary: Disable a rule tags: - alerting + x-beta: true /api/alerting/rule/{id}/_enable: post: operationId: post-alerting-rule-id-enable @@ -3636,6 +3298,7 @@ paths: summary: Enable a rule tags: - alerting + x-beta: true /api/alerting/rule/{id}/_mute_all: post: operationId: post-alerting-rule-id-mute-all @@ -3673,6 +3336,7 @@ paths: summary: Mute all alerts tags: - alerting + x-beta: true /api/alerting/rule/{id}/_unmute_all: post: operationId: post-alerting-rule-id-unmute-all @@ -3710,6 +3374,7 @@ paths: summary: Unmute all alerts tags: - alerting + x-beta: true /api/alerting/rule/{id}/_update_api_key: post: operationId: post-alerting-rule-id-update-api-key @@ -3749,6 +3414,7 @@ paths: summary: Update the API key for a rule tags: - alerting + x-beta: true /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute: post: operationId: post-alerting-rule-rule-id-alert-alert-id-mute @@ -3792,6 +3458,7 @@ paths: summary: Mute an alert tags: - alerting + x-beta: true /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute: post: operationId: post-alerting-rule-rule-id-alert-alert-id-unmute @@ -3835,6 +3502,7 @@ paths: summary: Unmute an alert tags: - alerting + x-beta: true /api/alerting/rules/_find: get: operationId: get-alerting-rules-find @@ -3863,9 +3531,7 @@ paths: default: 1 minimum: 1 type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. + - description: An Elasticsearch simple_query_string query that filters the objects in the response. in: query name: search required: false @@ -3891,9 +3557,7 @@ paths: type: string type: array - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. + - description: Determines which field is used to sort the results. The field must exist in the `attributes` key of the response. in: query name: sort_field required: false @@ -3908,9 +3572,7 @@ paths: - asc - desc type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. + - description: Filters the rules that have a relation with the reference objects with a specific type and identifier. in: query name: has_reference required: false @@ -3934,12 +3596,7 @@ paths: description: The fields to return in the `attributes` key of the response. type: string type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. + - description: 'A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.' in: query name: filter required: false @@ -3968,9 +3625,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -3978,15 +3633,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -3996,9 +3646,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -4015,9 +3663,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -4027,12 +3673,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -4049,55 +3690,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -4107,18 +3723,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -4126,30 +3731,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -4163,36 +3758,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -4202,9 +3785,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -4318,9 +3899,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -4370,9 +3949,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -4395,18 +3972,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -4431,29 +4004,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -4484,19 +4047,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -4522,9 +4073,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -4560,9 +4109,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -4580,12 +4127,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -4594,13 +4136,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -4611,26 +4147,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -4641,10 +4169,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -4682,23 +4207,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -4724,6 +4240,11 @@ paths: - muted_alert_ids - execution_status - revision + examples: + findRulesResponse: + $ref: '#/components/examples/find_rules_response' + findConditionalActionRulesResponse: + $ref: '#/components/examples/find_rules_response_conditional_action' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -4732,6 +4253,7 @@ paths: summary: Get information about rules tags: - alerting + x-beta: true /api/apm/agent_keys: post: description: Create a new agent key for APM. @@ -4779,6 +4301,7 @@ paths: summary: Create an APM agent key tags: - APM agent keys + x-beta: true /api/apm/fleet/apm_server_schema: post: operationId: saveApmServerSchema @@ -4833,6 +4356,7 @@ paths: summary: Save APM server schema tags: - APM server schema + x-beta: true /api/apm/services/{serviceName}/annotation: post: description: Create a new annotation for a specific service. @@ -4886,6 +4410,7 @@ paths: summary: Create a service annotation tags: - APM annotations + x-beta: true /api/apm/services/{serviceName}/annotation/search: get: description: Search for annotations related to a specific service. @@ -4944,6 +4469,7 @@ paths: summary: Search for annotations tags: - APM annotations + x-beta: true /api/apm/settings/agent-configuration: delete: operationId: deleteAgentConfiguration @@ -4961,8 +4487,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/APM_UI_delete_agent_configurations_response + $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' description: Successful response '400': content: @@ -4991,6 +4516,7 @@ paths: summary: Delete agent configuration tags: - APM agent configuration + x-beta: true get: operationId: getAgentConfigurations parameters: @@ -5023,6 +4549,7 @@ paths: summary: Get a list of agent configurations tags: - APM agent configuration + x-beta: true put: operationId: createUpdateAgentConfiguration parameters: @@ -5074,6 +4601,7 @@ paths: summary: Create or update agent configuration tags: - APM agent configuration + x-beta: true /api/apm/settings/agent-configuration/agent_name: get: description: Retrieve `agentName` for a service. @@ -5115,6 +4643,7 @@ paths: summary: Get agent name for service tags: - APM agent configuration + x-beta: true /api/apm/settings/agent-configuration/environments: get: operationId: getEnvironmentsForService @@ -5153,11 +4682,11 @@ paths: summary: Get environments for service tags: - APM agent configuration + x-beta: true /api/apm/settings/agent-configuration/search: post: - description: > - This endpoint allows to search for single agent configuration and update - 'applied_by_agent' field. + description: | + This endpoint allows to search for single agent configuration and update 'applied_by_agent' field. operationId: searchSingleConfiguration parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' @@ -5173,8 +4702,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/APM_UI_search_agent_configuration_response + $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' description: Successful response '400': content: @@ -5197,6 +4725,7 @@ paths: summary: Lookup single agent configuration tags: - APM agent configuration + x-beta: true /api/apm/settings/agent-configuration/view: get: operationId: getSingleAgentConfiguration @@ -5219,8 +4748,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/APM_UI_single_agent_configuration_response + $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' description: Successful response '400': content: @@ -5243,6 +4771,7 @@ paths: summary: Get single agent configuration tags: - APM agent configuration + x-beta: true /api/apm/sourcemaps: get: description: Returns an array of Fleet artifacts, including source map uploads. @@ -5293,6 +4822,7 @@ paths: summary: Get source maps tags: - APM sourcemaps + x-beta: true post: description: Upload a source map for a specific service and version. operationId: uploadSourceMap @@ -5345,6 +4875,7 @@ paths: summary: Upload source map tags: - APM sourcemaps + x-beta: true /api/apm/sourcemaps/{id}: delete: description: Delete a previously uploaded source map. @@ -5399,6 +4930,7 @@ paths: summary: Delete source map tags: - APM sourcemaps + x-beta: true /api/asset_criticality: delete: description: Delete the asset criticality record for a specific entity. @@ -5433,13 +4965,10 @@ paths: type: object properties: deleted: - description: >- - True if the record was deleted or false if the record did - not exist. + description: True if the record was deleted or false if the record did not exist. type: boolean record: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: The deleted record if it existed. required: - deleted @@ -5449,6 +4978,7 @@ paths: summary: Delete an asset criticality record tags: - Security Entity Analytics API + x-beta: true get: description: Get the asset criticality record for a specific entity. operationId: GetAssetCriticalityRecord @@ -5471,8 +5001,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response '400': description: Invalid request @@ -5481,28 +5010,23 @@ paths: summary: Get an asset criticality record tags: - Security Entity Analytics API + x-beta: true post: - description: > + description: | Create or update an asset criticality record for a specific entity. - - If a record already exists for the specified entity, that record is - overwritten with the specified value. If a record doesn't exist for the - specified entity, a new record is created. + If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. operationId: CreateAssetCriticalityRecord requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' - type: object properties: refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. + description: If 'wait_for' the request will wait for the index refresh. enum: - wait_for type: string @@ -5512,24 +5036,20 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response '400': description: Invalid request summary: Upsert an asset criticality record tags: - Security Entity Analytics API + x-beta: true /api/asset_criticality/bulk: post: - description: > + description: | Bulk upsert up to 1000 asset criticality records. - - If asset criticality records already exist for the specified entities, - those records are overwritten with the specified values. If asset - criticality records don't exist for the specified entities, new records - are created. + If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. operationId: BulkUpsertAssetCriticalityRecords requestBody: content: @@ -5547,8 +5067,7 @@ paths: properties: records: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' maxItems: 1000 minItems: 1 type: array @@ -5571,12 +5090,10 @@ paths: properties: errors: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem' type: array stats: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats' required: - errors - stats @@ -5586,6 +5103,7 @@ paths: summary: Bulk upsert asset criticality records tags: - Security Entity Analytics API + x-beta: true /api/asset_criticality/list: get: description: List asset criticality records, paging, sorting and filtering as needed. @@ -5648,8 +5166,7 @@ paths: type: integer records: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' type: array total: minimum: 0 @@ -5663,6 +5180,7 @@ paths: summary: List asset criticality records tags: - Security Entity Analytics API + x-beta: true /api/data_views: get: operationId: getAllDataViewsDefault @@ -5703,6 +5221,7 @@ paths: summary: Get all data views tags: - data views + x-beta: true /api/data_views/data_view: post: operationId: createDataViewDefaultw @@ -5733,6 +5252,7 @@ paths: summary: Create a data view tags: - data views + x-beta: true /api/data_views/data_view/{viewId}: delete: description: | @@ -5753,6 +5273,7 @@ paths: summary: Delete a data view tags: - data views + x-beta: true get: operationId: getDataViewDefault parameters: @@ -5776,6 +5297,7 @@ paths: summary: Get a data view tags: - data views + x-beta: true post: operationId: updateDataViewDefault parameters: @@ -5806,11 +5328,11 @@ paths: summary: Update a data view tags: - data views + x-beta: true /api/data_views/data_view/{viewId}/fields: post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. + description: | + Update fields presentation metadata such as count, customLabel, customDescription, and format. operationId: updateFieldsMetadataDefault parameters: - $ref: '#/components/parameters/Data_views_kbn_xsrf' @@ -5849,6 +5371,7 @@ paths: summary: Update data view fields metadata tags: - data views + x-beta: true /api/data_views/data_view/{viewId}/runtime_field: post: operationId: createRuntimeFieldDefault @@ -5886,6 +5409,7 @@ paths: summary: Create a runtime field tags: - data views + x-beta: true put: operationId: createUpdateRuntimeFieldDefault parameters: @@ -5941,6 +5465,7 @@ paths: summary: Create or update a runtime field tags: - data views + x-beta: true /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: delete: operationId: deleteRuntimeFieldDefault @@ -5959,6 +5484,7 @@ paths: summary: Delete a runtime field from a data view tags: - data views + x-beta: true get: operationId: getRuntimeFieldDefault parameters: @@ -5990,6 +5516,7 @@ paths: summary: Get a runtime field tags: - data views + x-beta: true post: operationId: updateRuntimeFieldDefault parameters: @@ -6028,6 +5555,7 @@ paths: summary: Update a runtime field tags: - data views + x-beta: true /api/data_views/default: get: operationId: getDefaultDataViewDefault @@ -6037,8 +5565,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response + $ref: '#/components/examples/Data_views_get_default_data_view_response' schema: type: object properties: @@ -6054,6 +5581,7 @@ paths: summary: Get the default data view tags: - data views + x-beta: true post: operationId: setDefaultDatailViewDefault parameters: @@ -6068,10 +5596,8 @@ paths: type: object properties: data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. + description: | + The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view. nullable: true type: string force: @@ -6100,12 +5626,11 @@ paths: summary: Set the default data view tags: - data views + x-beta: true /api/data_views/swap_references: post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. + description: | + Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended. operationId: swapDataViewsDefault parameters: - $ref: '#/components/parameters/Data_views_kbn_xsrf' @@ -6147,11 +5672,11 @@ paths: summary: Swap saved object references tags: - data views + x-beta: true /api/data_views/swap_references/_preview: post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. + description: | + Preview the impact of swapping saved object references from one data view identifier to another. operationId: previewSwapDataViewsDefault parameters: - $ref: '#/components/parameters/Data_views_kbn_xsrf' @@ -6160,8 +5685,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request + $ref: '#/components/examples/Data_views_preview_swap_data_view_request' schema: $ref: '#/components/schemas/Data_views_swap_data_view_request_object' required: true @@ -6187,16 +5711,13 @@ paths: summary: Preview a saved object reference swap tags: - data views + x-beta: true /api/detection_engine/privileges: get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - + description: | + Retrieves whether or not the user is authenticated, and the user's Kibana space and index privileges, which determine if the user can create an - index for the Elastic Security alerts generated by - detection engine rules. operationId: ReadPrivileges responses: @@ -6218,8 +5739,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -6230,7 +5750,7 @@ paths: summary: Returns user privileges for the Kibana space tags: - Security Detections API - - Privileges API + x-beta: true /api/detection_engine/rules: delete: description: Delete a detection rule using the `rule_id` or `id` field. @@ -6258,7 +5778,7 @@ paths: summary: Delete a detection rule tags: - Security Detections API - - Rules API + x-beta: true get: description: Retrieve a detection rule using the `rule_id` or `id` field. operationId: ReadRule @@ -6285,11 +5805,9 @@ paths: summary: Retrieve a detection rule tags: - Security Detections API - - Rules API + x-beta: true patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. + description: Update specific fields of an existing detection rule using the `rule_id` or `id` field. operationId: PatchRule requestBody: content: @@ -6307,7 +5825,7 @@ paths: summary: Patch a detection rule tags: - Security Detections API - - Rules API + x-beta: true post: description: Create a new detection rule. operationId: CreateRule @@ -6327,14 +5845,11 @@ paths: summary: Create a detection rule tags: - Security Detections API - - Rules API + x-beta: true put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - + description: | + Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` or `rule_id` values. operationId: UpdateRule requestBody: @@ -6353,13 +5868,10 @@ paths: summary: Update a detection rule tags: - Security Detections API - - Rules API + x-beta: true /api/detection_engine/rules/_bulk_action: post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. + description: Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. operationId: PerformRulesBulkAction parameters: - description: Enables dry run mode for the request call. @@ -6374,14 +5886,11 @@ paths: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules' - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun' - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': @@ -6389,27 +5898,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Detections_API_BulkExportActionResponse + - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse' description: OK summary: Apply a bulk action to detection rules tags: - Security Detections API - - Bulk API + x-beta: true /api/detection_engine/rules/_export: post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - + description: | + Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: - Actions - - Exception lists - > info - > You cannot export prebuilt rules. operationId: ExportRules parameters: @@ -6435,15 +5937,12 @@ paths: type: object properties: objects: - description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. + description: Array of `rule_id` fields. Exports all rules when unspecified. items: type: object properties: rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' required: - rule_id type: array @@ -6462,12 +5961,10 @@ paths: summary: Export detection rules tags: - Security Detections API - - Import/Export API + x-beta: true /api/detection_engine/rules/_find: get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. + description: Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. operationId: FindRules parameters: - in: query @@ -6520,8 +6017,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array page: type: integer @@ -6538,39 +6034,30 @@ paths: summary: List all detection rules tags: - Security Detections API - - Rules API + x-beta: true /api/detection_engine/rules/_import: post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - + description: | + Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: - The `Content-Type: multipart/form-data` HTTP header. - - A link to the `.ndjson` file containing the rules. operationId: ImportRules parameters: - - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. + - description: Determines whether existing rules with the same `rule_id` are overwritten. in: query name: overwrite required: false schema: default: false type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. + - description: Determines whether existing exception lists with the same `list_id` are overwritten. in: query name: overwrite_exceptions required: false schema: default: false type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. + - description: Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten. in: query name: overwrite_action_connectors required: false @@ -6614,8 +6101,7 @@ paths: type: integer action_connectors_warnings: items: - $ref: >- - #/components/schemas/Security_Detections_API_WarningSchema + $ref: '#/components/schemas/Security_Detections_API_WarningSchema' type: array errors: items: @@ -6654,7 +6140,7 @@ paths: summary: Import detection rules tags: - Security Detections API - - Import/Export API + x-beta: true /api/detection_engine/rules/{id}/exceptions: post: description: Create exception items that apply to a single detection rule. @@ -6674,8 +6160,7 @@ paths: properties: items: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps' type: array required: - items @@ -6687,8 +6172,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' type: array description: Successful response '400': @@ -6696,24 +6180,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: @@ -6724,13 +6204,12 @@ paths: summary: Create rule exception list items tags: - Security Exceptions API + x-beta: true /api/detection_engine/rules/preview: post: operationId: RulePreview parameters: - - description: >- - Enables logging and returning in response ES queries, performed - during rule execution + - description: Enables logging and returning in response ES queries, performed during rule execution in: query name: enable_logged_requests required: false @@ -6742,50 +6221,32 @@ paths: schema: anyOf: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' discriminator: propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + description: An object containing tags to add or remove and alert ids the changes will be applied required: true responses: '200': @@ -6798,12 +6259,10 @@ paths: type: boolean logs: items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLogs + $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs' type: array previewId: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - logs description: Successful response @@ -6812,17 +6271,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -6833,7 +6289,7 @@ paths: summary: Preview rule alerts generated on specified time range tags: - Security Detections API - - Rule preview API + x-beta: true /api/detection_engine/signals/assignees: post: description: | @@ -6865,6 +6321,7 @@ paths: summary: Assign and unassign users from detection alerts tags: - Security Detections API + x-beta: true /api/detection_engine/signals/search: post: description: Find and/or aggregate detection alerts that match the given query. @@ -6919,17 +6376,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -6940,7 +6394,7 @@ paths: summary: Find and/or aggregate detection alerts tags: - Security Detections API - - Alerts API + x-beta: true /api/detection_engine/signals/status: post: description: Set the status of one or more detection alerts. @@ -6950,13 +6404,9 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery' + description: An object containing desired status and explicit alert ids or a query to select alerts required: true responses: '200': @@ -6972,17 +6422,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -6993,7 +6440,7 @@ paths: summary: Set a detection alert status tags: - Security Detections API - - Alerts API + x-beta: true /api/detection_engine/signals/tags: post: description: | @@ -7014,9 +6461,7 @@ paths: required: - ids - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + description: An object containing tags to add or remove and alert ids the changes will be applied required: true responses: '200': @@ -7032,17 +6477,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -7053,7 +6495,7 @@ paths: summary: Add and remove detection alert tags tags: - Security Detections API - - Alerts API + x-beta: true /api/detection_engine/tags: get: description: List all unique tags from all detection rules. @@ -7068,61 +6510,51 @@ paths: summary: List all detection rule tags tags: - Security Detections API - - Tags API + x-beta: true /api/endpoint_list: post: - description: >- - Create an endpoint exception list, which groups endpoint exception list - items. If an endpoint exception list already exists, an empty response - is returned. + description: Create an endpoint exception list, which groups endpoint exception list items. If an endpoint exception list already exists, an empty response is returned. operationId: CreateEndpointList responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Create an endpoint exception list tags: - Security Endpoint Exceptions API + x-beta: true /api/endpoint_list/items: delete: - description: >- - Delete an endpoint exception list item using the `id` or `item_id` - field. + description: Delete an endpoint exception list item using the `id` or `item_id` field. operationId: DeleteEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -7130,68 +6562,58 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Delete an endpoint exception list item tags: - Security Endpoint Exceptions API + x-beta: true get: - description: >- - Get the details of an endpoint exception list item using the `id` or - `item_id` field. + description: Get the details of an endpoint exception list item using the `id` or `item_id` field. operationId: ReadEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -7199,23 +6621,20 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' type: array description: Successful response '400': @@ -7223,46 +6642,39 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Get an endpoint exception list item tags: - Security Endpoint Exceptions API + x-beta: true post: - description: >- - Create an endpoint exception list item, and associate it with the - endpoint exception list. + description: Create an endpoint exception list item, and associate it with the endpoint exception list. operationId: CreateEndpointListItem requestBody: content: @@ -7271,35 +6683,26 @@ paths: type: object properties: comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' default: [] type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' required: - type - name @@ -7312,54 +6715,46 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item already exists '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Create an endpoint exception list item tags: - Security Endpoint Exceptions API + x-beta: true put: - description: >- - Update an endpoint exception list item using the `id` or `item_id` - field. + description: Update an endpoint exception list item using the `id` or `item_id` field. operationId: UpdateEndpointListItem requestBody: content: @@ -7370,39 +6765,29 @@ paths: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' description: Either `id` or `item_id` must be specified meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' required: - type - name @@ -7415,66 +6800,57 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Update an endpoint exception list item tags: - Security Endpoint Exceptions API + x-beta: true /api/endpoint_list/items/_find: get: description: Get a list of all endpoint exception list items. operationId: FindEndpointListItems parameters: - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the `:` syntax. in: query name: filter required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter' - description: The page number to return in: query name: page @@ -7494,8 +6870,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -7514,8 +6889,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' type: array page: minimum: 0 @@ -7539,42 +6913,37 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Get endpoint exception list items tags: - Security Endpoint Exceptions API + x-beta: true /api/endpoint/action: get: description: Get a list of all response actions. @@ -7584,19 +6953,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get response actions tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -7615,12 +6983,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse' description: OK summary: Get response actions status tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/{action_id}: get: description: Get the details of a response action using the action ID. @@ -7636,12 +7004,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get action details tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/{action_id}/file/{file_id}: get: description: Get information for the specified file using the file ID. @@ -7662,12 +7030,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get file information tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/{action_id}/file/{file_id}/download: get: description: Download a file from an endpoint. @@ -7688,12 +7056,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Download a file tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/execute: post: description: Run a shell command on an endpoint. @@ -7702,20 +7070,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Run a command tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/get_file: post: description: Get a file from an endpoint. @@ -7724,44 +7091,40 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a file tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/isolate: post: - description: >- - Isolate an endpoint from the network. The endpoint remains isolated - until it's released. + description: Isolate an endpoint from the network. The endpoint remains isolated until it's released. operationId: EndpointIsolateAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Isolate an endpoint tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/kill_process: post: description: Terminate a running process on an endpoint. @@ -7770,20 +7133,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Terminate a process tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/running_procs: post: description: Get a list of all processes running on an endpoint. @@ -7792,20 +7154,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get running processes tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/scan: post: description: Scan a specific file or directory on an endpoint for malware. @@ -7814,37 +7175,34 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Scan a file or directory tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/state: get: - description: >- - Get a response actions state, which reports whether encryption is - enabled. + description: Get a response actions state, which reports whether encryption is enabled. operationId: EndpointGetActionsState responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse' description: OK summary: Get actions state tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/suspend_process: post: description: Suspend a running process on an endpoint. @@ -7853,20 +7211,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Suspend a process tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/unisolate: post: description: Release an isolated endpoint, allowing it to rejoin a network. @@ -7875,20 +7232,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Release an isolated endpoint tags: - Security Endpoint Management API + x-beta: true /api/endpoint/action/upload: post: description: Upload a file to an endpoint. @@ -7897,20 +7253,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Upload a file tags: - Security Endpoint Management API + x-beta: true /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -7919,19 +7274,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery + $ref: '#/components/schemas/Security_Endpoint_Management_API_ListRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a metadata list tags: - Security Endpoint Management API + x-beta: true /api/endpoint/metadata/{id}: get: operationId: GetEndpointMetadata @@ -7946,12 +7300,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get metadata tags: - Security Endpoint Management API + x-beta: true /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -7969,12 +7323,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a policy response tags: - Security Endpoint Management API + x-beta: true /api/endpoint/protection_updates_note/{package_policy_id}: get: operationId: GetProtectionUpdatesNote @@ -7989,12 +7343,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK summary: Get a protection updates note tags: - Security Endpoint Management API + x-beta: true post: operationId: CreateUpdateProtectionUpdatesNote parameters: @@ -8017,12 +7371,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK summary: Create or update a protection updates note tags: - Security Endpoint Management API + x-beta: true /api/entity_store/engines: get: operationId: ListEntityEngines @@ -8037,13 +7391,13 @@ paths: type: integer engines: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' type: array description: Successful response summary: List the Entity Engines tags: - Security Entity Analytics API + x-beta: true /api/entity_store/engines/{entityType}: delete: operationId: DeleteEntityEngine @@ -8073,6 +7427,7 @@ paths: summary: Delete the Entity Engine tags: - Security Entity Analytics API + x-beta: true get: operationId: GetEntityEngine parameters: @@ -8087,12 +7442,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response summary: Get an Entity Engine tags: - Security Entity Analytics API + x-beta: true /api/entity_store/engines/{entityType}/init: post: operationId: InitEntityEngine @@ -8116,8 +7471,7 @@ paths: filter: type: string indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' description: Schema for the engine initialization required: true responses: @@ -8125,12 +7479,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response summary: Initialize an Entity Engine tags: - Security Entity Analytics API + x-beta: true /api/entity_store/engines/{entityType}/start: post: operationId: StartEntityEngine @@ -8154,6 +7508,7 @@ paths: summary: Start an Entity Engine tags: - Security Entity Analytics API + x-beta: true /api/entity_store/engines/{entityType}/stats: post: operationId: GetEntityEngineStats @@ -8172,26 +7527,24 @@ paths: type: object properties: indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' indices: items: type: object type: array status: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineStatus + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' transforms: items: type: object type: array type: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' description: Successful response summary: Get Entity Engine stats tags: - Security Entity Analytics API + x-beta: true /api/entity_store/engines/{entityType}/stop: post: operationId: StopEntityEngine @@ -8215,6 +7568,7 @@ paths: summary: Stop an Entity Engine tags: - Security Entity Analytics API + x-beta: true /api/entity_store/engines/apply_dataview_indices: post: operationId: ApplyEntityEngineDataviewIndices @@ -8227,8 +7581,7 @@ paths: properties: result: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' type: array success: type: boolean @@ -8245,8 +7598,7 @@ paths: type: array result: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' type: array success: type: boolean @@ -8265,6 +7617,7 @@ paths: summary: Apply DataView indices to all installed engines tags: - Security Entity Analytics API + x-beta: true /api/entity_store/entities/list: get: description: List entities records, paging, sorting and filtering as needed. @@ -8317,8 +7670,7 @@ paths: type: object properties: inspect: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_InspectQuery + $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery' page: minimum: 1 type: integer @@ -8328,8 +7680,7 @@ paths: type: integer records: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_Entity + $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity' type: array total: minimum: 0 @@ -8343,6 +7694,7 @@ paths: summary: List Entity Store Entities tags: - Security Entity Analytics API + x-beta: true /api/exception_lists: delete: description: Delete an exception list using the `id` or `list_id` field. @@ -8364,8 +7716,7 @@ paths: name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -8379,24 +7730,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -8413,6 +7760,7 @@ paths: summary: Delete an exception list tags: - Security Exceptions API + x-beta: true get: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList @@ -8433,8 +7781,7 @@ paths: name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -8448,24 +7795,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -8482,20 +7825,12 @@ paths: summary: Get exception list details tags: - Security Exceptions API + x-beta: true post: - description: > - An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. - + description: | + An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. + > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList requestBody: content: @@ -8504,34 +7839,25 @@ paths: type: object properties: description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' default: [] type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' default: 1 required: - name @@ -8551,24 +7877,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: @@ -8585,6 +7907,7 @@ paths: summary: Create an exception list tags: - Security Exceptions API + x-beta: true put: description: Update an exception list using the `id` or `list_id` field. operationId: UpdateExceptionList @@ -8597,36 +7920,27 @@ paths: _version: type: string description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' required: - name - description @@ -8645,24 +7959,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -8679,6 +7989,7 @@ paths: summary: Update an exception list tags: - Security Exceptions API + x-beta: true /api/exception_lists/_duplicate: post: description: Duplicate an existing exception list. @@ -8694,11 +8005,8 @@ paths: name: namespace_type required: true schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + - description: Determines whether to include expired exceptions in the exported list in: query name: include_expired_exceptions required: true @@ -8720,24 +8028,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '405': content: @@ -8754,6 +8058,7 @@ paths: summary: Duplicate an exception list tags: - Security Exceptions API + x-beta: true /api/exception_lists/_export: post: description: Export an exception list and its associated items to an NDJSON file. @@ -8775,11 +8080,8 @@ paths: name: namespace_type required: true schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + - description: Determines whether to include expired exceptions in the exported list in: query name: include_expired_exceptions required: true @@ -8794,9 +8096,7 @@ paths: content: application/ndjson; Elastic-Api-Version=2023-10-31: schema: - description: >- - A `.ndjson` file containing specified exception list and its - items + description: A `.ndjson` file containing specified exception list and its items format: binary type: string description: Successful response @@ -8805,24 +8105,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -8839,34 +8135,26 @@ paths: summary: Export an exception list tags: - Security Exceptions API + x-beta: true /api/exception_lists/_find: get: description: Get a list of all exception lists. operationId: FindExceptionLists parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: + - description: | + Filters the returned results according to the value of the specified field. + Uses the `so type.field name:field` value syntax, where `so type` can be: - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. + - `exception-list-agnostic`: Specify an exception list that is shared across spaces. in: query name: filter required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - + $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListsFilter' + - description: | + Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) in: query name: namespace_type @@ -8875,8 +8163,7 @@ paths: default: - single items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - description: The page number to return in: query @@ -8916,8 +8203,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' type: array page: minimum: 1 @@ -8939,24 +8225,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: @@ -8967,17 +8249,15 @@ paths: summary: Get exception lists tags: - Security Exceptions API + x-beta: true /api/exception_lists/_import: post: description: Import an exception list and its associated items from an NDJSON file. operationId: ImportExceptionList parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. + - description: | + Determines whether existing exception lists with the same `list_id` are overwritten. + If any exception items have the same `item_id`, those are also overwritten. in: query name: overwrite required: false @@ -8996,13 +8276,9 @@ paths: schema: default: false type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - + - description: | + Determines whether the list being imported will have a new `list_id` generated. + Additional `item_id`'s are generated for each exception item. Both the exception list and its items are overwritten. in: query name: as_new_list @@ -9029,8 +8305,7 @@ paths: type: object properties: errors: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray' success: type: boolean success_count: @@ -9060,24 +8335,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: @@ -9088,6 +8359,7 @@ paths: summary: Import an exception list tags: - Security Exceptions API + x-beta: true /api/exception_lists/items: delete: description: Delete an exception list item using the `id` or `item_id` field. @@ -9104,14 +8376,12 @@ paths: name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - in: query name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -9125,24 +8395,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -9159,10 +8425,9 @@ paths: summary: Delete an exception list item tags: - Security Exceptions API + x-beta: true get: - description: >- - Get the details of an exception list item using the `id` or `item_id` - field. + description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified @@ -9176,14 +8441,12 @@ paths: name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - in: query name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -9197,24 +8460,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -9231,13 +8490,11 @@ paths: summary: Get an exception list item tags: - Security Exceptions API + x-beta: true post: - description: > - Create an exception item and associate it with the specified exception - list. - + description: | + Create an exception item and associate it with the specified exception list. > info - > Before creating exception items, you must create an exception list. operationId: CreateExceptionListItem requestBody: @@ -9247,45 +8504,34 @@ paths: type: object properties: comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' default: [] type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: - list_id - type @@ -9306,24 +8552,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: @@ -9340,6 +8582,7 @@ paths: summary: Create an exception list item tags: - Security Exceptions API + x-beta: true put: description: Update an exception list item using the `id` or `item_id` field. operationId: UpdateExceptionListItem @@ -9352,49 +8595,37 @@ paths: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' description: Either `id` or `item_id` must be specified list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: - type - name @@ -9414,24 +8645,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -9448,6 +8675,7 @@ paths: summary: Update an exception list item tags: - Security Exceptions API + x-beta: true /api/exception_lists/items/_find: get: description: Get a list of all exception list items in the specified list. @@ -9459,13 +8687,10 @@ paths: required: true schema: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' type: array - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the `:` syntax. in: query name: filter @@ -9473,13 +8698,10 @@ paths: schema: default: [] items: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter + $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter' type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - + - description: | + Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) in: query name: namespace_type @@ -9488,8 +8710,7 @@ paths: default: - single items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - in: query name: search @@ -9534,8 +8755,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' type: array page: minimum: 1 @@ -9559,24 +8779,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -9593,6 +8809,7 @@ paths: summary: Get exception list items tags: - Security Exceptions API + x-beta: true /api/exception_lists/summary: get: description: Get a summary of the specified exception list. @@ -9614,8 +8831,7 @@ paths: name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single - description: Search filter clause in: query @@ -9648,24 +8864,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -9682,21 +8894,13 @@ paths: summary: Get an exception list summary tags: - Security Exceptions API + x-beta: true /api/exceptions/shared: post: - description: > - An exception list groups exception items and can be associated with - detection rules. A shared exception list can apply to multiple detection - rules. - + description: | + An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. + > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateSharedExceptionList requestBody: content: @@ -9705,11 +8909,9 @@ paths: type: object properties: description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' required: - name - description @@ -9726,24 +8928,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: @@ -9760,6 +8958,7 @@ paths: summary: Create a shared exception list tags: - Security Exceptions API + x-beta: true /api/fleet/agent_download_sources: get: operationId: get-fleet-agent-download-sources @@ -9796,9 +8995,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -9836,6 +9033,7 @@ paths: summary: Get agent binary download sources tags: - Elastic Agent binary download sources + x-beta: true post: operationId: post-fleet-agent-download-sources parameters: @@ -9872,9 +9070,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -9903,9 +9099,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -9933,6 +9127,7 @@ paths: summary: Create an agent binary download source tags: - Elastic Agent binary download sources + x-beta: true /api/fleet/agent_download_sources/{sourceId}: delete: description: Delete an agent binary download source by ID. @@ -9989,6 +9184,7 @@ paths: summary: Delete an agent binary download source tags: - Elastic Agent binary download sources + x-beta: true get: description: Get an agent binary download source by ID. operationId: get-fleet-agent-download-sources-sourceid @@ -10029,9 +9225,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -10059,6 +9253,7 @@ paths: summary: Get an agent binary download source tags: - Elastic Agent binary download sources + x-beta: true put: description: Update an agent binary download source by ID. operationId: put-fleet-agent-download-sources-sourceid @@ -10101,9 +9296,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -10132,9 +9325,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -10162,6 +9353,7 @@ paths: summary: Update an agent binary download source tags: - Elastic Agent binary download sources + x-beta: true /api/fleet/agent_policies: get: operationId: get-fleet-agent-policies @@ -10291,9 +9483,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -10325,15 +9515,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -10400,11 +9586,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -10412,10 +9594,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -10461,9 +9640,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -10491,9 +9668,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -10546,9 +9721,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -10569,9 +9742,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -10585,20 +9756,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -10647,16 +9812,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package - policy will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -10687,9 +9848,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -10719,9 +9878,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -10776,6 +9933,7 @@ paths: summary: Get agent policies tags: - Elastic Agent policies + x-beta: true post: operationId: post-fleet-agent-policies parameters: @@ -10850,9 +10008,7 @@ paths: force: type: boolean global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -10885,9 +10041,7 @@ paths: type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -10954,11 +10108,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object space_ids: @@ -10967,9 +10117,7 @@ paths: type: array supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -11034,9 +10182,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -11068,15 +10214,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -11143,11 +10285,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -11155,10 +10293,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -11204,9 +10339,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -11234,9 +10367,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -11289,9 +10420,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -11312,9 +10441,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -11328,20 +10455,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -11390,16 +10511,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -11430,9 +10547,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -11462,9 +10577,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -11509,6 +10622,7 @@ paths: summary: Create an agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/_bulk_get: post: operationId: post-fleet-agent-policies-bulk-get @@ -11612,9 +10726,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -11646,15 +10758,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -11721,11 +10829,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -11733,10 +10837,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -11782,9 +10883,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -11812,9 +10911,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -11867,9 +10964,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -11890,9 +10985,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -11906,20 +10999,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -11968,16 +11055,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package - policy will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -12008,9 +11091,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -12040,9 +11121,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -12088,6 +11167,7 @@ paths: summary: Bulk get agent policies tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/{agentPolicyId}: get: description: Get an agent policy by ID. @@ -12170,9 +11250,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -12204,15 +11282,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -12279,11 +11353,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -12291,10 +11361,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -12340,9 +11407,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -12370,9 +11435,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -12425,9 +11488,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -12448,9 +11509,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -12464,20 +11523,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -12526,16 +11579,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -12566,9 +11615,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -12598,9 +11645,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -12645,6 +11690,7 @@ paths: summary: Get an agent policy tags: - Elastic Agent policies + x-beta: true put: description: Update an agent policy by ID. operationId: put-fleet-agent-policies-agentpolicyid @@ -12728,9 +11774,7 @@ paths: force: type: boolean global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -12763,9 +11807,7 @@ paths: type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -12832,11 +11874,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object space_ids: @@ -12845,9 +11883,7 @@ paths: type: array supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -12912,9 +11948,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -12946,15 +11980,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -13021,11 +12051,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -13033,10 +12059,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -13082,9 +12105,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -13112,9 +12133,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -13167,9 +12186,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -13190,9 +12207,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -13206,20 +12221,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -13268,16 +12277,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -13308,9 +12313,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -13340,9 +12343,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -13387,6 +12388,7 @@ paths: summary: Update an agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/{agentPolicyId}/copy: post: description: Copy an agent policy by ID. @@ -13490,9 +12492,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -13524,15 +12524,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -13599,11 +12595,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -13611,10 +12603,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -13660,9 +12649,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -13690,9 +12677,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -13745,9 +12730,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -13768,9 +12751,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -13784,20 +12765,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -13846,16 +12821,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -13886,9 +12857,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -13918,9 +12887,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -13965,6 +12932,7 @@ paths: summary: Copy an agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/{agentPolicyId}/download: get: description: Download an agent policy by ID. @@ -14039,6 +13007,7 @@ paths: summary: Download an agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/{agentPolicyId}/full: get: description: Get a full agent policy by ID. @@ -14371,6 +13340,7 @@ paths: summary: Get a full agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/{agentPolicyId}/outputs: get: description: Get a list of outputs associated with agent policy by policy id. @@ -14475,6 +13445,7 @@ paths: summary: Get outputs for an agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/delete: post: description: Delete an agent policy by ID. @@ -14505,9 +13476,7 @@ paths: agentPolicyId: type: string force: - description: >- - bypass validation checks that can prevent agent policy - deletion + description: bypass validation checks that can prevent agent policy deletion type: boolean required: - agentPolicyId @@ -14545,6 +13514,7 @@ paths: summary: Delete an agent policy tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_policies/outputs: post: description: Get a list of outputs associated with agent policies. @@ -14667,6 +13637,7 @@ paths: summary: Get outputs for agent policies tags: - Elastic Agent policies + x-beta: true /api/fleet/agent_status: get: operationId: get-fleet-agent-status @@ -14762,6 +13733,7 @@ paths: summary: Get an agent status summary tags: - Elastic Agent status + x-beta: true /api/fleet/agent_status/data: get: operationId: get-fleet-agent-status-data @@ -14834,6 +13806,7 @@ paths: summary: Get incoming agent data tags: - Elastic Agents + x-beta: true /api/fleet/agents: get: operationId: get-fleet-agents @@ -15220,6 +14193,7 @@ paths: summary: Get agents tags: - Elastic Agents + x-beta: true post: operationId: post-fleet-agents parameters: @@ -15284,6 +14258,7 @@ paths: summary: Get agents by action ids tags: - Elastic Agents + x-beta: true /api/fleet/agents/{agentId}: delete: description: Delete an agent by ID. @@ -15342,6 +14317,7 @@ paths: summary: Delete an agent tags: - Elastic Agents + x-beta: true get: description: Get an agent by ID. operationId: get-fleet-agents-agentid @@ -15670,6 +14646,7 @@ paths: summary: Get an agent tags: - Elastic Agents + x-beta: true put: description: Update an agent by ID. operationId: put-fleet-agents-agentid @@ -16013,6 +14990,7 @@ paths: summary: Update an agent tags: - Elastic Agents + x-beta: true /api/fleet/agents/{agentId}/actions: post: operationId: post-fleet-agents-agentid-actions @@ -16157,6 +15135,7 @@ paths: summary: Create an agent action tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/{agentId}/reassign: post: operationId: post-fleet-agents-agentid-reassign @@ -16219,6 +15198,7 @@ paths: summary: Reassign an agent tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/{agentId}/request_diagnostics: post: operationId: post-fleet-agents-agentid-request-diagnostics @@ -16288,6 +15268,7 @@ paths: summary: Request agent diagnostics tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/{agentId}/unenroll: post: operationId: post-fleet-agents-agentid-unenroll @@ -16328,6 +15309,7 @@ paths: summary: Unenroll an agent tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/{agentId}/upgrade: post: operationId: post-fleet-agents-agentid-upgrade @@ -16396,6 +15378,7 @@ paths: summary: Upgrade an agent tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/{agentId}/uploads: get: operationId: get-fleet-agents-agentid-uploads @@ -16476,6 +15459,7 @@ paths: summary: Get agent uploads tags: - Elastic Agents + x-beta: true /api/fleet/agents/action_status: get: operationId: get-fleet-agents-action-status @@ -16545,9 +15529,7 @@ paths: latestErrors: items: additionalProperties: false - description: >- - latest errors that happened when the agents - executed the action + description: latest errors that happened when the agents executed the action type: object properties: agentId: @@ -16643,6 +15625,7 @@ paths: summary: Get an agent action status tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/actions/{actionId}/cancel: post: operationId: post-fleet-agents-actions-actionid-cancel @@ -16737,6 +15720,7 @@ paths: summary: Cancel an agent action tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/available_versions: get: operationId: get-fleet-agents-available-versions @@ -16782,6 +15766,7 @@ paths: summary: Get available agent versions tags: - Elastic Agents + x-beta: true /api/fleet/agents/bulk_reassign: post: operationId: post-fleet-agents-bulk-reassign @@ -16855,6 +15840,7 @@ paths: summary: Bulk reassign agents tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/bulk_request_diagnostics: post: operationId: post-fleet-agents-bulk-request-diagnostics @@ -16928,6 +15914,7 @@ paths: summary: Bulk request diagnostics from agents tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/bulk_unenroll: post: operationId: post-fleet-agents-bulk-unenroll @@ -16968,9 +15955,7 @@ paths: description: Unenrolls hosted agents too type: boolean includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too + description: When passing agents by KQL query, unenrolls inactive agents too type: boolean revoke: description: Revokes API keys of agents @@ -17008,6 +15993,7 @@ paths: summary: Bulk unenroll agents tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/bulk_update_agent_tags: post: operationId: post-fleet-agents-bulk-update-agent-tags @@ -17086,6 +16072,7 @@ paths: summary: Bulk update agent tags tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/bulk_upgrade: post: operationId: post-fleet-agents-bulk-upgrade @@ -17170,6 +16157,7 @@ paths: summary: Bulk upgrade agents tags: - Elastic Agent actions + x-beta: true /api/fleet/agents/files/{fileId}: delete: description: Delete a file uploaded by an agent. @@ -17229,6 +16217,7 @@ paths: summary: Delete an uploaded file tags: - Elastic Agents + x-beta: true /api/fleet/agents/files/{fileId}/{fileName}: get: description: Get a file uploaded by an agent. @@ -17277,6 +16266,7 @@ paths: summary: Get an uploaded file tags: - Elastic Agents + x-beta: true /api/fleet/agents/setup: get: operationId: get-fleet-agents-setup @@ -17295,10 +16285,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: additionalProperties: false - description: >- - A summary of the agent setup status. `isReady` indicates - whether the setup is ready. If the setup is not ready, - `missing_requirements` lists which requirements are missing. + description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. type: object properties: is_secrets_storage_enabled: @@ -17348,6 +16335,7 @@ paths: summary: Get agent setup info tags: - Elastic Agents + x-beta: true post: operationId: post-fleet-agents-setup parameters: @@ -17372,11 +16360,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. type: object properties: isInitialized: @@ -17416,6 +16400,7 @@ paths: summary: Initiate agent setup tags: - Elastic Agents + x-beta: true /api/fleet/agents/tags: get: operationId: get-fleet-agents-tags @@ -17472,6 +16457,7 @@ paths: summary: Get agent tags tags: - Elastic Agents + x-beta: true /api/fleet/check-permissions: get: operationId: get-fleet-check-permissions @@ -17526,6 +16512,7 @@ paths: summary: Check permissions tags: - Fleet internals + x-beta: true /api/fleet/data_streams: get: operationId: get-fleet-data-streams @@ -17630,6 +16617,7 @@ paths: summary: Get data streams tags: - Data streams + x-beta: true /api/fleet/enrollment_api_keys: get: operationId: get-fleet-enrollment-api-keys @@ -17673,14 +16661,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -17693,9 +16677,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -17734,6 +16716,7 @@ paths: summary: Get enrollment API keys tags: - Fleet enrollment API keys + x-beta: true post: operationId: post-fleet-enrollment-api-keys parameters: @@ -17784,14 +16767,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -17804,9 +16783,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -17836,6 +16813,7 @@ paths: summary: Create an enrollment API key tags: - Fleet enrollment API keys + x-beta: true /api/fleet/enrollment_api_keys/{keyId}: delete: description: Revoke an enrollment API key by ID by marking it as inactive. @@ -17894,6 +16872,7 @@ paths: summary: Revoke an enrollment API key tags: - Fleet enrollment API keys + x-beta: true get: description: Get an enrollment API key by ID. operationId: get-fleet-enrollment-api-keys-keyid @@ -17924,14 +16903,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -17944,9 +16919,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -17975,6 +16948,7 @@ paths: summary: Get an enrollment API key tags: - Fleet enrollment API keys + x-beta: true /api/fleet/epm/bulk_assets: post: operationId: post-fleet-epm-bulk-assets @@ -18073,6 +17047,7 @@ paths: summary: Bulk get assets tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/categories: get: operationId: get-fleet-epm-categories @@ -18144,6 +17119,7 @@ paths: summary: Get package categories tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/custom_integrations: post: operationId: post-fleet-epm-custom-integrations @@ -18286,6 +17262,7 @@ paths: summary: Create a custom integration tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/data_streams: get: operationId: get-fleet-epm-data-streams @@ -18368,6 +17345,7 @@ paths: summary: Get data streams tags: - Data streams + x-beta: true /api/fleet/epm/packages: get: operationId: get-fleet-epm-packages @@ -18768,6 +17746,7 @@ paths: summary: Get packages tags: - Elastic Package Manager (EPM) + x-beta: true post: operationId: post-fleet-epm-packages parameters: @@ -18894,6 +17873,7 @@ paths: summary: Install a package by upload tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/_bulk: post: operationId: post-fleet-epm-packages-bulk @@ -19076,6 +18056,7 @@ paths: summary: Bulk install packages tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/{pkgName}/{pkgVersion}: delete: operationId: delete-fleet-epm-packages-pkgname-pkgversion @@ -19191,6 +18172,7 @@ paths: summary: Delete a package tags: - Elastic Package Manager (EPM) + x-beta: true get: operationId: get-fleet-epm-packages-pkgname-pkgversion parameters: @@ -19670,6 +18652,7 @@ paths: summary: Get a package tags: - Elastic Package Manager (EPM) + x-beta: true post: operationId: post-fleet-epm-packages-pkgname-pkgversion parameters: @@ -19819,6 +18802,7 @@ paths: summary: Install a package from the registry tags: - Elastic Package Manager (EPM) + x-beta: true put: operationId: put-fleet-epm-packages-pkgname-pkgversion parameters: @@ -20287,6 +19271,7 @@ paths: summary: Update package settings tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath*}: get: operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath @@ -20338,6 +19323,7 @@ paths: summary: Get a package file tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: post: operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize @@ -20430,6 +19416,7 @@ paths: summary: Authorize transforms tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/{pkgName}/stats: get: operationId: get-fleet-epm-packages-pkgname-stats @@ -20484,6 +19471,7 @@ paths: summary: Get package stats tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/installed: get: operationId: get-fleet-epm-packages-installed @@ -20637,6 +19625,7 @@ paths: summary: Get installed packages tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/packages/limited: get: operationId: get-fleet-epm-packages-limited @@ -20682,6 +19671,7 @@ paths: summary: Get a limited package list tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: get: operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs @@ -20789,6 +19779,7 @@ paths: summary: Get an inputs template tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/epm/verification_key_id: get: operationId: get-fleet-epm-verification-key-id @@ -20833,6 +19824,7 @@ paths: summary: Get a package signature verification key ID tags: - Elastic Package Manager (EPM) + x-beta: true /api/fleet/fleet_server_hosts: get: operationId: get-fleet-fleet-server-hosts @@ -20913,6 +19905,7 @@ paths: summary: Get Fleet Server hosts tags: - Fleet Server hosts + x-beta: true post: operationId: post-fleet-fleet-server-hosts parameters: @@ -21018,6 +20011,7 @@ paths: summary: Create a Fleet Server host tags: - Fleet Server hosts + x-beta: true /api/fleet/fleet_server_hosts/{itemId}: delete: description: Delete a Fleet Server host by ID. @@ -21074,6 +20068,7 @@ paths: summary: Delete a Fleet Server host tags: - Fleet Server hosts + x-beta: true get: description: Get a Fleet Server host by ID. operationId: get-fleet-fleet-server-hosts-itemid @@ -21148,6 +20143,7 @@ paths: summary: Get a Fleet Server host tags: - Fleet Server hosts + x-beta: true put: description: Update a Fleet Server host by ID. operationId: put-fleet-fleet-server-hosts-itemid @@ -21252,6 +20248,7 @@ paths: summary: Update a Fleet Server host tags: - Fleet Server hosts + x-beta: true /api/fleet/health_check: post: operationId: post-fleet-health-check @@ -21333,6 +20330,7 @@ paths: summary: Check Fleet Server health tags: - Fleet internals + x-beta: true /api/fleet/kubernetes: get: operationId: get-fleet-kubernetes @@ -21391,6 +20389,7 @@ paths: summary: Get a full K8s agent manifest tags: - Elastic Agent policies + x-beta: true /api/fleet/kubernetes/download: get: operationId: get-fleet-kubernetes-download @@ -21459,6 +20458,7 @@ paths: summary: Download an agent manifest tags: - Elastic Agent policies + x-beta: true /api/fleet/logstash_api_keys: post: operationId: post-fleet-logstash-api-keys @@ -21509,6 +20509,7 @@ paths: summary: Generate a Logstash API key tags: - Fleet outputs + x-beta: true /api/fleet/message_signing_service/rotate_key_pair: post: operationId: post-fleet-message-signing-service-rotate-key-pair @@ -21581,6 +20582,7 @@ paths: summary: Rotate a Fleet message signing key pair tags: - Message Signing Service + x-beta: true /api/fleet/outputs: get: operationId: get-fleet-outputs @@ -22314,6 +21316,7 @@ paths: summary: Get outputs tags: - Fleet outputs + x-beta: true post: operationId: post-fleet-outputs parameters: @@ -23726,6 +22729,7 @@ paths: summary: Create output tags: - Fleet outputs + x-beta: true /api/fleet/outputs/{outputId}: delete: description: Delete output by ID. @@ -23798,6 +22802,7 @@ paths: summary: Delete output tags: - Fleet outputs + x-beta: true get: description: Get output by ID. operationId: get-fleet-outputs-outputid @@ -24525,6 +23530,7 @@ paths: summary: Get output tags: - Fleet outputs + x-beta: true put: description: Update output by ID. operationId: put-fleet-outputs-outputid @@ -25922,6 +24928,7 @@ paths: summary: Update output tags: - Fleet outputs + x-beta: true /api/fleet/outputs/{outputId}/health: get: operationId: get-fleet-outputs-outputid-health @@ -25979,6 +24986,7 @@ paths: summary: Get the latest output health tags: - Fleet outputs + x-beta: true /api/fleet/package_policies: get: operationId: get-fleet-package-policies @@ -26094,9 +25102,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -26124,9 +25130,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -26179,9 +25183,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -26202,9 +25204,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -26217,9 +25217,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -26227,9 +25225,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -26254,15 +25250,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -26287,14 +25277,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -26303,20 +25288,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -26365,16 +25344,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -26410,9 +25385,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -26436,9 +25409,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -26484,6 +25455,7 @@ paths: summary: Get package policies tags: - Fleet package policies + x-beta: true post: operationId: post-fleet-package-policies parameters: @@ -26524,9 +25496,7 @@ paths: enabled: type: boolean force: - description: >- - Force package policy creation even if package is not - verified, or if the agent policy is managed. + description: Force package policy creation even if package is not verified, or if the agent policy is managed. type: boolean id: description: Package policy unique identifier @@ -26548,9 +25518,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -26578,9 +25546,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -26633,9 +25599,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -26656,9 +25620,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -26670,19 +25632,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -26736,9 +25693,7 @@ paths: type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array vars: @@ -26753,9 +25708,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation for more - information) + description: Package variable (see integration documentation for more information) type: object required: - name @@ -26783,9 +25736,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default to - true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -26810,13 +25761,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation to - know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -26841,13 +25788,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object name: type: string @@ -26926,16 +25869,12 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object required: - name - package - description: >- - You should use inputs as an object and not use the deprecated - inputs array. + description: You should use inputs as an object and not use the deprecated inputs array. responses: '200': content: @@ -26992,9 +25931,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -27022,9 +25959,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -27077,9 +26012,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -27100,9 +26033,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -27115,9 +26046,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -27125,9 +26054,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -27152,14 +26079,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation - to know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -27184,13 +26106,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -27199,19 +26117,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -27260,16 +26173,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -27305,9 +26214,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -27331,9 +26238,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -27385,6 +26290,7 @@ paths: summary: Create a package policy tags: - Fleet package policies + x-beta: true /api/fleet/package_policies/_bulk_get: post: operationId: post-fleet-package-policies-bulk-get @@ -27485,9 +26391,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -27515,9 +26419,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -27570,9 +26472,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -27593,9 +26493,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -27608,9 +26506,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -27618,9 +26514,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -27645,15 +26539,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -27678,14 +26566,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -27694,20 +26577,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -27756,16 +26633,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -27801,9 +26674,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -27827,9 +26698,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -27877,6 +26746,7 @@ paths: summary: Bulk get package policies tags: - Fleet package policies + x-beta: true /api/fleet/package_policies/{packagePolicyId}: delete: description: Delete a package policy by ID. @@ -27938,6 +26808,7 @@ paths: summary: Delete a package policy tags: - Fleet package policies + x-beta: true get: description: Get a package policy by ID. operationId: get-fleet-package-policies-packagepolicyid @@ -28019,9 +26890,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -28049,9 +26918,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -28104,9 +26971,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -28127,9 +26992,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -28142,9 +27005,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -28152,9 +27013,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -28179,14 +27038,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation - to know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -28211,13 +27065,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -28226,19 +27076,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -28287,16 +27132,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -28332,9 +27173,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -28358,9 +27197,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -28407,6 +27244,7 @@ paths: summary: Get a package policy tags: - Fleet package policies + x-beta: true put: description: Update a package policy by ID. operationId: put-fleet-package-policies-packagepolicyid @@ -28471,9 +27309,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -28501,9 +27337,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -28556,9 +27390,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -28579,9 +27411,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -28592,19 +27422,14 @@ paths: name: type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -28658,9 +27483,7 @@ paths: type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array vars: @@ -28675,9 +27498,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation for more - information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -28704,9 +27525,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default to - true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -28731,13 +27550,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation to - know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -28762,13 +27577,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object name: type: string @@ -28847,9 +27658,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object required: - name @@ -28910,9 +27719,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -28940,9 +27747,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -28995,9 +27800,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -29018,9 +27821,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -29033,9 +27834,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -29043,9 +27842,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -29070,14 +27867,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation - to know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -29102,13 +27894,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -29117,19 +27905,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -29178,16 +27961,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -29223,9 +28002,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -29249,9 +28026,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -29303,6 +28078,7 @@ paths: summary: Update a package policy tags: - Fleet package policies + x-beta: true /api/fleet/package_policies/delete: post: operationId: post-fleet-package-policies-delete @@ -29439,6 +28215,7 @@ paths: summary: Bulk delete package policies tags: - Fleet package policies + x-beta: true /api/fleet/package_policies/upgrade: post: description: Upgrade a package policy to a newer package version. @@ -29520,6 +28297,7 @@ paths: summary: Upgrade a package policy tags: - Fleet package policies + x-beta: true /api/fleet/package_policies/upgrade/dryrun: post: operationId: post-fleet-package-policies-upgrade-dryrun @@ -29718,9 +28496,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -29748,9 +28524,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -29803,9 +28577,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -29826,9 +28598,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -29841,9 +28611,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default - to true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -29851,9 +28619,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -29878,15 +28644,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -29911,15 +28671,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are - available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -29928,20 +28682,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -29990,16 +28738,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will - be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -30035,9 +28779,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -30061,10 +28803,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -30119,9 +28858,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -30149,9 +28886,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -30204,9 +28939,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -30227,9 +28960,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -30246,20 +28977,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -30308,16 +29033,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will - be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array vars: @@ -30332,9 +29053,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - name @@ -30369,6 +29088,7 @@ paths: summary: Dry run a package policy upgrade tags: - Fleet package policies + x-beta: true /api/fleet/proxies: get: operationId: get-fleet-proxies @@ -30455,6 +29175,7 @@ paths: summary: Get proxies tags: - Fleet proxies + x-beta: true post: operationId: post-fleet-proxies parameters: @@ -30572,6 +29293,7 @@ paths: summary: Create a proxy tags: - Fleet proxies + x-beta: true /api/fleet/proxies/{itemId}: delete: description: Delete a proxy by ID @@ -30628,6 +29350,7 @@ paths: summary: Delete a proxy tags: - Fleet proxies + x-beta: true get: description: Get a proxy by ID. operationId: get-fleet-proxies-itemid @@ -30708,6 +29431,7 @@ paths: summary: Get a proxy tags: - Fleet proxies + x-beta: true put: description: Update a proxy by ID. operationId: put-fleet-proxies-itemid @@ -30828,6 +29552,7 @@ paths: summary: Update a proxy tags: - Fleet proxies + x-beta: true /api/fleet/service_tokens: post: operationId: post-fleet-service-tokens @@ -30892,6 +29617,7 @@ paths: summary: Create a service token tags: - Fleet service tokens + x-beta: true /api/fleet/settings: get: operationId: get-fleet-settings @@ -30987,6 +29713,7 @@ paths: summary: Get settings tags: - Fleet internals + x-beta: true put: operationId: put-fleet-settings parameters: @@ -31119,6 +29846,7 @@ paths: summary: Update settings tags: - Fleet internals + x-beta: true /api/fleet/setup: post: operationId: post-fleet-setup @@ -31144,11 +29872,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. type: object properties: isInitialized: @@ -31200,6 +29924,7 @@ paths: summary: Initiate Fleet setup tags: - Fleet internals + x-beta: true /api/fleet/uninstall_tokens: get: description: List the metadata for the latest uninstall tokens per agent policy. @@ -31300,6 +30025,7 @@ paths: summary: Get metadata for latest uninstall tokens tags: - Fleet uninstall tokens + x-beta: true /api/fleet/uninstall_tokens/{uninstallTokenId}: get: description: Get one decrypted uninstall token by its ID. @@ -31371,6 +30097,7 @@ paths: summary: Get a decrypted uninstall token tags: - Fleet uninstall tokens + x-beta: true /api/lists: delete: description: | @@ -31409,8 +30136,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31440,6 +30166,7 @@ paths: summary: Delete a list tags: - Security Lists API + x-beta: true get: description: Get the details of a list using the list ID. operationId: ReadList @@ -31462,8 +30189,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31493,6 +30219,7 @@ paths: summary: Get list details tags: - Security Lists API + x-beta: true patch: description: Update specific fields of an existing list using the list ID. operationId: PatchList @@ -31531,8 +30258,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31562,6 +30288,7 @@ paths: summary: Patch a list tags: - Security Lists API + x-beta: true post: description: Create a new list. operationId: CreateList @@ -31607,8 +30334,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31638,13 +30364,11 @@ paths: summary: Create a list tags: - Security Lists API + x-beta: true put: - description: > - Update a list using the list ID. The original list is replaced, and all - unspecified fields are deleted. - + description: | + Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` value. operationId: UpdateList requestBody: @@ -31684,8 +30408,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31715,11 +30438,10 @@ paths: summary: Update a list tags: - Security Lists API + x-beta: true /api/lists/_find: get: - description: >- - Get a paginated subset of lists. By default, the first page is returned, - with 20 results per page. + description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page. operationId: FindLists parameters: - description: The page number to return @@ -31749,24 +30471,17 @@ paths: - desc - asc type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. + - description: | + Returns the list that come after the last list returned in the previous call + (use the cursor value returned in the previous call). This parameter uses + the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false schema: $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the : syntax. in: query name: filter @@ -31807,8 +30522,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31832,6 +30546,7 @@ paths: summary: Get lists tags: - Security Lists API + x-beta: true /api/lists/index: delete: description: Delete the `.lists` and `.items` data streams. @@ -31853,8 +30568,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31884,6 +30598,7 @@ paths: summary: Delete list data streams tags: - Security Lists API + x-beta: true get: description: Verify that `.lists` and `.items` data streams exist. operationId: ReadListIndex @@ -31907,8 +30622,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31938,6 +30652,7 @@ paths: summary: Get status of list data streams tags: - Security Lists API + x-beta: true post: description: Create `.lists` and `.items` data streams in the relevant space. operationId: CreateListIndex @@ -31958,8 +30673,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -31989,6 +30703,7 @@ paths: summary: Create list data streams tags: - Security Lists API + x-beta: true /api/lists/items: delete: description: Delete a list item using its `id`, or its `list_id` and `value` fields. @@ -32012,9 +30727,7 @@ paths: required: false schema: type: string - - description: >- - Determines when changes made by the request are made visible to - search + - description: Determines when changes made by the request are made visible to search in: query name: refresh required: false @@ -32041,8 +30754,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32072,6 +30784,7 @@ paths: summary: Delete a list item tags: - Security Lists API + x-beta: true get: description: Get the details of a list item. operationId: ReadListItem @@ -32110,8 +30823,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32141,6 +30853,7 @@ paths: summary: Get a list item tags: - Security Lists API + x-beta: true patch: description: Update specific fields of an existing list item using the list item ID. operationId: PatchListItem @@ -32157,9 +30870,7 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: >- - Determines when changes made by the request are made visible - to search + description: Determines when changes made by the request are made visible to search enum: - 'true' - 'false' @@ -32183,8 +30894,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32214,16 +30924,13 @@ paths: summary: Patch a list item tags: - Security Lists API + x-beta: true post: - description: > + description: | Create a list item and associate it with the specified list. - - All list items in the same list must be the same type. For example, each - list item in an `ip` list must define a specific IP address. - + All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. > info - > Before creating a list item, you must create a list. operationId: CreateListItem requestBody: @@ -32239,9 +30946,7 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: >- - Determines when changes made by the request are made visible - to search + description: Determines when changes made by the request are made visible to search enum: - 'true' - 'false' @@ -32266,8 +30971,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32297,13 +31001,11 @@ paths: summary: Create a list item tags: - Security Lists API + x-beta: true put: - description: > - Update a list item using the list item ID. The original list item is - replaced, and all unspecified fields are deleted. - + description: | + Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` value. operationId: UpdateListItem requestBody: @@ -32337,8 +31039,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32368,6 +31069,7 @@ paths: summary: Update a list item tags: - Security Lists API + x-beta: true /api/lists/items/_export: post: description: Export list item values from the specified list. @@ -32393,8 +31095,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32424,6 +31125,7 @@ paths: summary: Export list items tags: - Security Lists API + x-beta: true /api/lists/items/_find: get: description: Get all list items in the specified list. @@ -32462,24 +31164,17 @@ paths: - desc - asc type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. + - description: | + Returns the list that come after the last list returned in the previous call + (use the cursor value returned in the previous call). This parameter uses + the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false schema: $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the : syntax. in: query name: filter @@ -32494,8 +31189,7 @@ paths: type: object properties: cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' data: items: $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -32521,8 +31215,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32546,12 +31239,11 @@ paths: summary: Get list items tags: - Security Lists API + x-beta: true /api/lists/items/_import: post: - description: > - Import list items from a TXT or CSV file. The maximum file size is 9 - million bytes. - + description: | + Import list items from a TXT or CSV file. The maximum file size is 9 million bytes. You can import items to a new or existing list. operationId: ImportListItems @@ -32565,12 +31257,10 @@ paths: required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > + - description: | Type of the importing list. - - Required when importing a new list that is `list_id` is not - specified. + Required when importing a new list that is `list_id` is not specified. in: query name: type required: false @@ -32586,9 +31276,7 @@ paths: required: false schema: type: string - - description: >- - Determines when changes made by the request are made visible to - search + - description: Determines when changes made by the request are made visible to search in: query name: refresh required: false @@ -32605,9 +31293,7 @@ paths: type: object properties: file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items + description: A `.txt` or `.csv` file containing newline separated list items format: binary type: string required: true @@ -32623,8 +31309,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32654,6 +31339,7 @@ paths: summary: Import list items tags: - Security Lists API + x-beta: true /api/lists/privileges: get: operationId: ReadListPrivileges @@ -32680,8 +31366,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -32705,12 +31390,11 @@ paths: summary: Get list privileges tags: - Security Lists API + x-beta: true /api/ml/saved_objects/sync: get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. + description: | + Synchronizes Kibana saved objects for machine learning jobs and trained models. This API runs automatically when you start Kibana and periodically thereafter. operationId: mlSync parameters: - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' @@ -32733,6 +31417,7 @@ paths: summary: Sync machine learning saved objects tags: - ml + x-beta: true /api/note: delete: description: Delete a note from a Timeline using the note ID. @@ -32774,7 +31459,7 @@ paths: summary: Delete a note tags: - Security Timeline API - - access:securitySolution + x-beta: true get: description: Get all notes for a given document. operationId: GetNotes @@ -32838,7 +31523,7 @@ paths: summary: Get notes tags: - Security Timeline API - - access:securitySolution + x-beta: true patch: description: Add a note to a Timeline or update an existing note. operationId: PersistNoteRoute @@ -32883,8 +31568,7 @@ paths: type: object properties: persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote + $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' required: - persistNote required: @@ -32893,7 +31577,7 @@ paths: summary: Add or update a note tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/osquery/live_queries: get: description: Get a list of all live queries. @@ -32903,19 +31587,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get live queries tags: - Security Osquery API + x-beta: true post: description: Create and run a live query. operationId: OsqueryCreateLiveQuery @@ -32923,20 +31606,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Create a live query tags: - Security Osquery API + x-beta: true /api/osquery/live_queries/{id}: get: description: Get the details of a live query using the query ID. @@ -32957,12 +31639,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get live query details tags: - Security Osquery API + x-beta: true /api/osquery/live_queries/{id}/results/{actionId}: get: description: Get the results of a live query using the query action ID. @@ -32982,19 +31664,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get live query results tags: - Security Osquery API + x-beta: true /api/osquery/packs: get: description: Get a list of all query packs. @@ -33010,12 +31691,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get packs tags: - Security Osquery API + x-beta: true post: description: Create a query pack. operationId: OsqueryCreatePacks @@ -33030,12 +31711,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Create a pack tags: - Security Osquery API + x-beta: true /api/osquery/packs/{id}: delete: description: Delete a query pack using the pack ID. @@ -33051,12 +31732,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Delete a pack tags: - Security Osquery API + x-beta: true get: description: Get the details of a query pack using the pack ID. operationId: OsqueryGetPacksDetails @@ -33071,12 +31752,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get pack details tags: - Security Osquery API + x-beta: true put: description: | Update a query pack using the pack ID. @@ -33100,12 +31781,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Update a pack tags: - Security Osquery API + x-beta: true /api/osquery/saved_queries: get: description: Get a list of all saved queries. @@ -33115,19 +31796,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get saved queries tags: - Security Osquery API + x-beta: true post: description: Create and run a saved query. operationId: OsqueryCreateSavedQuery @@ -33135,20 +31815,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + $ref: '#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Create a saved query tags: - Security Osquery API + x-beta: true /api/osquery/saved_queries/{id}: delete: description: Delete a saved query using the query ID. @@ -33164,12 +31843,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Delete a saved query tags: - Security Osquery API + x-beta: true get: description: Get the details of a saved query using the query ID. operationId: OsqueryGetSavedQueryDetails @@ -33184,12 +31863,12 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get saved query details tags: - Security Osquery API + x-beta: true put: description: | Update a saved query using the query ID. @@ -33206,20 +31885,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + $ref: '#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Update a saved query tags: - Security Osquery API + x-beta: true /api/pinned_event: patch: description: Pin an event to an existing Timeline. @@ -33253,8 +31931,7 @@ paths: type: object properties: persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' required: - persistPinnedEventOnTimeline required: @@ -33263,12 +31940,10 @@ paths: summary: Pin an event tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/risk_score/engine/dangerously_delete_data: delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms + description: Cleaning up the the Risk Engine by removing the indices, mapping and transforms operationId: CleanUpRiskEngine responses: '200': @@ -33284,25 +31959,21 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse' description: Unexpected error summary: Cleanup the Risk Engine tags: - Security Entity Analytics API + x-beta: true /api/risk_score/engine/schedule_now: post: - description: >- - Schedule the risk scoring engine to run as soon as possible. You can use - this to recalculate entity risk scores after updating their asset - criticality. + description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. operationId: ScheduleRiskEngineNow requestBody: content: @@ -33312,46 +31983,35 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse' description: Unexpected error summary: Run the risk scoring engine tags: - Security Entity Analytics API + x-beta: true /api/saved_objects/_export: post: - description: > + description: | Retrieve sets of saved objects that you want to import into Kibana. - You must include `type` or `objects` in the request body. + Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana. - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - + NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be exported. - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. operationId: exportSavedObjectsDefault parameters: - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' @@ -33360,8 +32020,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request + $ref: '#/components/examples/Serverless_saved_objects_export_objects_request' schema: type: object properties: @@ -33370,9 +32029,7 @@ paths: description: Do not add export details entry at the end of the stream. type: boolean includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. + description: Includes all of the referenced objects in the exported objects. type: boolean objects: description: A list of objects to export. @@ -33380,9 +32037,7 @@ paths: type: object type: array type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. + description: The saved object types to include in the export. Use `*` to export all the types. oneOf: - type: string - items: @@ -33395,8 +32050,7 @@ paths: application/x-ndjson; Elastic-Api-Version=2023-10-31: examples: exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response + $ref: '#/components/examples/Serverless_saved_objects_export_objects_response' schema: additionalProperties: true type: object @@ -33410,51 +32064,33 @@ paths: summary: Export saved objects tags: - saved objects + x-beta: true /api/saved_objects/_import: post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - + description: | + Create sets of Kibana saved objects from a file created by the export API. + Saved objects can be imported only into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. operationId: importSavedObjectsDefault parameters: - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. + - description: | + Creates copies of saved objects, regenerates each object ID, and resets the origin. When used, potential conflict errors are avoided. NOTE: This option cannot be used with the `overwrite` and `compatibilityMode` options. in: query name: createNewCopies required: false schema: type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. + - description: | + Overwrites saved objects when they already exist. When used, potential conflict errors are automatically resolved by overwriting the destination object. NOTE: This option cannot be used with the `createNewCopies` option. in: query name: overwrite required: false schema: type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. + - description: | + Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with imported saved objects. NOTE: This option cannot be used with the `createNewCopies` option. in: query name: compatibilityMode required: false @@ -33465,19 +32101,13 @@ paths: multipart/form-data; Elastic-Api-Version=2023-10-31: examples: importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request + $ref: '#/components/examples/Serverless_saved_objects_import_objects_request' schema: type: object properties: file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. + description: | + A file exported using the export API. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported. required: true responses: '200': @@ -33485,44 +32115,30 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response + $ref: '#/components/examples/Serverless_saved_objects_import_objects_response' schema: type: object properties: errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - + description: | + Indicates the import was unsuccessful and specifies the objects that failed to import. - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. + NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error. items: type: object type: array success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. + description: | + Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. type: boolean successCount: description: Indicates the number of successfully imported records. type: integer successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. + description: | + Indicates the objects that are successfully imported, with any metadata if applicable. - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. + NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute. items: type: object type: array @@ -33544,12 +32160,10 @@ paths: -X POST api/saved_objects/_import?createNewCopies=true -H "kbn-xsrf: true" --form file=@file.ndjson + x-beta: true /api/security_ai_assistant/anonymization_fields/_bulk_action: post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. + description: Apply a bulk action to multiple anonymization fields. The bulk action is applied to all anonymization fields that match the filter or to the list of anonymization fields by their IDs. operationId: PerformAnonymizationFieldsBulkAction requestBody: content: @@ -33559,8 +32173,7 @@ paths: properties: create: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps' type: array delete: type: object @@ -33576,16 +32189,14 @@ paths: type: string update: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps' type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse' description: Indicates a successful call. '400': content: @@ -33603,7 +32214,7 @@ paths: summary: Apply a bulk action to anonymization fields tags: - Security AI Assistant API - - Bulk API + x-beta: true /api/security_ai_assistant/anonymization_fields/_find: get: description: Get a list of all anonymization fields. @@ -33627,8 +32238,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + $ref: '#/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField' - description: Sort order in: query name: sort_order @@ -33660,8 +32270,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' type: array page: type: integer @@ -33691,7 +32300,7 @@ paths: summary: Get anonymization fields tags: - Security AI Assistant API - - AnonymizationFields API + x-beta: true /api/security_ai_assistant/chat/complete: post: description: Create a model response for the given chat conversation. @@ -33726,7 +32335,7 @@ paths: summary: Create a model response tags: - Security AI Assistant API - - Chat Complete API + x-beta: true /api/security_ai_assistant/current_user/conversations: post: description: Create a new Security AI Assistant conversation. @@ -33735,16 +32344,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -33762,7 +32369,7 @@ paths: summary: Create a conversation tags: - Security AI Assistant API - - Conversation API + x-beta: true /api/security_ai_assistant/current_user/conversations/_find: get: description: Get a list of all conversations for the current user. @@ -33786,8 +32393,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + $ref: '#/components/schemas/Security_AI_Assistant_API_FindConversationsSortField' - description: Sort order in: query name: sort_order @@ -33819,8 +32425,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' type: array page: type: integer @@ -33850,7 +32455,7 @@ paths: summary: Get conversations tags: - Security AI Assistant API - - Conversations API + x-beta: true /api/security_ai_assistant/current_user/conversations/{id}: delete: description: Delete an existing conversation using the conversation ID. @@ -33867,8 +32472,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -33886,7 +32490,7 @@ paths: summary: Delete a conversation tags: - Security AI Assistant API - - Conversation API + x-beta: true get: description: Get the details of an existing conversation using the conversation ID. operationId: ReadConversation @@ -33902,8 +32506,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -33921,7 +32524,7 @@ paths: summary: Get a conversation tags: - Security AI Assistant API - - Conversations API + x-beta: true put: description: Update an existing conversation using the conversation ID. operationId: UpdateConversation @@ -33936,16 +32539,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -33963,13 +32564,10 @@ paths: summary: Update a conversation tags: - Security AI Assistant API - - Conversation API + x-beta: true /api/security_ai_assistant/prompts/_bulk_action: post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. + description: Apply a bulk action to multiple prompts. The bulk action is applied to all prompts that match the filter or to the list of prompts by their IDs. operationId: PerformPromptsBulkAction requestBody: content: @@ -33979,8 +32577,7 @@ paths: properties: create: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps' type: array delete: type: object @@ -33996,16 +32593,14 @@ paths: type: string update: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps' type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse' description: Indicates a successful call. '400': content: @@ -34023,7 +32618,7 @@ paths: summary: Apply a bulk action to prompts tags: - Security AI Assistant API - - Bulk API + x-beta: true /api/security_ai_assistant/prompts/_find: get: description: Get a list of all prompts. @@ -34047,8 +32642,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + $ref: '#/components/schemas/Security_AI_Assistant_API_FindPromptsSortField' - description: Sort order in: query name: sort_order @@ -34080,8 +32674,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' type: array page: type: integer @@ -34111,7 +32704,7 @@ paths: summary: Get prompts tags: - Security AI Assistant API - - Prompts API + x-beta: true /api/security/role: get: operationId: get-security-role @@ -34124,10 +32717,7 @@ paths: enum: - '2023-10-31' type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. + - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges. in: query name: replaceDeprecatedPrivileges required: false @@ -34139,6 +32729,7 @@ paths: summary: Get all roles tags: - roles + x-beta: true /api/security/role/{name}: delete: operationId: delete-security-role-name @@ -34170,6 +32761,7 @@ paths: summary: Delete a role tags: - roles + x-beta: true get: operationId: get-security-role-name parameters: @@ -34188,10 +32780,7 @@ paths: schema: minLength: 1 type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. + - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges. in: query name: replaceDeprecatedPrivileges required: false @@ -34203,10 +32792,9 @@ paths: summary: Get a role tags: - roles + x-beta: true put: - description: >- - Create a new Kibana role or update the attributes of an existing role. - Kibana roles are stored in the Elasticsearch native realm. + description: Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm. operationId: put-security-role-name parameters: - description: The version of the API to use @@ -34256,9 +32844,7 @@ paths: properties: cluster: items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. + description: Cluster privileges that define the cluster level actions that users can perform. type: string type: array indices: @@ -34267,55 +32853,29 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - covers the restricted indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. type: boolean field_security: additionalProperties: items: - description: >- - The document fields that the role members have - read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - The data streams, indices, and aliases to which - the permissions in this entry apply. It supports - wildcards (*). + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that the role members - have for the data streams and indices. + description: The index level privileges that the role members have for the data streams and indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. type: string required: - names @@ -34328,19 +32888,13 @@ paths: properties: clusters: items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array privileges: items: - description: >- - The cluster level privileges for the remote - cluster. The allowed values are a subset of the - cluster privileges. + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. type: string minItems: 1 type: array @@ -34354,64 +32908,35 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - will cover the restricted indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. type: boolean clusters: items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: - description: >- - The document fields that the role members have - read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that role members - have for the specified indices. + description: The index level privileges that role members have for the specified indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' type: string required: - clusters @@ -34439,23 +32964,17 @@ paths: nullable: true oneOf: - items: - description: >- - A base privilege that grants applies to all - spaces. + description: A base privilege that grants applies to all spaces. type: string type: array - items: - description: >- - A base privilege that applies to specific - spaces. + description: A base privilege that applies to specific spaces. type: string type: array feature: additionalProperties: items: - description: >- - The privileges that the role member has for the - feature. + description: The privileges that the role member has for the feature. type: string type: array type: object @@ -34488,6 +33007,7 @@ paths: summary: Create or update a role tags: - roles + x-beta: true /api/security/roles: post: operationId: post-security-roles @@ -34529,9 +33049,7 @@ paths: properties: cluster: items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. + description: Cluster privileges that define the cluster level actions that users can perform. type: string type: array indices: @@ -34540,58 +33058,29 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field covers the restricted - indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. type: boolean field_security: additionalProperties: items: - description: >- - The document fields that the role - members have read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - The data streams, indices, and aliases to - which the permissions in this entry apply. - It supports wildcards (*). + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that the role - members have for the data streams and - indices. + description: The index level privileges that the role members have for the data streams and indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role members. + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. type: string required: - names @@ -34604,19 +33093,13 @@ paths: properties: clusters: items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array privileges: items: - description: >- - The cluster level privileges for the - remote cluster. The allowed values are a - subset of the cluster privileges. + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. type: string minItems: 1 type: array @@ -34630,67 +33113,35 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field will cover the restricted - indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. type: boolean clusters: items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: - description: >- - The document fields that the role - members have read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that role - members have for the specified indices. + description: The index level privileges that role members have for the specified indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role - members. + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' type: string required: - clusters @@ -34699,9 +33150,7 @@ paths: type: array run_as: items: - description: >- - A user name that the role member can - impersonate. + description: A user name that the role member can impersonate. type: string type: array kibana: @@ -34720,23 +33169,17 @@ paths: nullable: true oneOf: - items: - description: >- - A base privilege that grants applies to - all spaces. + description: A base privilege that grants applies to all spaces. type: string type: array - items: - description: >- - A base privilege that applies to specific - spaces. + description: A base privilege that applies to specific spaces. type: string type: array feature: additionalProperties: items: - description: >- - The privileges that the role member has for - the feature. + description: The privileges that the role member has for the feature. type: string type: array type: object @@ -34772,6 +33215,7 @@ paths: summary: Create or update roles tags: - roles + x-beta: true /api/spaces/space: get: operationId: get-spaces-space @@ -34784,9 +33228,7 @@ paths: enum: - '2023-10-31' type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. + - description: Specifies which authorization checks are applied to the API call. The default value is `any`. in: query name: purpose required: false @@ -34796,14 +33238,7 @@ paths: - copySavedObjectsIntoSpace - shareSavedObjectsIntoSpace type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. + - description: When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter. in: query name: include_authorized_purposes required: true @@ -34826,9 +33261,17 @@ paths: responses: '200': description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getSpacesResponseExample1: + $ref: '#/components/examples/get_spaces_response1' + getSpacesResponseExample2: + $ref: '#/components/examples/get_spaces_response2' summary: Get all spaces tags: - spaces + x-beta: true post: operationId: post-spaces-space parameters: @@ -34857,10 +33300,7 @@ paths: _reserved: type: boolean color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. type: string description: description: A description for the space. @@ -34872,26 +33312,13 @@ paths: type: string type: array id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. type: string imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. type: string initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. maxLength: 2 type: string name: @@ -34901,17 +33328,19 @@ paths: required: - id - name + examples: + createSpaceRequest: + $ref: '#/components/examples/create_space_request' responses: '200': description: Indicates a successful call. summary: Create a space tags: - spaces + x-beta: true /api/spaces/space/{id}: delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. + description: When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone. operationId: delete-spaces-space-id parameters: - description: The version of the API to use @@ -34943,6 +33372,7 @@ paths: summary: Delete a space tags: - spaces + x-beta: true get: operationId: get-spaces-space-id parameters: @@ -34963,9 +33393,15 @@ paths: responses: '200': description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getSpaceResponseExample: + $ref: '#/components/examples/get_space_response' summary: Get a space tags: - spaces + x-beta: true put: operationId: put-spaces-space-id parameters: @@ -34984,9 +33420,7 @@ paths: schema: example: 'true' type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. + - description: The space identifier. You are unable to change the ID with the update operation. in: path name: id required: true @@ -35002,10 +33436,7 @@ paths: _reserved: type: boolean color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. type: string description: description: A description for the space. @@ -35017,26 +33448,13 @@ paths: type: string type: array id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. type: string imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. type: string initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. maxLength: 2 type: string name: @@ -35046,12 +33464,16 @@ paths: required: - id - name + examples: + updateSpaceRequest: + $ref: '#/components/examples/update_space_request' responses: '200': description: Indicates a successful call. summary: Update a space tags: - spaces + x-beta: true /api/status: get: operationId: get-status @@ -35083,11 +33505,8 @@ paths: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. description: Overall status is OK and Kibana should be functioning normally. '503': content: @@ -35095,17 +33514,13 @@ paths: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. + description: Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable. summary: Get Kibana's current status tags: - system + x-beta: true /api/timeline: delete: description: Delete one or more Timelines or Timeline templates. @@ -35121,9 +33536,7 @@ paths: type: string type: array searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines + description: Saved search ids that should be deleted alongside the timelines items: type: string type: array @@ -35151,7 +33564,7 @@ paths: summary: Delete Timelines or Timeline templates tags: - Security Timeline API - - access:securitySolution + x-beta: true get: description: Get the details of an existing saved Timeline or Timeline template. operationId: GetTimeline @@ -35178,8 +33591,7 @@ paths: type: object properties: getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' required: - getOneTimeline required: @@ -35190,12 +33602,9 @@ paths: summary: Get Timeline or Timeline template details tags: - Security Timeline API - - access:securitySolution + x-beta: true patch: - description: >- - Update an existing Timeline. You can update the title, description, date - range, pinned events, pinned queries, and/or pinned saved queries of an - existing Timeline. + description: Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. operationId: PatchTimeline requestBody: content: @@ -35222,12 +33631,8 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' + description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '405': content: application/json; Elastic-Api-Version=2023-10-31: @@ -35238,13 +33643,11 @@ paths: type: string statusCode: type: number - description: >- - Indicates that the user does not have the required access to create - a draft Timeline. + description: Indicates that the user does not have the required access to create a draft Timeline. summary: Update a Timeline tags: - Security Timeline API - - access:securitySolution + x-beta: true post: description: Create a new Timeline or Timeline template. operationId: CreateTimelines @@ -35276,17 +33679,14 @@ paths: type: string required: - timeline - description: >- - The required Timeline fields used to create a new Timeline, along with - optional fields that will be created if not provided. + description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates the Timeline was successfully created. '405': content: @@ -35302,7 +33702,7 @@ paths: summary: Create a Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/_copy: get: description: | @@ -35327,19 +33727,15 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the timeline has been successfully copied. summary: Copies timeline or timeline template tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/_draft: get: - description: >- - Get the details of the draft Timeline or Timeline template for the - current user. If the user doesn't have a draft Timeline, an empty - Timeline is returned. + description: Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. operationId: GetDraftTimelines parameters: - in: query @@ -35352,8 +33748,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully retrieved. '403': content: @@ -35365,10 +33760,7 @@ paths: type: string status_code: type: number - description: >- - If a draft Timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft Timeline. + description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application:json; Elastic-Api-Version=2023-10-31: @@ -35379,22 +33771,16 @@ paths: type: string status_code: type: number - description: >- - This should never happen, but if a draft Timeline was not found and - we attempted to create one, it indicates that there is already a - draft Timeline with the given `timelineId`. + description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`. summary: Get draft Timeline or Timeline template details tags: - Security Timeline API - - access:securitySolution + x-beta: true post: - description: > + description: | Create a clean draft Timeline or Timeline template for the current user. - > info - - > If the user already has a draft Timeline, the existing draft Timeline - is cleared and returned. + > If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. operationId: CleanDraftTimelines requestBody: content: @@ -35406,21 +33792,15 @@ paths: $ref: '#/components/schemas/Security_Timeline_API_TimelineType' required: - timelineType - description: >- - The type of Timeline to create. Valid values are `default` and - `template`. + description: The type of Timeline to create. Valid values are `default` and `template`. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' + description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '403': content: application:json; Elastic-Api-Version=2023-10-31: @@ -35431,9 +33811,7 @@ paths: type: string status_code: type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft Timeline. + description: Indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application:json; Elastic-Api-Version=2023-10-31: @@ -35444,13 +33822,11 @@ paths: type: string status_code: type: number - description: >- - Indicates that there is already a draft Timeline with the given - `timelineId`. + description: Indicates that there is already a draft Timeline with the given `timelineId`. summary: Create a clean draft Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/_export: post: description: Export Timelines as an NDJSON file. @@ -35497,7 +33873,7 @@ paths: summary: Export Timelines tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/_favorite: patch: description: Favorite a Timeline or Timeline template for the current user. @@ -35538,8 +33914,7 @@ paths: type: object properties: persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' required: - persistFavorite required: @@ -35555,13 +33930,11 @@ paths: type: string statusCode: type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. + description: Indicates the user does not have the required permissions to persist the favorite status. summary: Favorite a Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/_import: post: description: Import Timelines. @@ -35587,8 +33960,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the import of Timelines was successful. '400': content: @@ -35602,9 +33974,7 @@ paths: type: string statusCode: type: number - description: >- - Indicates the import of Timelines was unsuccessful because of an - invalid file extension. + description: Indicates the import of Timelines was unsuccessful because of an invalid file extension. '404': content: application/json; Elastic-Api-Version=2023-10-31: @@ -35615,9 +33985,7 @@ paths: type: string statusCode: type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. + description: Indicates that we were unable to locate the saved object client necessary to handle the import. '409': content: application/json; Elastic-Api-Version=2023-10-31: @@ -35634,7 +34002,7 @@ paths: summary: Import Timelines tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/_prepackaged: post: description: Install or update prepackaged Timelines. @@ -35647,8 +34015,7 @@ paths: properties: prepackagedTimelines: items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' nullable: true type: array timelinesToInstall: @@ -35672,8 +34039,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the installation of prepackaged Timelines was successful. '500': content: @@ -35685,13 +34051,11 @@ paths: type: string statusCode: type: number - description: >- - Indicates the installation of prepackaged Timelines was - unsuccessful. + description: Indicates the installation of prepackaged Timelines was unsuccessful. summary: Install prepackaged Timelines tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timeline/resolve: get: operationId: ResolveTimeline @@ -35715,8 +34079,7 @@ paths: - type: object properties: data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline + $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' required: - data - additionalProperties: false @@ -35729,15 +34092,13 @@ paths: summary: Get an existing saved Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution + x-beta: true /api/timelines: get: description: Get a list of all saved Timelines or Timeline templates. operationId: GetTimelines parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. + - description: If true, only timelines that are marked as favorites by the user are returned. in: query name: only_user_favorite schema: @@ -35801,8 +34162,7 @@ paths: type: number timeline: items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' type: array totalCount: type: number @@ -35824,12 +34184,11 @@ paths: summary: Get Timelines or Timeline templates tags: - Security Timeline API - - access:securitySolution + x-beta: true /s/{spaceId}/api/observability/slos: get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: findSlosOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -35877,9 +34236,7 @@ paths: - asc - desc type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings + - description: Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings in: query name: hideStale schema: @@ -35918,10 +34275,10 @@ paths: summary: Get a paginated list of SLOs tags: - slo + x-beta: true post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: createSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -35968,12 +34325,11 @@ paths: summary: Create an SLO tags: - slo + x-beta: true /s/{spaceId}/api/observability/slos/_delete_instances: post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: deleteSloInstancesOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36010,11 +34366,11 @@ paths: summary: Batch delete rollup and summary data tags: - slo + x-beta: true /s/{spaceId}/api/observability/slos/{sloId}: delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: deleteSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36050,10 +34406,10 @@ paths: summary: Delete an SLO tags: - slo + x-beta: true get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: getSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36099,10 +34455,10 @@ paths: summary: Get an SLO tags: - slo + x-beta: true put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: updateSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36148,11 +34504,11 @@ paths: summary: Update an SLO tags: - slo + x-beta: true /s/{spaceId}/api/observability/slos/{sloId}/_reset: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: resetSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36192,11 +34548,11 @@ paths: summary: Reset an SLO tags: - slo + x-beta: true /s/{spaceId}/api/observability/slos/{sloId}/disable: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: disableSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36232,11 +34588,11 @@ paths: summary: Disable an SLO tags: - slo + x-beta: true /s/{spaceId}/api/observability/slos/{sloId}/enable: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: enableSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -36272,6 +34628,7 @@ paths: summary: Enable an SLO tags: - slo + x-beta: true components: examples: Data_views_create_data_view_request: @@ -36294,9 +34651,7 @@ components: source: emit(doc["foo"].value) type: long Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. + summary: The get data view API returns a JSON object that contains information about the data view. value: data_view: allowNoIndex: false @@ -37247,10 +35602,7 @@ components: value: data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + summary: The get runtime field API returns a JSON object that contains information about the runtime field (`hour_of_day`) and the data view (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). value: data_view: allowNoIndex: false @@ -37759,9 +36111,7 @@ components: data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f force: true Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. + summary: Swap references from data view ID "abcd-efg" to "xyz-123" and remove the data view that is no longer referenced. value: delete: true fromId: abcd-efg @@ -37812,25 +36162,12 @@ components: - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 type: map Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. + summary: The export objects API response contains a JSON record for each exported object. value: attributes: description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + layerListJSON: '[{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total Requests by Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web logs count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total Requests and Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web logs count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}]' + mapStateJSON: '{"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}}' title: '[Logs] Total Requests and Bytes' uiStateJSON: '{"isDarkMode":false}' coreMigrationVersion: 8.8.0 @@ -37855,10 +36192,7 @@ components: value: file: file.ndjson Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. + summary: The import objects API response indicates a successful import and the objects are created. Since these objects are created as new copies, each entry in the successResults array includes a destinationId attribute. value: success: true successCount: 1 @@ -37870,6 +36204,1191 @@ components: icon: indexPatternApp title: Kibana Sample Data Logs type: index-pattern + get_connector_types_generativeai_response: + summary: A list of connector types for the `generativeAI` feature. + value: + - id: .gen-ai + name: OpenAI + enabled: true + enabled_in_config: true + enabled_in_license: true + minimum_license_required: enterprise + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + is_system_action_type: false + - id: .bedrock + name: AWS Bedrock + enabled: true + enabled_in_config: true + enabled_in_license: true + minimum_license_required: enterprise + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + is_system_action_type: false + - id: .gemini + name: Google Gemini + enabled: true + enabled_in_config: true + enabled_in_license: true + minimum_license_required: enterprise + supported_feature_ids: + - generativeAIForSecurity + is_system_action_type: false + get_connector_response: + summary: Get connector details. + value: + id: df770e30-8b8b-11ed-a780-3b746c987a81 + name: my_server_log_connector + config: {} + connector_type_id: .server-log + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + update_index_connector_request: + summary: Update an index connector. + value: + name: updated-connector + config: + index: updated-index + create_email_connector_request: + summary: Create an email connector. + value: + name: email-connector-1 + connector_type_id: .email + config: + from: tester@example.com + hasAuth: true + host: https://example.com + port: 1025 + secure: false + service: other + secrets: + user: username + password: password + create_index_connector_request: + summary: Create an index connector. + value: + name: my-connector + connector_type_id: .index + config: + index: test-index + create_webhook_connector_request: + summary: Create a webhook connector with SSL authentication. + value: + name: my-webhook-connector + connector_type_id: .webhook + config: + method: post + url: https://example.com + authType: webhook-authentication-ssl + certType: ssl-crt-key + secrets: + crt: QmFnIEF0dH... + key: LS0tLS1CRUdJ... + password: my-passphrase + create_xmatters_connector_request: + summary: Create an xMatters connector with URL authentication. + value: + name: my-xmatters-connector + connector_type_id: .xmatters + config: + usesBasic: false + secrets: + secretsUrl: https://example.com?apiKey=xxxxx + create_email_connector_response: + summary: A new email connector. + value: + id: 90a82c60-478f-11ee-a343-f98a117c727f + connector_type_id: .email + name: email-connector-1 + config: + from: tester@example.com + service: other + host: https://example.com + port: 1025 + secure: false + hasAuth: true + tenantId: null + clientId: null + oauthTokenUrl: null + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + create_index_connector_response: + summary: A new index connector. + value: + id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad + connector_type_id: .index + name: my-connector + config: + index: test-index + refresh: false + executionTimeField: null + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + create_webhook_connector_response: + summary: A new webhook connector. + value: + id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd + name: my-webhook-connector + config: + method: post + url: https://example.com + authType: webhook-authentication-ssl + certType: ssl-crt-key + verificationMode: full + headers: null + hasAuth: true + connector_type_id: .webhook + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + run_index_connector_request: + summary: Run an index connector. + value: + params: + documents: + - id: my_doc_id + name: my_doc_name + message: hello, world + run_jira_connector_request: + summary: Run a Jira connector to retrieve the list of issue types. + value: + params: + subAction: issueTypes + run_servicenow_itom_connector_request: + summary: Run a ServiceNow ITOM connector to retrieve the list of choices. + value: + params: + subAction: getChoices + subActionParams: + fields: + - severity + - urgency + run_slack_api_connector_request: + summary: Run a Slack connector that uses the web API method to post a message on a channel. + value: + params: + subAction: postMessage + subActionParams: + channelIds: + - C123ABC456 + text: A test message. + run_swimlane_connector_request: + summary: Run a Swimlane connector to create an incident. + value: + params: + subAction: pushToService + subActionParams: + comments: + - commentId: 1 + comment: A comment about the incident. + incident: + caseId: '1000' + caseName: Case name + description: Description of the incident. + run_index_connector_response: + summary: Response from running an index connector. + value: + connector_id: fd38c600-96a5-11ed-bb79-353b74189cba + data: + errors: false + items: + - create: + _id: 4JtvwYUBrcyxt2NnfW3y + _index: my-index + _primary_term: 1 + _seq_no: 0 + _shards: + failed: 0 + successful: 1 + total: 2 + _version: 1 + result: created + status: 201 + took: 135 + status: ok + run_jira_connector_response: + summary: Response from retrieving the list of issue types for a Jira connector. + value: + connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 + data: + - id: 10024 + name: Improvement + - id: 10006 + name: Task + - id: 10007 + name: Sub-task + - id: 10025 + name: New Feature + - id: 10023 + name: Bug + - id: 10000 + name: Epic + status: ok + run_server_log_connector_response: + summary: Response from running a server log connector. + value: + connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 + status: ok + run_servicenow_itom_connector_response: + summary: Response from retrieving the list of choices for a ServiceNow ITOM connector. + value: + connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 + data: + - dependent_value: '' + element: severity + label: Critical + value: 1 + - dependent_value: '' + element: severity + label: Major + value: 2 + - dependent_value: '' + element: severity + label: Minor + value: 3 + - dependent_value: '' + element: severity + label: Warning + value: 4 + - dependent_value: '' + element: severity + label: OK + value: 5 + - dependent_value: '' + element: severity + label: Clear + value: 0 + - dependent_value: '' + element: urgency + label: 1 - High + value: 1 + - dependent_value: '' + element: urgency + label: 2 - Medium + value: 2 + - dependent_value: '' + element: urgency + label: 3 - Low + value: 3 + status: ok + run_slack_api_connector_response: + summary: Response from posting a message with a Slack connector. + value: + status: ok + data: + ok: true + channel: C123ABC456 + ts: '1234567890.123456' + message: + bot_id: B12BCDEFGHI + type: message + text: A test message + user: U12A345BC6D + ts: '1234567890.123456' + app_id: A01BC2D34EF + blocks: + - type: rich_text + block_id: /NXe + elements: + - type: rich_text_section + elements: + - type: text + text: A test message. + team: T01ABCDE2F + bot_profile: + id: B12BCDEFGHI + app_id: A01BC2D34EF + name: test + icons: + image_36: https://a.slack-edge.com/80588/img/plugins/app/bot_36.png + deleted: false + updated: 1672169705 + team_id: T01ABCDE2F + connector_id: .slack_api + run_swimlane_connector_response: + summary: Response from creating a Swimlane incident. + value: + connector_id: a4746470-2f94-11ed-b0e0-87533c532698 + data: + id: aKPmBHWzmdRQtx6Mx + title: TEST-457 + url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx + pushedDate: '2022-09-08T16:52:27.866Z' + comments: + - commentId: 1 + pushedDate: '2022-09-08T16:52:27.865Z' + status: ok + get_connectors_response: + summary: A list of connectors + value: + - id: preconfigured-email-connector + name: my-preconfigured-email-notification + connector_type_id: .email + is_preconfigured: true + is_deprecated: false + referenced_by_count: 0 + is_system_action: false + - id: e07d0c80-8b8b-11ed-a780-3b746c987a81 + name: my-index-connector + config: + index: test-index + refresh: false + executionTimeField: null + connector_type_id: .index + is_preconfigured: false + is_deprecated: false + referenced_by_count: 2 + is_missing_secrets: false + is_system_action: false + update_rule_request: + summary: Index threshold rule + description: Update an index threshold rule that uses a server log connector to send notifications when the threshold is met. + value: + actions: + - frequency: + summary: false + notify_when: onActionGroupChange + group: threshold met + id: 96b668d0-a1b6-11ed-afdf-d39a49596974 + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group}}: + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + params: + aggField: sheet.version + aggType: avg + index: + - .updated-index + groupBy: top + termField: name.keyword + termSize: 6 + threshold: + - 1000 + thresholdComparator: '>' + timeField: '@timestamp' + timeWindowSize: 5 + timeWindowUnit: m + name: new name + schedule: + interval: 1m + tags: [] + update_rule_response: + summary: Index threshold rule + description: The response for successfully updating an index threshold rule. + value: + id: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + consumer: alerts + tags: [] + name: new name + enabled: true + throttle: null + revision: 1 + running: false + schedule: + interval: 1m + params: + index: + - .updated-index + timeField: '@timestamp' + groupBy: top + aggType: avg + timeWindowSize: 5 + timeWindowUnit: m + thresholdComparator: '>' + threshold: + - 1000 + aggField: sheet.version + termField: name.keyword + termSize: 6 + api_key_owner: elastic + created_by: elastic + updated_by: elastic + rule_type_id: .index-threshold + scheduled_task_id: 4c5eda00-e74f-11ec-b72f-5b18752ff9ea + created_at: '2024-03-26T23:13:20.985Z' + updated_at: '2024-03-26T23:22:59.949Z' + mute_all: false + muted_alert_ids: [] + execution_status: + status: ok + last_execution_date: '2024-03-26T23:22:51.390Z' + last_duration: 52 + actions: + - group: threshold met + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group}}: + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date} + id: 96b668d0-a1b6-11ed-afdf-d39a49596974 + uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d + connector_type_id: .server-log + frequency: + summary: false + throttle: null + notify_when: onActionGroupChange + last_run: + alerts_count: + new: 0 + ignored: 0 + recovered: 0 + active: 0 + outcome_msg: null + warning: null + outcome: succeeded + next_run: '2024-03-26T23:23:51.316Z' + api_key_created_by_user: false + create_es_query_esql_rule_request: + summary: Elasticsearch query rule (ES|QL) + description: | + Create an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL) to define its query and a server log connector to send notifications. + value: + name: my Elasticsearch query ESQL rule + params: + searchType: esqlQuery + esqlQuery: + esql: FROM kibana_sample_data_logs | KEEP bytes, clientip, host, geo.dest | where geo.dest != "GB" | STATS sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | SORT sumbytes desc | LIMIT 10 + timeField: '@timestamp' + timeWindowSize: 1 + timeWindowUnit: d + size: 0 + thresholdComparator: '>' + threshold: + - 0 + consumer: stackAlerts + rule_type_id: .es-query + schedule: + interval: 1d + actions: + - group: query matched + id: d0db1fe0-78d6-11ee-9177-f7d404c8c945 + params: + level: info + message: |- + Elasticsearch query rule '{{rule.name}}' is active: + - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}} + frequency: + summary: false + notify_when: onActiveAlert + create_es_query_rule_request: + summary: Elasticsearch query rule (DSL) + description: | + Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications. + value: + actions: + - group: query matched + params: + level: info + message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts. + id: fdbece50-406c-11ee-850e-c71febc4ca7f + frequency: + throttle: 1d + summary: true + notify_when: onThrottleInterval + - group: recovered + params: + level: info + message: Recovered + id: fdbece50-406c-11ee-850e-c71febc4ca7f + frequency: + summary: false + notify_when: onActionGroupChange + consumer: alerts + name: my Elasticsearch query rule + params: + esQuery: '"""{"query":{"match_all" : {}}}"""' + index: + - kibana_sample_data_logs + size: 100 + threshold: + - 100 + thresholdComparator: '>' + timeField: '@timestamp' + timeWindowSize: 1 + timeWindowUnit: d + rule_type_id: .es-query + schedule: + interval: 1d + create_es_query_kql_rule_request: + summary: Elasticsearch query rule (KQL) + description: Create an Elasticsearch query rule that uses Kibana query language (KQL). + value: + consumer: alerts + name: my Elasticsearch query KQL rule + params: + aggType: count + excludeHitsFromPreviousRun: true + groupBy: all + searchConfiguration: + query: + query: '""geo.src : "US" ""' + language: kuery + index: 90943e30-9a47-11e8-b64d-95841ca0b247 + searchType: searchSource + size: 100 + threshold: + - 1000 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + rule_type_id: .es-query + schedule: + interval: 1m + create_index_threshold_rule_request: + summary: Index threshold rule + description: | + Create an index threshold rule that uses a server log connector to send notifications when the threshold is met. + value: + actions: + - id: 48de3460-f401-11ed-9f8e-399c75a2deeb + frequency: + notify_when: onActionGroupChange + summary: false + group: threshold met + params: + level: info + message: |- + Rule '{{rule.name}}' is active for group '{{context.group}}': + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + alert_delay: + active: 3 + consumer: alerts + name: my rule + params: + aggType: avg + termSize: 6 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + groupBy: top + threshold: + - 1000 + index: + - .test-index + timeField: '@timestamp' + aggField: sheet.version + termField: name.keyword + rule_type_id: .index-threshold + schedule: + interval: 1m + tags: + - cpu + create_tracking_containment_rule_request: + summary: Tracking containment rule + description: | + Create a tracking containment rule that checks when an entity is contained or no longer contained within a boundary. + value: + consumer: alerts + name: my tracking rule + params: + index: kibana_sample_data_logs + dateField": '@timestamp' + geoField: geo.coordinates + entity: agent.keyword + boundaryType: entireIndex + boundaryIndexTitle: boundary* + boundaryGeoField: location + boundaryNameField: name + indexId: 90943e30-9a47-11e8-b64d-95841ca0b247 + boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc + rule_type_id: .geo-containment + schedule: + interval: 1h + create_es_query_esql_rule_response: + summary: Elasticsearch query rule (ES|QL) + description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL). + value: + id: e0d62360-78e8-11ee-9177-f7d404c8c945 + enabled: true + name: my Elasticsearch query ESQL rule + tags: [] + rule_type_id: .es-query + consumer: stackAlerts + schedule: + interval: 1d + actions: + - group: query matched + id: d0db1fe0-78d6-11ee-9177-f7d404c8c945 + params: + level: info + message: |- + Elasticsearch query rule '{{rule.name}}' is active: + - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}} + connector_type_id: .server-log + frequency: + summary: false + notify_when: onActiveAlert + throttle: null + uuid: bfe370a3-531b-4855-bbe6-ad739f578844 + params: + searchType: esqlQuery + esqlQuery: + esql: FROM kibana_sample_data_logs | keep bytes, clientip, host, geo.dest | WHERE geo.dest != "GB" | stats sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | sort sumbytes desc | limit 10 + timeField: '@timestamp' + timeWindowSize: 1 + timeWindowUnit: d + size: 0 + thresholdComparator: '>' + threshold: + - 0 + excludeHitsFromPreviousRun": true, + aggType: count + groupBy: all + scheduled_task_id: e0d62360-78e8-11ee-9177-f7d404c8c945 + created_by: elastic + updated_by: elastic", + created_at: '2023-11-01T19:00:10.453Z' + updated_at: '2023-11-01T19:00:10.453Z' + api_key_owner: elastic + api_key_created_by_user: false + throttle: null + mute_all: false + notify_when: null + muted_alert_ids: [] + execution_status: + status: pending + last_execution_date: '2023-11-01T19:00:10.453Z' + revision: 0 + running: false + create_es_query_rule_response: + summary: Elasticsearch query rule (DSL) + description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL). + value: + id: 58148c70-407f-11ee-850e-c71febc4ca7f + enabled: true + name: my Elasticsearch query rule + tags: [] + rule_type_id: .es-query + consumer: alerts + schedule: + interval: 1d + actions: + - group: query matched + id: fdbece50-406c-11ee-850e-c71febc4ca7f + params: + level: info + message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts. + connector_type_id: .server-log + frequency: + summary: true + notify_when: onThrottleInterval + throttle: 1d + uuid: 53f3c2a3-e5d0-4cfa-af3b-6f0881385e78 + - group: recovered + id: fdbece50-406c-11ee-850e-c71febc4ca7f + params: + level: info + message: Recovered + connector_type_id: .server-log + frequency: + summary: false + notify_when: onActionGroupChange + throttle: null + uuid: 2324e45b-c0df-45c7-9d70-4993e30be758 + params: + thresholdComparator: '>' + timeWindowSize: 1 + timeWindowUnit: d + threshold: + - 100 + size: 100 + timeField: '@timestamp' + index: + - kibana_sample_data_logs + esQuery: '"""{"query":{"match_all" : {}}}"""' + excludeHitsFromPreviousRun: true + aggType: count + groupBy: all + searchType: esQuery + scheduled_task_id: 58148c70-407f-11ee-850e-c71febc4ca7f + created_by: elastic + updated_by: elastic + created_at: '2023-08-22T00:03:38.263Z' + updated_at: '2023-08-22T00:03:38.263Z' + api_key_owner: elastic + api_key_created_by_user: false + throttle: null + mute_all: false + notify_when: null + muted_alert_ids: [] + execution_status: + status: pending + last_execution_date: '2023-08-22T00:03:38.263Z' + revision: 0 + running: false + create_es_query_kql_rule_response: + summary: Elasticsearch query rule (KQL) + description: The response for successfully creating an Elasticsearch query rule that uses Kibana query language (KQL). + value: + id: 7bd506d0-2284-11ee-8fad-6101956ced88 + enabled: true + name: my Elasticsearch query KQL rule" + tags: [] + rule_type_id: .es-query + consumer: alerts + schedule: + interval: 1m + actions: [] + params: + searchConfiguration: + query: + query: '""geo.src : "US" ""' + language: kuery + index: 90943e30-9a47-11e8-b64d-95841ca0b247 + searchType: searchSource + timeWindowSize: 5 + timeWindowUnit: m + threshold: + - 1000 + thresholdComparator: '>' + size: 100 + aggType: count + groupBy: all + excludeHitsFromPreviousRun: true + created_by: elastic + updated_by: elastic + created_at: '2023-07-14T20:24:50.729Z' + updated_at: '2023-07-14T20:24:50.729Z' + api_key_owner: elastic + api_key_created_by_user: false + throttle: null + notify_when: null + mute_all: false + muted_alert_ids: [] + scheduled_task_id: 7bd506d0-2284-11ee-8fad-6101956ced88 + execution_status: + status: pending + last_execution_date: '2023-07-14T20:24:50.729Z' + revision: 0 + running: false + create_index_threshold_rule_response: + summary: Index threshold rule + description: The response for successfully creating an index threshold rule. + value: + actions: + - group: threshold met + id: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 + uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d + connector_type_id: .server-log + frequency: + notify_when: onActionGroupChange + summary: false + throttle: null + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group} : + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + alert_delay: + active: 3 + api_key_created_by_user: false + api_key_owner: elastic + consumer: alerts + created_at: '2022-06-08T17:20:31.632Z' + created_by: elastic + enabled: true + execution_status: + last_execution_date: '2022-06-08T17:20:31.632Z' + status: pending + id: 41893910-6bca-11eb-9e0d-85d233e3ee35 + muted_alert_ids: [] + mute_all: false + name: my rule + notify_when: null + params: + aggType: avg + termSize: 6 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + groupBy: top + threshold: + - 1000 + index: + - .test-index + timeField: '@timestamp' + aggField: sheet.version + termField: name.keyword + revision: 0 + rule_type_id: .index-threshold + running: false + schedule: + interval: 1m + scheduled_task_id: 425b0800-6bca-11eb-9e0d-85d233e3ee35 + tags: + - cpu + throttle: null + updated_at: '2022-06-08T17:20:31.632Z' + updated_by: elastic + create_tracking_containment_rule_response: + summary: Tracking containment rule + description: The response for successfully creating a tracking containment rule. + value: + id: b6883f9d-5f70-4758-a66e-369d7c26012f + name: my tracking rule + tags: [] + enabled: true + consumer: alerts + throttle: null + revision: 1 + running: false + schedule: + interval: 1h + params: + index: kibana_sample_data_logs + dateField: '@timestamp' + geoField: geo.coordinates + entity: agent.keyword + boundaryType: entireIndex + boundaryIndexTitle: boundary* + boundaryGeoField: location + boundaryNameField: name + indexId: 90943e30-9a47-11e8-b64d-95841ca0b247 + boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc + rule_type_id: .geo-containment + created_by: elastic + updated_by: elastic + created_at: '2024-02-14T19:52:55.920Z' + updated_at: '2024-02-15T03:24:32.574Z' + api_key_owner: elastic + notify_when: null + mute_all: false + muted_alert_ids: [] + scheduled_task_id: b6883f9d-5f70-4758-a66e-369d7c26012f + execution_status: + status: ok + last_execution_date: '2024-02-15T03:25:38.125Z' + last_duration: 74 + actions: [] + last_run: + alerts_count: + active: 0 + new: 0 + recovered: 0 + ignored: 0 + outcome_msg: null + outcome_order: 0 + outcome: succeeded + warning: null + next_run: '2024-02-15T03:26:38.033Z' + api_key_created_by_user: false + find_rules_response: + summary: Index threshold rule + description: A response that contains information about an index threshold rule. + value: + page: 1 + total: 1 + per_page: 10 + data: + - id: 3583a470-74f6-11ed-9801-35303b735aef + consumer: alerts + tags: + - cpu + name: my alert + enabled: true + throttle: null + schedule: + interval: 1m + params: + aggType: avg + termSize: 6 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + groupBy: top + threshold: + - 1000 + index: + - test-index + timeField: '@timestamp' + aggField: sheet.version + termField: name.keyword + revision: 1 + rule_type_id: .index-threshold + created_by: elastic + updated_by: elastic + created_at: '2022-12-05T23:40:33.132Z' + updated_at: '2022-12-05T23:40:33.132Z' + api_key_owner: elastic + mute_all: false + muted_alert_ids: [] + scheduled_task_id: 3583a470-74f6-11ed-9801-35303b735aef + execution_status: + status: ok + last_execution_date: '2022-12-06T01:44:23.983Z' + last_duration: 48 + actions: + - id: 9dca3e00-74f5-11ed-9801-35303b735aef + group: threshold met + uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61 + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group}}: + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + connector_type_id: .server-log + frequency: + summary: false + notify_when: onActionGroupChange + throttle: null + last_run: + alerts_count: + new: 0 + ignored: 0 + recovered: 0 + active: 0 + outcome_msg: null + warning: null + outcome: succeeded + next_run: '2022-12-06T01:45:23.912Z' + api_key_created_by_user: false + find_rules_response_conditional_action: + summary: Security rule + description: A response that contains information about a security rule that has conditional actions. + value: + page: 1 + total: 1 + per_page: 10 + data: + - id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb + name: security_rule + consumer: siem + enabled: true + tags: [] + throttle: null + revision: 1 + running: false + schedule: + interval: 1m + params: + author: [] + description: A security threshold rule. + ruleId: an_internal_rule_id + falsePositives: [] + from: now-3660s + immutable: false + license: '' + outputIndex: '' + meta: + from: 1h + kibana_siem_app_url: https://localhost:5601/app/security + maxSignals: 100 + riskScore: 21 + riskScoreMapping: [] + severity: low + severityMapping: [] + threat: [] + to: now + references: [] + version: 1 + exceptionsList: [] + type: threshold + language: kuery + index: + - kibana_sample_data_logs + query: '*' + filters: [] + threshold: + field: + - bytes + value: 1 + cardinality: [] + rule_type_id: siem.thresholdRule + created_by: elastic + updated_by: elastic + created_at: '2023-05-16T15:50:28.358Z' + updated_at: '2023-05-16T20:25:42.559Z' + api_key_owner: elastic + notify_when: null + mute_all: false + muted_alert_ids: [] + scheduled_task_id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb + execution_status: + status: ok + last_execution_date: '2023-05-16T20:26:49.590Z' + last_duration: 166 + actions: + - group: default + id: 49eae970-f401-11ed-9f8e-399c75a2deeb + params: + documents: + - rule_id: + '[object Object]': null + rule_name: + '[object Object]': null + alert_id: + '[object Object]': null + context_message: + '[object Object]': null + connector_type_id: .index + frequency: + summary: true + notify_when: onActiveAlert + throttle: null + uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61 + alerts_filter: + timeframe: + days: + - 7 + timezone: UTC + hours: + start: '08:00' + end: '17:00' + query: + kql: '' + filters: + - meta: + disabled: false + negate: false + alias: null + index: c4bdca79-e69e-4d80-82a1-e5192c621bea + key: client.geo.region_iso_code + field: client.geo.region_iso_code + params: + query: CA-QC + type: phrase + $state: + store: appState + query: + match_phrase: + client.geo.region_iso_code: CA-QC + last_run: + alerts_count: + new: 0 + ignored: 0 + recovered: 0 + active: 0 + outcome_msg: + - Rule execution completed successfully + outcome_order: 0 + warning: null + outcome: succeeded + next_run: '2023-05-16T20:27:49.507Z' + api_key_created_by_user: false + get_spaces_response1: + summary: Get all spaces + description: Get all spaces without specifying any options. + value: + - id: default + name: Default + description: This is the Default Space + disabledFeatures: [] + imageUrl: '' + _reserved: true + - id: marketing + name: Marketing + description: This is the Marketing Space + color: null + disabledFeatures: + - apm + initials: MK + imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU + - id: sales + name: Sales + initials: MK + disabledFeatures: + - discover + imageUr": '' + solution: oblt + get_spaces_response2: + summary: Get all spaces with custom options + description: | + The user has read-only access to the Sales space. Get all spaces with the following query parameters: "purpose=shareSavedObjectsIntoSpace&include_authorized_purposes=true" + value: + - id: default + name: Default + description: This is the Default Space + disabledFeatures: [] + imageUrl: '' + _reserved: true + authorizedPurposes: + any: true + copySavedObjectsIntoSpace: true + findSavedObjects: true + shareSavedObjectsIntoSpace: true + - id: marketing + name: Marketing + description: This is the Marketing Space + color: null + disabledFeatures: + - apm + initials: MK + imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU + authorizedPurposes: + any: true + copySavedObjectsIntoSpace: true + findSavedObjects: true + shareSavedObjectsIntoSpace: true + - id: sales + name: Sales + initials: MK + disabledFeatures: + - discover + imageUrl: '' + authorizedPurposes: + any: true + copySavedObjectsIntoSpace: false + findSavedObjects: true + shareSavedObjectsIntoSpace: false + create_space_request: + summary: Create a marketing space + value: + id: marketing + name: Marketing + description: This is the Marketing Space + color: null + initials: MK + disabledFeatures: [] + imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAD4AAABACAYAAABC6cT1AAAGf0lEQVRoQ+3abYydRRUH8N882xYo0IqagEVjokQJKAiKBjXExC9G/aCkGowCIghCkRcrVSSKIu/FEiqgGL6gBIlAYrAqUTH6hZgQFVEMKlQFfItWoQWhZe8z5uzMLdvbfbkLxb13d+fbvfe588x/zpn/+Z9zJpmnI81T3BaAzzfLL1h8weLzZAcWXH2eGHo7zAWLL1h8nuzAjFw9G1N6Kzq8HnuM36MR8iibF3Fv4q+7cv8yDV6K13bYq2furSP8Ag8ncr/vnSnwRViJT2GfCV7yL1yHGxLb+l3EdM9lluNEnIC9xz+f2ZL4Er6Z2DrdXN3fZwp8CU7OfDHxggle8lTLbQ1nJ/7Z7yKmey5zYGZt4h2IzR8/trRc2PDlxJPTzfVcgJ+CC0wMPOa9F6cm7up3EVM9V9386MxliVdM8GwAv6hh/awCz/w7lY25OtF5ruBz4ZLP42NYNrDAFbC3YPWuILnMAfgq3oaRQQYea/stViV+sgssvjKzLvGySeaaNVfP4d7Btokgvxj/bblgpueuF1hmWcyTCmfE3J3M1lTcv0vMswM88zR+jpw4osu6me8kzkpsfLZWzxyRuabO22buxxOJ12FxnXfWgEe83pB5sOE47BsLymzscOoi7nw2JJfZreUjiUsTyzKPZm5NvBDvSuw268AzNzV8H5/Am+qCnsAXgpgSW2Zq9cyKlksbPlTd+te4quWNieMHBfiNDdciYnwsdI/MaOaWhnMTf54J8CqNj8x8JXFIZltYu+HqlmNT8YSBsHgAPw/vxvlVV4du/s0oaxbxg0TbL/jMni0nNcVjQq7+HZfgtpbzBg342TgQ63AkmsymxBW4IjE6A+D7Vzd/fyWxIM/VuCe+HzTgZ2Jpy/kNJ2FJLmLm24mPJ/42A+Bvrxt4SISwlhsaPodH26LZB8rVA3inwwebsrixJCZzX+KMxI/7AV61eVh3DV6Mx3EOvh4kN6jAg8nfUCXm4d1wE66OyxNPTQc+s3/o/MoXizL3JE5O3F3P/uBZPPF4Zr+Wi5uSO48ZPRdyCwn7YB/A35m5KhWNHox4fcNnIs0ddOCRSBxf8+cQG+Huf0l8NJVYP+nI7NXy2ar4QqIGm69JfKPOE2w/mBavCzwM11R2D+ChsUO7hyUfmwx55qDM1xJvqZ7y08TpifuGBfjeURVJnNIVGpkNiXNS0ds7jcySDitDCCWW56LJ10fRo8sNA+3qXUSZD2CtQlZh9T+1rB7h9oliembflnMbzqgSNZKbKGHdPm7OwXb1CvQ1metSETMpszmzvikCJNh/h5E5PHNl4qga/+/cxqrdeWDYgIe7X5L4cGJPJX2940lOX8pD41FnFnc4riluvQKbK0dcHJFi2IBHNTQSlguru4d2/wPOTNzRA3x5y+U1E1uqWDkETOT026XuUJzx6u7ReLhSYenQ7uHua0fKZmwfmcPqsQjxE5WVONcRxn7X89zgn/EKPMRMxOVQXmP18Mx3q3b/Y/0cQE/IhFtHESMsHFlZ1Ml3CH3DZPHImY+pxcKumNmYirtvqMBfhMuU6s3iqOQkTsMPe1tCQwO8Ajs0lxr7W+vnp1MJc9EgCNd/cy6x+9D4veXmprj5wxMw/3C4egW6zzgZOlYZzfwo3F2J7ael0pJamvlPKgWNKFft1AAcKotXoFEbD7kaoSoQPVKB35+5KHF0lai/rJo+up87jWEE/qqqwY+qrL21LWLm95lPJ16ppKw31XC3PXYPJauPEx7B6BHCgrSizRs18qiaRp8tlN3ueCTYPHH9RNaunjI8Z7wLYpT3jZSCYXQ8e9vTsRE/q+no3XMKeObgGtaintbb/AvXj4JDkNw/5hrwYPfIvlZFUbLn7G5q+eQIN09Vnho6cqvnM/Lt99RixH49wO8K0ZL41WTWHoQzvsNVkOheZqKhEGpsp3SzB+BBtZAYve7uOR9tuTaaB6l0XScdYfEQPpkTUyHEGP+XqyDBzu+NBCITUjNWHynkrbWKOuWFn1xKzqsyx0bdvS78odp0+N503Zao0uCsWuSIDku8/7EO60b41vN5+Ses9BKlTdvd8bhp9EBvJjWJAIn/vxwHe6b3tSk6JFPV4nq85oAOrx555v/x/rh3E6Lo+bnuNS4uB4Cuq0ZfvO8X1rM6q/+vnjLVqZq7v83onttc2oYF4HPJmv1gWbB4P7s0l55ZsPhcsmY/WBYs3s8uzaVn5q3F/wf70mRuBCtbjQAAAABJRU5ErkJggg== + get_space_response: + summary: Get details about a marketing space + value: + id: marketing + name: Marketing + description: This is the Marketing Space + color: null + initials: MK + disabledFeatures: [] + imageUrl: '' + solution: es + update_space_request: + summary: Update a marketing space + description: Update the marketing space to remove the imageUrl. + value: + id: marketing + name: Marketing + description: This is the Marketing Space + color: null + initials: MK + disabledFeatures: [] + imageUrl: '' parameters: APM_UI_elastic_api_version: description: The version of the API to use @@ -37913,9 +37432,7 @@ components: example: ff959d40-b880-11e8-a6d9-e546fe2bba5f type: string Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. + description: When true, simulates the synchronization by returning only the list of actions that would be performed. example: 'true' in: query name: simulate @@ -37945,9 +37462,7 @@ components: example: 9c235211-6834-11ea-a78c-6feb38a34414 type: string SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. + description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. in: path name: spaceId required: true @@ -38272,10 +37787,8 @@ components: example: 0bc3b5ebf18fba8163fe4c96f491e3767a358f85 type: string mark_as_applied_by_agent: - description: > - `markAsAppliedByAgent=true` means "force setting it to true - regardless of etag". - + description: | + `markAsAppliedByAgent=true` means "force setting it to true regardless of etag". This is needed for Jaeger agent that doesn't have etags type: boolean service: @@ -38390,9 +37903,7 @@ components: type: object properties: bundle_filepath: - description: >- - The absolute path of the final bundle as used in the web - application. + description: The absolute path of the final bundle as used in the web application. type: string service_name: description: The name of the service that the service map should apply to. @@ -38401,11 +37912,9 @@ components: description: The version of the service that the service map should apply to. type: string sourcemap: - description: > + description: | The source map. String or file upload. It must follow the - - [source map revision 3 - proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k). + [source map revision 3 proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k). format: binary type: string required: @@ -38445,9 +37954,7 @@ components: example: Not Found type: string message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found + example: Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found type: string statusCode: enum: @@ -38502,9 +38009,7 @@ components: - title override: default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. + description: Override an existing data view if a data view with the provided title already exists. type: boolean required: - data_view @@ -38566,9 +38071,7 @@ components: description: A map of field formats by field name. type: object Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. + description: An array of space identifiers for sharing the data view between multiple spaces. items: default: default type: string @@ -38620,9 +38123,8 @@ components: description: The saved object reference to change. type: string fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + description: | + Specify the type of the saved object reference to alter. The default value is `index-pattern` for data views. type: string toId: description: New saved object reference value to replace the old value. @@ -38634,17 +38136,13 @@ components: description: The timestamp field name, which you use for time-based data views. type: string Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). + description: Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (`*`). type: string Data_views_type: description: When set to `rollup`, identifies the rollup data views. type: string Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + description: When you use rollup indices, contains the field list for the rollup data view API endpoints. type: object properties: aggs: @@ -38657,9 +38155,7 @@ components: - aggs - params Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + description: When you use rollup indices, contains the field list for the rollup data view API endpoints. nullable: true type: object properties: @@ -38674,10 +38170,8 @@ components: type: object properties: data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. + description: | + The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted. type: object properties: allowNoIndex: @@ -38737,10 +38231,7 @@ components: - status Kibana_HTTP_APIs_core_status_response: additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. + description: Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request. type: object properties: metrics: @@ -38799,9 +38290,7 @@ components: description: A URL to further documentation regarding this service. type: string level: - description: >- - Service status levels as human and machine readable - values. + description: Service status levels as human and machine readable values. enum: - available - degraded @@ -38810,9 +38299,7 @@ components: type: string meta: additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. + description: An unstructured set of extra metadata about this service. type: object summary: description: A human readable summary of the service status. @@ -38832,9 +38319,7 @@ components: description: A URL to further documentation regarding this service. type: string level: - description: >- - Service status levels as human and machine readable - values. + description: Service status levels as human and machine readable values. enum: - available - degraded @@ -38843,9 +38328,7 @@ components: type: string meta: additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. + description: An unstructured set of extra metadata about this service. type: object summary: description: A human readable summary of the service status. @@ -38898,9 +38381,7 @@ components: description: A URL to further documentation regarding this service. type: string level: - description: >- - Service status levels as human and machine readable - values. + description: Service status levels as human and machine readable values. enum: - available - degraded @@ -38925,9 +38406,7 @@ components: - core - plugins uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. + description: Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts. type: string version: additionalProperties: false @@ -38937,24 +38416,16 @@ components: description: The date and time of this build. type: string build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. + description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases. enum: - serverless - traditional type: string build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. + description: A unique hash value representing the git commit of this Kibana build. type: string build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. + description: A monotonically increasing number, each subsequent build will have a higher number. type: number build_snapshot: description: Whether this build is a snapshot build. @@ -38980,25 +38451,17 @@ components: datafeedsAdded: additionalProperties: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. + description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API. type: object datafeedsRemoved: additionalProperties: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. + description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API. type: object savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated' savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted' title: Successful sync API response type: object Machine_learning_APIs_mlSync4xxResponse: @@ -39014,97 +38477,63 @@ components: title: Unsuccessful sync API response type: object Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. + description: The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' title: Sync API response for anomaly detection jobs type: object Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. + description: The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' title: Sync API response for datafeeds type: object Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. + description: The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' title: Sync API response for data frame analytics jobs type: object Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. + description: If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API. properties: anomaly-detector: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If saved objects are missing for anomaly detection jobs, they are created. type: object data-frame-analytics: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If saved objects are missing for data frame analytics jobs, they are created. type: object trained-model: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' description: If saved objects are missing for trained models, they are created. type: object title: Sync API response for created saved objects type: object Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. + description: If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API. properties: anomaly-detector: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted. type: object data-frame-analytics: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted. type: object trained-model: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' + description: If there are saved objects exist for nonexistent trained models, they are deleted. type: object title: Sync API response for deleted saved objects type: object @@ -39112,11 +38541,7 @@ components: description: The success or failure of the synchronization. type: boolean Machine_learning_APIs_mlSyncResponseTrainedModels: - description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. + description: The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' @@ -39181,8 +38606,7 @@ components: name: type: string skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason' required: - id - skip_reason @@ -39196,15 +38620,12 @@ components: properties: errors: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError' type: array results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults' summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' required: - results - summary @@ -39221,8 +38642,7 @@ components: properties: created: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' type: array deleted: items: @@ -39230,13 +38650,11 @@ components: type: array skipped: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult' type: array updated: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' type: array required: - updated @@ -39444,11 +38862,8 @@ components: type: object properties: confidence: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationConfidence - description: >- - How confident you are about this being a correct and useful - learning. + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationConfidence' + description: How confident you are about this being a correct and useful learning. content: description: Summary text of the conversation over time. type: string @@ -39554,8 +38969,7 @@ components: properties: anonymization_fields: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError' type: array err_code: type: string @@ -39576,8 +38990,7 @@ components: type: string prompts: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptDetailsInError' type: array status_code: type: integer @@ -39676,8 +39089,7 @@ components: name: type: string skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason' required: - id - skip_reason @@ -39689,15 +39101,12 @@ components: properties: errors: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError' type: array results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults' summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' required: - results - summary @@ -39724,8 +39133,7 @@ components: type: array skipped: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult' type: array updated: items: @@ -39836,8 +39244,7 @@ components: oneOf: - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - items: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsSortCombinations + $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' type: array Security_Detections_API_AlertsSortCombinations: anyOf: @@ -39855,21 +39262,18 @@ components: type: object properties: duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration' group_by: $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' missing_fields_strategy: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy' required: - group_by Security_Detections_API_AlertSuppressionDuration: type: object properties: unit: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit' value: minimum: 1 type: integer @@ -39889,12 +39293,9 @@ components: minItems: 1 type: array Security_Detections_API_AlertSuppressionMissingFieldsStrategy: - description: >- - Describes how alerts will be generated for documents with missing - suppress by fields: - + description: |- + Describes how alerts will be generated for documents with missing suppress by fields: doNotSuppress - per each document a separate alert will be created - suppress - only alert will be created per suppress by bucket enum: - doNotSuppress @@ -39911,26 +39312,16 @@ components: minimum: 0 type: integer Security_Detections_API_BuildingBlockType: - description: >- - Determines if the rule acts as a building block. By default, - building-block alerts are not displayed in the UI. These rules are used - as a foundation for other rules that do generate alerts. Its value must - be default. + description: Determines if the rule acts as a building block. By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts. Its value must be default. type: string Security_Detections_API_BulkActionEditPayload: anyOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTags' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule' Security_Detections_API_BulkActionEditPayloadIndexPatterns: type: object properties: @@ -39974,12 +39365,10 @@ components: properties: actions: items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleAction + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction' type: array throttle: - $ref: >- - #/components/schemas/Security_Detections_API_ThrottleForBulkActions + $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions' required: - actions required: @@ -39996,9 +39385,7 @@ components: type: object properties: interval: - description: >- - Interval in which the rule runs. For example, `"1h"` means the - rule runs every hour. + description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. example: 1h pattern: ^[1-9]\d*[smh]$ type: string @@ -40040,8 +39427,7 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' required: - timeline_id - timeline_title @@ -40143,15 +39529,12 @@ components: properties: errors: items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleError + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError' type: array results: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResults + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults' summary: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionSummary + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary' required: - results - summary @@ -40393,11 +39776,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -40411,8 +39792,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -40428,24 +39808,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -40472,13 +39848,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -40521,11 +39895,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -40539,8 +39911,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -40556,24 +39927,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -40602,13 +39969,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -40644,11 +40009,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -40662,8 +40025,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -40681,24 +40043,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -40727,13 +40085,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -40752,11 +40108,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -40770,8 +40124,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -40789,24 +40142,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -40835,13 +40184,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -40892,11 +40239,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -40910,8 +40255,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -40927,24 +40271,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -40971,13 +40311,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -41020,11 +40358,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41038,8 +40374,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -41055,24 +40390,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41101,13 +40432,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -41132,11 +40461,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41150,8 +40477,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -41171,13 +40497,11 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' query: @@ -41186,12 +40510,10 @@ components: references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41220,13 +40542,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' type: @@ -41267,11 +40587,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41285,8 +40603,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -41304,24 +40621,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41350,13 +40663,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -41381,14 +40692,11 @@ components: - endpoint_blocklists type: string Security_Detections_API_ExternalRuleSource: - description: >- - Type of rule source for externally sourced rules, i.e. rules that have - an external source, such as the Elastic Prebuilt rules repo. + description: Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo. type: object properties: is_customized: - $ref: >- - #/components/schemas/Security_Detections_API_IsExternalRuleCustomized + $ref: '#/components/schemas/Security_Detections_API_IsExternalRuleCustomized' type: enum: - external @@ -41420,9 +40728,7 @@ components: type: string type: array Security_Detections_API_InternalRuleSource: - description: >- - Type of rule source for internally sourced rules, i.e. created within - the Kibana apps. + description: Type of rule source for internally sourced rules, i.e. created within the Kibana apps. type: object properties: type: @@ -41432,33 +40738,19 @@ components: required: - type Security_Detections_API_InvestigationFields: - description: > - Schema for fields relating to investigation fields. These are user - defined fields we use to highlight - - in various features in the UI such as alert details flyout and - exceptions auto-population from alert. - + description: | + Schema for fields relating to investigation fields. These are user defined fields we use to highlight + in various features in the UI such as alert details flyout and exceptions auto-population from alert. Added in PR #163235 - - Right now we only have a single field but anticipate adding more related - fields to store various - - configuration states such as `override` - where a user might say if they - want only these fields to - - display, or if they want these fields + the fields we select. When - expanding this field, it may look - + Right now we only have a single field but anticipate adding more related fields to store various + configuration states such as `override` - where a user might say if they want only these fields to + display, or if they want these fields + the fields we select. When expanding this field, it may look something like: - ```typescript - const investigationFields = z.object({ field_names: NonEmptyArray(NonEmptyString), override: z.boolean().optional(), }); - ``` type: object properties: @@ -41473,19 +40765,14 @@ components: description: Notes to help investigate alerts produced by the rule. type: string Security_Detections_API_IsExternalRuleCustomized: - description: >- - Determines whether an external/prebuilt rule has been customized by the - user (i.e. any of its fields have been modified and diverged from the - base value). + description: Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value). type: boolean Security_Detections_API_IsRuleEnabled: description: Determines whether the rule is enabled. type: boolean Security_Detections_API_IsRuleImmutable: deprecated: true - description: >- - This field determines whether the rule is a prebuilt Elastic rule. It - will be replaced with the `rule_source` field. + description: This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field. type: boolean Security_Detections_API_ItemsPerSearch: minimum: 1 @@ -41512,11 +40799,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41530,8 +40815,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -41547,24 +40831,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41591,13 +40871,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -41626,14 +40904,11 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields' Security_Detections_API_MachineLearningRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleCreateProps: allOf: - type: object @@ -41643,11 +40918,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41661,8 +40934,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -41678,24 +40950,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41724,13 +40992,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -41740,8 +41006,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MachineLearningRuleOptionalFields: type: object properties: @@ -41754,15 +41019,13 @@ components: anomaly_threshold: $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningJobId + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' type: description: Rule type enum: - machine_learning type: string - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRulePatchProps: allOf: - type: object @@ -41772,11 +41035,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41790,8 +41051,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -41809,24 +41069,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41855,19 +41111,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields' Security_Detections_API_MachineLearningRuleRequiredFields: type: object properties: @@ -41886,10 +41139,8 @@ components: - anomaly_threshold Security_Detections_API_MachineLearningRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleUpdateProps: allOf: - type: object @@ -41899,11 +41150,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -41917,8 +41166,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -41936,24 +41184,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -41982,13 +41226,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -41998,8 +41240,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MaxSignals: minimum: 1 type: integer @@ -42018,11 +41259,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42036,8 +41275,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -42053,24 +41291,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -42097,13 +41331,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -42132,16 +41364,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields' Security_Detections_API_NewTermsRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRuleCreateProps: allOf: - type: object @@ -42151,11 +41379,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42169,8 +41395,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -42186,24 +41411,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -42232,13 +41453,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -42248,8 +41467,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NewTermsRuleDefaultableFields: type: object properties: @@ -42281,10 +41499,8 @@ components: enum: - new_terms type: string - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRulePatchProps: allOf: - type: object @@ -42294,11 +41510,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42312,8 +41526,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -42331,24 +41544,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -42377,13 +41586,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -42410,10 +41617,8 @@ components: - history_window_start Security_Detections_API_NewTermsRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' - type: object properties: language: @@ -42429,11 +41634,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42447,8 +41650,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -42466,24 +41668,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -42512,13 +41710,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -42528,8 +41724,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 @@ -42556,8 +41751,7 @@ components: type: object properties: err_code: - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode + $ref: '#/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode' message: type: string rules: @@ -42669,11 +41863,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42687,8 +41879,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -42704,24 +41895,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -42748,13 +41935,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -42788,8 +41973,7 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRuleCreateProps: allOf: - type: object @@ -42799,11 +41983,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42817,8 +41999,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -42834,24 +42015,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -42880,13 +42057,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -42927,8 +42102,7 @@ components: - query type: string - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRulePatchProps: allOf: - type: object @@ -42938,11 +42112,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -42956,8 +42128,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -42975,24 +42146,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -43021,13 +42188,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -43065,11 +42230,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -43083,8 +42246,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -43102,24 +42264,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -43148,13 +42306,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -43166,58 +42322,32 @@ components: - severity - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' Security_Detections_API_RelatedIntegration: - description: > - Related integration is a potential dependency of a rule. It's assumed - that if the user installs - - one of the related integrations of a rule, the rule might start to work - properly because it will - - have source events (generated by this integration) potentially matching - the rule's query. - - - NOTE: Proper work is not guaranteed, because a related integration, if - installed, can be - - configured differently or generate data that is not necessarily relevant - for this rule. - - - Related integration is a combination of a Fleet package and (optionally) - one of the + description: | + Related integration is a potential dependency of a rule. It's assumed that if the user installs + one of the related integrations of a rule, the rule might start to work properly because it will + have source events (generated by this integration) potentially matching the rule's query. - package's "integrations" that this package contains. It is represented - by 3 properties: + NOTE: Proper work is not guaranteed, because a related integration, if installed, can be + configured differently or generate data that is not necessarily relevant for this rule. + Related integration is a combination of a Fleet package and (optionally) one of the + package's "integrations" that this package contains. It is represented by 3 properties: - `package`: name of the package (required, unique id) - - `version`: version of the package (required, semver-compatible) + - `integration`: name of the integration of this package (optional, id within the package) - - `integration`: name of the integration of this package (optional, id - within the package) - - - There are Fleet packages like `windows` that contain only one - integration; in this case, - - `integration` should be unspecified. There are also packages like `aws` - and `azure` that contain - + There are Fleet packages like `windows` that contain only one integration; in this case, + `integration` should be unspecified. There are also packages like `aws` and `azure` that contain several integrations; in this case, `integration` should be specified. - @example - const x: RelatedIntegration = { package: 'windows', version: '1.5.x', }; - @example - const x: RelatedIntegration = { package: 'azure', version: '~1.1.6', @@ -43239,35 +42369,23 @@ components: $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' type: array Security_Detections_API_RequiredField: - description: > - Describes an Elasticsearch field that is needed for the rule to - function. - - - Almost all types of Security rules check source event documents for a - match to some kind of - - query or filter. If a document has certain field with certain values, - then it's a match and + description: | + Describes an Elasticsearch field that is needed for the rule to function. + Almost all types of Security rules check source event documents for a match to some kind of + query or filter. If a document has certain field with certain values, then it's a match and the rule will generate an alert. - - Required field is an event field that must be present in the source - indices of a given rule. - + Required field is an event field that must be present in the source indices of a given rule. @example - const standardEcsField: RequiredField = { name: 'event.action', type: 'keyword', ecs: true, }; - @example - const nonEcsField: RequiredField = { name: 'winlog.event_data.AttributeLDAPDisplayName', type: 'keyword', @@ -43293,10 +42411,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RequiredField' type: array Security_Detections_API_RequiredFieldInput: - description: >- - Input parameters to create a RequiredField. Does not include the `ecs` - field, because `ecs` is calculated on the backend based on the field - name and type. + description: Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field name and type. type: object properties: name: @@ -43358,9 +42473,7 @@ components: minimum: 0 type: integer Security_Detections_API_RiskScoreMapping: - description: >- - Overrides generated alerts' risk_score with a value from the source - event + description: Overrides generated alerts' risk_score with a value from the source event items: type: object properties: @@ -43405,17 +42518,13 @@ components: additionalProperties: true type: object Security_Detections_API_RuleActionFrequency: - description: >- - The action frequency defines when the action runs (for example, only on - rule execution or at specific time intervals). + description: The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals). type: object properties: notifyWhen: $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' summary: - description: >- - Action summary indicates whether we will send a summary notification - about all the generate alerts or notification per individual alert + description: Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert type: boolean throttle: $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' @@ -43425,17 +42534,13 @@ components: - notifyWhen - throttle Security_Detections_API_RuleActionGroup: - description: >- - Optionally groups actions by use cases. Use `default` for alert - notifications. + description: Optionally groups actions by use cases. Use `default` for alert notifications. type: string Security_Detections_API_RuleActionId: description: The connector ID. type: string Security_Detections_API_RuleActionNotifyWhen: - description: >- - The condition for throttling the notification: `onActionGroupChange`, - `onActiveAlert`, or `onThrottleInterval` + description: 'The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`, or `onThrottleInterval`' enum: - onActiveAlert - onThrottleInterval @@ -43443,9 +42548,7 @@ components: type: string Security_Detections_API_RuleActionParams: additionalProperties: true - description: >- - Object containing the allowed connector fields, which varies according - to the connector type. + description: Object containing the allowed connector fields, which varies according to the connector type. type: object Security_Detections_API_RuleActionThrottle: description: Defines how often rule actions are taken. @@ -43466,14 +42569,10 @@ components: anyOf: - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' discriminator: @@ -43520,50 +42619,25 @@ components: minimum: 0 type: integer total_enrichment_duration_ms: - description: >- - Total time spent enriching documents during current rule execution - cycle + description: Total time spent enriching documents during current rule execution cycle minimum: 0 type: integer total_indexing_duration_ms: - description: >- - Total time spent indexing documents during current rule execution - cycle + description: Total time spent indexing documents during current rule execution cycle minimum: 0 type: integer total_search_duration_ms: - description: >- - Total time spent performing ES searches as measured by Kibana; - includes network latency and time spent serializing/deserializing - request/response + description: Total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response minimum: 0 type: integer Security_Detections_API_RuleExecutionStatus: - description: >- - Custom execution status of Security rules that is different from the - status used in the Alerting Framework. We merge our custom status with - the Framework's status to determine the resulting status of a rule. - - - going to run - @deprecated Replaced by the 'running' status but left - for backwards compatibility with rule execution events already written - to Event Log in the prior versions of Kibana. Don't use when writing - rule status changes. - - - running - Rule execution started but not reached any intermediate or - final status. - - - partial failure - Rule can partially fail for various reasons either - in the middle of an execution (in this case we update its status right - away) or in the end of it. So currently this status can be both - intermediate and final at the same time. A typical reason for a partial - failure: not all the indices that the rule searches over actually exist. - - - failed - Rule failed to execute due to unhandled exception or a reason - defined in the business logic of its executor function. - - - succeeded - Rule executed successfully without any issues. Note: this - status is just an indication of a rule's "health". The rule might or - might not generate any alerts despite of it. + description: |- + Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule. + - going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes. + - running - Rule execution started but not reached any intermediate or final status. + - partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist. + - failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function. + - succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's "health". The rule might or might not generate any alerts despite of it. enum: - going to run - running @@ -43586,14 +42660,12 @@ components: message: type: string metrics: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionMetrics + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics' status: $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' description: Status of the last execution status_order: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder' required: - date - status @@ -43610,16 +42682,10 @@ components: items: {} type: array Security_Detections_API_RuleInterval: - description: >- - Frequency of rule execution, using a date math range. For example, "1h" - means the rule runs every hour. Defaults to 5m (5 minutes). + description: Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes). type: string Security_Detections_API_RuleIntervalFrom: - description: >- - Time from which data is analyzed each time the rule runs, using a date - math range. For example, now-4200s means the rule analyzes data from 70 - minutes before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). + description: Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). format: date-math type: string Security_Detections_API_RuleIntervalTo: @@ -43642,13 +42708,10 @@ components: anyOf: - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' Security_Detections_API_RulePreviewLoggedRequest: @@ -43674,8 +42737,7 @@ components: type: array requests: items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest + $ref: '#/components/schemas/Security_Detections_API_RulePreviewLoggedRequest' type: array startedAt: $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' @@ -43720,19 +42782,14 @@ components: description: Could be any string, not necessarily a UUID type: string Security_Detections_API_RuleSource: - description: >- - Discriminated union that determines whether the rule is internally - sourced (created within the Kibana app) or has an external source, such - as the Elastic Prebuilt rules repo. + description: Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo. discriminator: propertyName: type oneOf: - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' Security_Detections_API_RuleTagArray: - description: >- - String array containing words and phrases to help categorize, filter, - and search rules. Defaults to an empty array. + description: String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array. items: type: string type: array @@ -43740,14 +42797,10 @@ components: anyOf: - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' discriminator: @@ -43780,11 +42833,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -43798,8 +42849,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -43815,24 +42865,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -43859,13 +42905,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -43894,16 +42938,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields' Security_Detections_API_SavedQueryRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRuleCreateProps: allOf: - type: object @@ -43913,11 +42953,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -43931,8 +42969,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -43948,24 +42985,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -43994,13 +43027,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -44010,8 +43041,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SavedQueryRuleDefaultableFields: type: object properties: @@ -44041,10 +43071,8 @@ components: enum: - saved_query type: string - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRulePatchProps: allOf: - type: object @@ -44054,11 +43082,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -44072,8 +43098,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -44091,24 +43116,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -44137,19 +43158,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields' Security_Detections_API_SavedQueryRuleRequiredFields: type: object properties: @@ -44165,10 +43183,8 @@ components: - saved_id Security_Detections_API_SavedQueryRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' - type: object properties: language: @@ -44184,11 +43200,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -44202,8 +43216,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -44221,24 +43234,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -44267,13 +43276,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -44283,8 +43290,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SetAlertsStatusByIds: type: object properties: @@ -44393,18 +43399,14 @@ components: type: array Security_Detections_API_ThreatFilters: items: - description: >- - Query and filter context array used to filter documents from the - Elasticsearch index containing the threat values + description: Query and filter context array used to filter documents from the Elasticsearch index containing the threat values type: array Security_Detections_API_ThreatIndex: items: type: string type: array Security_Detections_API_ThreatIndicatorPath: - description: >- - Defines the path to the threat indicator in the indicator documents - (optional) + description: Defines the path to the threat indicator in the indicator documents (optional) type: string Security_Detections_API_ThreatMapping: items: @@ -44440,11 +43442,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -44458,8 +43458,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -44475,24 +43474,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -44519,13 +43514,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -44554,16 +43547,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields' Security_Detections_API_ThreatMatchRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRuleCreateProps: allOf: - type: object @@ -44573,11 +43562,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -44591,8 +43578,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -44608,24 +43594,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -44654,13 +43636,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -44670,8 +43650,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object properties: @@ -44717,10 +43696,8 @@ components: enum: - threat_match type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRulePatchProps: allOf: - type: object @@ -44730,11 +43707,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -44748,8 +43723,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -44767,24 +43741,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -44813,19 +43783,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields' Security_Detections_API_ThreatMatchRuleRequiredFields: type: object properties: @@ -44850,10 +43817,8 @@ components: - threat_index Security_Detections_API_ThreatMatchRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' - type: object properties: language: @@ -44869,11 +43834,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -44887,8 +43850,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -44906,24 +43868,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -44952,13 +43910,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -44968,8 +43924,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatQuery: description: Query to run type: string @@ -45042,8 +43997,7 @@ components: type: object properties: duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration' required: - duration Security_Detections_API_ThresholdCardinality: @@ -45075,11 +44029,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -45093,8 +44045,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -45110,24 +44061,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -45154,13 +44101,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -45189,16 +44134,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields' Security_Detections_API_ThresholdRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRuleCreateProps: allOf: - type: object @@ -45208,11 +44149,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -45226,8 +44165,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -45243,24 +44181,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -45289,13 +44223,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -45305,8 +44237,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdRuleDefaultableFields: type: object properties: @@ -45316,8 +44247,7 @@ components: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdAlertSuppression + $ref: '#/components/schemas/Security_Detections_API_ThresholdAlertSuppression' data_view_id: $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: @@ -45339,10 +44269,8 @@ components: enum: - threshold type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRulePatchProps: allOf: - type: object @@ -45352,11 +44280,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -45370,8 +44296,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -45389,24 +44314,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -45435,19 +44356,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields' Security_Detections_API_ThresholdRuleRequiredFields: type: object properties: @@ -45466,10 +44384,8 @@ components: - threshold Security_Detections_API_ThresholdRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' - type: object properties: language: @@ -45485,11 +44401,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -45503,8 +44417,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -45522,24 +44435,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -45568,13 +44477,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -45584,16 +44491,13 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdValue: description: Threshold value minimum: 1 type: integer Security_Detections_API_ThrottleForBulkActions: - description: >- - The condition for throttling the notification: 'rule', 'no_actions', or - time duration + description: 'The condition for throttling the notification: ''rule'', ''no_actions'', or time duration' enum: - rule - 1h @@ -45655,44 +44559,34 @@ components: created_by: type: string description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId' immutable: type: boolean list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray' tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: format: date-time type: string updated_by: type: string version: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' required: - id - list_id @@ -45720,51 +44614,39 @@ components: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: format: date-time type: string created_by: type: string description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: format: date-time type: string @@ -45809,31 +44691,23 @@ components: - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard' discriminator: propertyName: type Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry' type: array Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: type: object @@ -45841,8 +44715,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - exists @@ -45867,8 +44740,7 @@ components: - id - type operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - list @@ -45884,8 +44756,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match @@ -45903,16 +44774,14 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match_any type: string value: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' minItems: 1 type: array required: @@ -45926,8 +44795,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - wildcard @@ -45944,8 +44812,7 @@ components: properties: entries: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem' minItems: 1 type: array field: @@ -45960,12 +44827,9 @@ components: - entries Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists' Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded @@ -45982,8 +44846,7 @@ components: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: @@ -46006,8 +44869,7 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: items: @@ -46027,15 +44889,11 @@ components: minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - + description: | + Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where: - - `single`: Only available in the Kibana space in which it is created. - - `agnostic`: Available in all Kibana spaces. enum: - agnostic @@ -46124,11 +44982,9 @@ components: type: object properties: agent_id: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AgentId + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' pending_actions: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema' required: - agent_id - pending_actions @@ -46219,8 +45075,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46231,11 +45086,9 @@ components: type: object properties: command: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Command + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' timeout: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Timeout + $ref: '#/components/schemas/Security_Endpoint_Management_API_Timeout' required: - command required: @@ -46280,8 +45133,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46298,11 +45150,9 @@ components: required: - parameters Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -46316,8 +45166,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46327,8 +45176,7 @@ components: parameters: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId + - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' - type: object properties: process_name: @@ -46404,8 +45252,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46427,32 +45274,23 @@ components: - type: object properties: execute: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' get-file: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' isolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' kill-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' running-processes: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' scan: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' suspend-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' unisolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' upload: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - additionalProperties: true type: object Security_Endpoint_Management_API_Pid: @@ -46479,8 +45317,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46515,8 +45352,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46526,8 +45362,7 @@ components: parameters: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId + - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' required: - parameters Security_Endpoint_Management_API_Timeout: @@ -46548,8 +45383,7 @@ components: minLength: 1 type: array Security_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -46563,8 +45397,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -46636,10 +45469,8 @@ components: type: string Security_Entity_Analytics_API_AssetCriticalityRecord: allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts' - type: object properties: '@timestamp': @@ -46656,8 +45487,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - asset host: @@ -46667,8 +45497,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality name: @@ -46682,8 +45511,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality name: @@ -46728,13 +45556,11 @@ components: - errors Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' - type: object properties: criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality_level Security_Entity_Analytics_API_EngineDataviewUpdateResult: @@ -46808,23 +45634,17 @@ components: format: double type: number calculated_score_norm: - description: >- - The normalized numeric value of the given entity's risk score. - Useful for comparing with other entities. + description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities. format: double maximum: 100 minimum: 0 type: number category_1_count: - description: >- - The number of risk input documents that contributed to the Category - 1 score (`category_1_score`). + description: The number of risk input documents that contributed to the Category 1 score (`category_1_score`). format: integer type: number category_1_score: - description: >- - The contribution of Category 1 to the overall risk score - (`calculated_score`). Category 1 contains Detection Engine Alerts. + description: The contribution of Category 1 to the overall risk score (`calculated_score`). Category 1 contains Detection Engine Alerts. format: double type: number category_2_count: @@ -46834,27 +45654,20 @@ components: format: double type: number criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' criticality_modifier: format: double type: number id_field: - description: >- - The identifier field defining this risk score. Coupled with - `id_value`, uniquely identifies the entity being scored. + description: The identifier field defining this risk score. Coupled with `id_value`, uniquely identifies the entity being scored. example: host.name type: string id_value: - description: >- - The identifier value defining this risk score. Coupled with - `id_field`, uniquely identifies the entity being scored. + description: The identifier value defining this risk score. Coupled with `id_field`, uniquely identifies the entity being scored. example: example.host type: string inputs: - description: >- - A list of the highest-risk documents contributing to this risk - score. Useful for investigative purposes. + description: A list of the highest-risk documents contributing to this risk score. Useful for investigative purposes. items: $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput' type: array @@ -46888,8 +45701,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality entity: @@ -46932,8 +45744,7 @@ components: name: type: string risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' type: items: type: string @@ -47040,8 +45851,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality entity: @@ -47080,8 +45890,7 @@ components: name: type: string risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' roles: items: type: string @@ -47101,8 +45910,7 @@ components: - comment Security_Exceptions_API_CreateExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment' type: array Security_Exceptions_API_CreateRuleExceptionListItemComment: type: object @@ -47113,28 +45921,23 @@ components: - comment Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment' type: array Security_Exceptions_API_CreateRuleExceptionListItemProps: type: object properties: comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' meta: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: @@ -47143,8 +45946,7 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' @@ -47167,8 +45969,7 @@ components: created_by: type: string description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' immutable: @@ -47182,8 +45983,7 @@ components: namespace_type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: @@ -47224,27 +46024,23 @@ components: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: format: date-time type: string created_by: type: string description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: @@ -47254,8 +46050,7 @@ components: namespace_type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: @@ -47312,18 +46107,12 @@ components: type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard' discriminator: propertyName: type Security_Exceptions_API_ExceptionListItemEntryArray: @@ -47336,8 +46125,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - exists @@ -47362,8 +46150,7 @@ components: - id - type operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - list @@ -47379,8 +46166,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match @@ -47398,8 +46184,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match_any @@ -47420,8 +46205,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - wildcard @@ -47438,8 +46222,7 @@ components: properties: entries: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem' minItems: 1 type: array field: @@ -47454,12 +46237,9 @@ components: - entries Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists' Security_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded @@ -47517,16 +46297,14 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' required: - error Security_Exceptions_API_ExceptionListsImportBulkErrorArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: items: @@ -47546,15 +46324,11 @@ components: minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - + description: | + Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where: - - `single`: Only available in the Kibana space in which it is created. - - `agnostic`: Available in all Kibana spaces. enum: - agnostic @@ -47633,8 +46407,7 @@ components: - comment Security_Exceptions_API_UpdateExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment' type: array Security_Exceptions_API_UUID: description: A universally unique identifier @@ -48326,9 +47099,7 @@ components: $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' nullable: true Security_Timeline_API_DataProviderType: - description: >- - The type of data provider to create. Valid values are `default` and - `template`. + description: The type of data provider to create. Valid values are `default` and `template`. enum: - default - template @@ -48522,8 +47293,7 @@ components: oneOf: - allOf: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - $ref: >- - #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody' - nullable: true type: object Security_Timeline_API_PersistTimelineResponse: @@ -48591,15 +47361,13 @@ components: type: object properties: alias_purpose: - $ref: >- - #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose' alias_target_id: type: string outcome: $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome' timeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' required: - timeline - outcome @@ -48744,8 +47512,7 @@ components: nullable: true type: string kqlQuery: - $ref: >- - #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult + $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult' nullable: true savedQueryId: nullable: true @@ -48842,8 +47609,7 @@ components: Security_Timeline_API_TimelineResponse: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - $ref: >- - #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId' - type: object properties: eventIdToNoteIds: @@ -48909,18 +47675,14 @@ components: - savedObjectId - version Security_Timeline_API_TimelineStatus: - description: >- - The status of the timeline. Valid values are `active`, `draft`, and - `immutable`. + description: The status of the timeline. Valid values are `active`, `draft`, and `immutable`. enum: - active - draft - immutable type: string Security_Timeline_API_TimelineType: - description: >- - The type of timeline to create. Valid values are `default` and - `template`. + description: The type of timeline to create. Valid values are `default` and `template`. enum: - default - template @@ -49037,9 +47799,8 @@ components: title: Budgeting method type: string SLOs_create_slo_request: - description: > - The create SLO API request body varies depending on the type of - indicator, time window and budgeting method. + description: | + The create SLO API request body varies depending on the type of indicator, time window and budgeting method. properties: budgetingMethod: $ref: '#/components/schemas/SLOs_budgeting_method' @@ -49049,9 +47810,7 @@ components: groupBy: $ref: '#/components/schemas/SLOs_group_by' id: - description: >- - A optional and unique identifier for the SLO. Must be between 8 and - 36 chars + description: A optional and unique identifier for the SLO. Must be between 8 and 36 chars example: my-super-slo-id type: string indicator: @@ -49095,10 +47854,8 @@ components: required: - id SLOs_delete_slo_instances_request: - description: > - The delete SLO instances request takes a list of SLO id and instance id, - then delete the rollup and summary data. This API can be used to remove - the staled data of an instance SLO that no longer get updated. + description: | + The delete SLO instances request takes a list of SLO id and instance id, then delete the rollup and summary data. This API can be used to remove the staled data of an instance SLO that no longer get updated. properties: list: description: An array of slo id and instance id @@ -49134,9 +47891,7 @@ components: example: 0.02 type: number isEstimated: - description: >- - Only for SLO defined with occurrences budgeting method and calendar - aligned time window. + description: Only for SLO defined with occurrences budgeting method and calendar aligned time window. example: true type: boolean remaining: @@ -49207,9 +47962,7 @@ components: title: Find SLO response type: object SLOs_group_by: - description: >- - optional group by field or fields to use to generate an SLO per distinct - value + description: optional group by field or fields to use to generate an SLO per distinct value example: - - service.name - service.name @@ -49330,11 +48083,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -49375,11 +48124,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -49396,16 +48141,12 @@ components: example: A type: string metrics: - description: >- - List of metrics with their name, aggregation type, and - field. + description: List of metrics with their name, aggregation type, and field. items: type: object properties: aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" + description: The aggregation type of the metric. Only valid option is "sum" enum: - sum example: sum @@ -49450,16 +48191,12 @@ components: example: A type: string metrics: - description: >- - List of metrics with their name, aggregation type, and - field. + description: List of metrics with their name, aggregation type, and field. items: type: object properties: aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" + description: The aggregation type of the metric. Only valid option is "sum" enum: - sum example: sum @@ -49508,11 +48245,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -49540,15 +48273,11 @@ components: example: 'processor.outcome: "success"' type: string from: - description: >- - The starting value of the range. Only required for "range" - aggregations. + description: The starting value of the range. Only required for "range" aggregations. example: 0 type: number to: - description: >- - The ending value of the range. Only required for "range" - aggregations. + description: The ending value of the range. Only required for "range" aggregations. example: 100 type: number required: @@ -49584,15 +48313,11 @@ components: example: 'processor.outcome : *' type: string from: - description: >- - The starting value of the range. Only required for "range" - aggregations. + description: The starting value of the range. Only required for "range" aggregations. example: 0 type: number to: - description: >- - The ending value of the range. Only required for "range" - aggregations. + description: The ending value of the range. Only required for "range" aggregations. example: 100 type: number required: @@ -49621,11 +48346,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -49637,15 +48358,12 @@ components: example: my-service-* type: string metric: - description: > - An object defining the metrics, equation, and threshold to - determine if it's a good slice or not + description: | + An object defining the metrics, equation, and threshold to determine if it's a good slice or not type: object properties: comparator: - description: >- - The comparator to use to compare the equation to the - threshold. + description: The comparator to use to compare the equation to the threshold. enum: - GT - GTE @@ -49658,22 +48376,15 @@ components: example: A type: string metrics: - description: >- - List of metrics with their name, aggregation type, and - field. + description: List of metrics with their name, aggregation type, and field. items: anyOf: - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_percentile_metric - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_doc_count_metric + - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' + - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' type: array threshold: - description: >- - The threshold used to determine if the metric is a good - slice or not. + description: The threshold used to determine if the metric is a good slice or not. example: 100 type: number required: @@ -49756,17 +48467,13 @@ components: minimum: 0 type: number timesliceTarget: - description: >- - the target objective for each slice when using a timeslices - budgeting method + description: the target objective for each slice when using a timeslices budgeting method example: 0.995 maximum: 100 minimum: 0 type: number timesliceWindow: - description: >- - the duration of each slice when using a timeslices budgeting method, - as {duraton}{unit} + description: the duration of each slice when using a timeslices budgeting method, as {duraton}{unit} example: 5m type: string required: @@ -49998,16 +48705,11 @@ components: type: object properties: duration: - description: >- - the duration formatted as {duration}{unit}. Accepted values for - rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w - (weekly) or 1M (monthly) + description: 'the duration formatted as {duration}{unit}. Accepted values for rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w (weekly) or 1M (monthly)' example: 30d type: string type: - description: >- - Indicates weither the time window is a rolling or a calendar aligned - time window. + description: Indicates weither the time window is a rolling or a calendar aligned time window. enum: - rolling - calendarAligned @@ -50076,9 +48778,7 @@ components: type: object properties: aggregation: - description: >- - The aggregation type of the metric. Only valid option is - "percentile" + description: The aggregation type of the metric. Only valid option is "percentile" enum: - percentile example: percentile @@ -50107,9 +48807,8 @@ components: - percentile title: Timeslice Metric Percentile Metric SLOs_update_slo_request: - description: > - The update SLO API request body varies depending on the type of - indicator, time window and budgeting method. Partial update is handled. + description: | + The update SLO API request body varies depending on the type of indicator, time window and budgeting method. Partial update is handled. properties: budgetingMethod: $ref: '#/components/schemas/SLOs_budgeting_method' @@ -50142,117 +48841,2846 @@ components: $ref: '#/components/schemas/SLOs_time_window' title: Update SLO request type: object - securitySchemes: - apiKeyAuth: - description: >- - You must create an API key and use the encoded value in the request - header. To learn about creating keys, go to [API - keys](https://www.elastic.co/docs/current/serverless/api-keys). - in: header - name: Authorization - type: apiKey -security: - - apiKeyAuth: [] -tags: - - name: alerting - - description: | - Adjust APM agent configuration without need to redeploy your application. - name: APM agent configuration - - description: > - Configure APM agent keys to authorize requests from APM agents to the APM - Server. - name: APM agent keys - - description: > - Annotate visualizations in the APM app with significant events. - Annotations enable you to easily see how events are impacting the - performance of your applications. - name: APM annotations - - description: Create APM fleet server schema. - name: APM server schema - - description: Configure APM source maps. - name: APM sourcemaps - - name: connectors - - name: Data streams - - description: >- - Data view APIs enable you to manage data views, formerly known as Kibana - index patterns. - name: data views - - name: Elastic Agent actions - - name: Elastic Agent binary download sources - - name: Elastic Agent policies - - name: Elastic Agent status - - name: Elastic Agents - - name: Elastic Package Manager (EPM) - - name: Fleet enrollment API keys - - name: Fleet internals - - name: Fleet outputs - - name: Fleet package policies - - name: Fleet proxies - - name: Fleet Server hosts - - name: Fleet service tokens - - name: Fleet uninstall tokens - - name: Message Signing Service - - description: Machine learning - name: ml - - name: roles - - description: > - Export sets of saved objects that you want to import into Kibana, resolve - import errors, and rotate an encryption key for encrypted saved objects - with the saved objects APIs. - - - To manage a specific type of saved object, use the corresponding APIs. - - For example, use: - - - [Data views](../group/endpoint-data-views) - - - Warning: Do not write documents directly to the `.kibana` index. When you - write directly to the `.kibana` index, the data becomes corrupted and - permanently breaks future Kibana versions. - name: saved objects - x-displayName: Saved objects - - description: Manage and interact with Security Assistant resources. - name: Security AI Assistant API - x-displayName: Security AI assistant - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. - name: Security Detections API - x-displayName: Security detections - - description: >- - Endpoint Exceptions API allows you to manage detection rule endpoint - exceptions to prevent a rule from generating an alert from incoming events - even when the rule's other criteria are met. - name: Security Endpoint Exceptions API - x-displayName: Security endpoint exceptions - - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Endpoint Management API - x-displayName: Security endpoint management - - description: '' - name: Security Entity Analytics API - x-displayName: Security entity analytics - - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. - name: Security Exceptions API - x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. - name: Security Lists API - x-displayName: Security lists - - description: Run live queries, manage packs and saved queries. - name: Security Osquery API - x-displayName: Security Osquery - - description: >- - You can create Timelines and Timeline templates via the API, as well as - import new Timelines from an ndjson file. - name: Security Timeline API - x-displayName: Security timeline - - description: SLO APIs enable you to define, manage and track service-level objectives - name: slo - - name: spaces - - name: system + bedrock_config: + title: Connector request properties for an Amazon Bedrock connector + description: Defines properties for connectors when type is `.bedrock`. + type: object + required: + - apiUrl + properties: + apiUrl: + type: string + description: The Amazon Bedrock request URL. + defaultModel: + type: string + description: | + The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. + default: anthropic.claude-3-5-sonnet-20240620-v1:0 + crowdstrike_config: + title: Connector request config properties for a Crowdstrike connector + required: + - url + description: Defines config properties for connectors when type is `.crowdstrike`. + type: object + properties: + url: + description: | + The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + type: string + d3security_config: + title: Connector request properties for a D3 Security connector + description: Defines properties for connectors when type is `.d3security`. + type: object + required: + - url + properties: + url: + type: string + description: | + The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + email_config: + title: Connector request properties for an email connector + description: Defines properties for connectors when type is `.email`. + required: + - from + type: object + properties: + clientId: + description: | + The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + type: string + nullable: true + from: + description: | + The from address for all emails sent by the connector. It must be specified in `user@host-name` format. + type: string + hasAuth: + description: | + Specifies whether a user and password are required inside the secrets configuration. + default: true + type: boolean + host: + description: | + The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + type: string + oauthTokenUrl: + type: string + nullable: true + port: + description: | + The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: | + Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. + type: boolean + service: + description: | + The name of the email service. + type: string + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses + tenantId: + description: | + The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + type: string + nullable: true + gemini_config: + title: Connector request properties for an Google Gemini connector + description: Defines properties for connectors when type is `.gemini`. + type: object + required: + - apiUrl + - gcpRegion + - gcpProjectID + properties: + apiUrl: + type: string + description: The Google Gemini request URL. + defaultModel: + type: string + description: The generative artificial intelligence model for Google Gemini to use. + default: gemini-1.5-pro-002 + gcpRegion: + type: string + description: The GCP region where the Vertex AI endpoint enabled. + gcpProjectID: + type: string + description: The Google ProjectID that has Vertex AI endpoint enabled. + resilient_config: + title: Connector request properties for a IBM Resilient connector + required: + - apiUrl + - orgId + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + apiUrl: + description: The IBM Resilient instance URL. + type: string + orgId: + description: The IBM Resilient organization ID. + type: string + index_config: + title: Connector request properties for an index connector + required: + - index + description: Defines properties for connectors when type is `.index`. + type: object + properties: + executionTimeField: + description: A field that indicates when the document was indexed. + default: null + type: string + nullable: true + index: + description: The Elasticsearch index to be written to. + type: string + refresh: + description: | + The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs. + default: false + type: boolean + jira_config: + title: Connector request properties for a Jira connector + required: + - apiUrl + - projectKey + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + apiUrl: + description: The Jira instance URL. + type: string + projectKey: + description: The Jira project key. + type: string + genai_azure_config: + title: Connector request properties for an OpenAI connector that uses Azure OpenAI + description: | + Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`. + type: object + required: + - apiProvider + - apiUrl + properties: + apiProvider: + type: string + description: The OpenAI API provider. + enum: + - Azure OpenAI + apiUrl: + type: string + description: The OpenAI API endpoint. + genai_openai_config: + title: Connector request properties for an OpenAI connector + description: | + Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`. + type: object + required: + - apiProvider + - apiUrl + properties: + apiProvider: + type: string + description: The OpenAI API provider. + enum: + - OpenAI + apiUrl: + type: string + description: The OpenAI API endpoint. + defaultModel: + type: string + description: The default model to use for requests. + opsgenie_config: + title: Connector request properties for an Opsgenie connector + required: + - apiUrl + description: Defines properties for connectors when type is `.opsgenie`. + type: object + properties: + apiUrl: + description: | + The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + type: string + pagerduty_config: + title: Connector request properties for a PagerDuty connector + description: Defines properties for connectors when type is `.pagerduty`. + type: object + properties: + apiUrl: + description: The PagerDuty event URL. + type: string + nullable: true + example: https://events.pagerduty.com/v2/enqueue + sentinelone_config: + title: Connector request properties for a SentinelOne connector + required: + - url + description: Defines properties for connectors when type is `.sentinelone`. + type: object + properties: + url: + description: | + The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + type: string + servicenow_config: + title: Connector request properties for a ServiceNow ITSM connector + required: + - apiUrl + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + apiUrl: + type: string + description: The ServiceNow instance URL. + clientId: + description: | + The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + type: string + isOAuth: + description: | + The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). + default: false + type: boolean + jwtKeyId: + description: | + The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: | + The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + type: string + usesTableApi: + description: | + Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow. + default: true + type: boolean + servicenow_itom_config: + title: Connector request properties for a ServiceNow ITOM connector + required: + - apiUrl + description: Defines properties for connectors when type is `.servicenow-itom`. + type: object + properties: + apiUrl: + type: string + description: The ServiceNow instance URL. + clientId: + description: | + The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + type: string + isOAuth: + description: | + The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). + default: false + type: boolean + jwtKeyId: + description: | + The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: | + The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + type: string + slack_api_config: + title: Connector request properties for a Slack connector + description: Defines properties for connectors when type is `.slack_api`. + type: object + properties: + allowedChannels: + type: array + description: A list of valid Slack channels. + items: + type: object + required: + - id + - name + maxItems: 25 + properties: + id: + type: string + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 + name: + type: string + description: The Slack channel name. + minLength: 1 + swimlane_config: + title: Connector request properties for a Swimlane connector + required: + - apiUrl + - appId + - connectorType + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + apiUrl: + description: The Swimlane instance URL. + type: string + appId: + description: The Swimlane application ID. + type: string + connectorType: + description: The type of connector. Valid values are `all`, `alerts`, and `cases`. + type: string + enum: + - all + - alerts + - cases + mappings: + title: Connector mappings properties for a Swimlane connector + description: The field mapping. + type: object + properties: + alertIdConfig: + title: Alert identifier mapping + description: Mapping for the alert ID. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + caseIdConfig: + title: Case identifier mapping + description: Mapping for the case ID. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + caseNameConfig: + title: Case name mapping + description: Mapping for the case name. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + commentsConfig: + title: Case comment mapping + description: Mapping for the case comments. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + descriptionConfig: + title: Case description mapping + description: Mapping for the case description. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + ruleNameConfig: + title: Rule name mapping + description: Mapping for the name of the alert's rule. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + severityConfig: + title: Severity mapping + description: Mapping for the severity. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + thehive_config: + title: Connector request properties for a TheHive connector + description: Defines configuration properties for connectors when type is `.thehive`. + type: object + required: + - url + properties: + organisation: + type: string + description: | + The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key. + url: + type: string + description: | + The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + tines_config: + title: Connector request properties for a Tines connector + description: Defines properties for connectors when type is `.tines`. + type: object + required: + - url + properties: + url: + description: | + The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. + type: string + torq_config: + title: Connector request properties for a Torq connector + description: Defines properties for connectors when type is `.torq`. + type: object + required: + - webhookIntegrationUrl + properties: + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. + type: string + auth_type: + title: Authentication type + type: string + nullable: true + enum: + - webhook-authentication-basic + - webhook-authentication-ssl + description: | + The type of authentication to use: basic, SSL, or none. + ca: + title: Certificate authority + type: string + description: | + A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types. + cert_type: + title: Certificate type + type: string + description: | + If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx + has_auth: + title: Has authentication + type: boolean + description: If true, a username and password for login type authentication must be provided. + default: true + verification_mode: + title: Verification mode + type: string + enum: + - certificate + - full + - none + default: full + description: | + Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation. + webhook_config: + title: Connector request properties for a Webhook connector + description: Defines properties for connectors when type is `.webhook`. + type: object + properties: + authType: + $ref: '#/components/schemas/auth_type' + ca: + $ref: '#/components/schemas/ca' + certType: + $ref: '#/components/schemas/cert_type' + hasAuth: + $ref: '#/components/schemas/has_auth' + headers: + type: object + nullable: true + description: A set of key-value pairs sent as headers with the request. + method: + type: string + default: post + enum: + - post + - put + description: | + The HTTP request method, either `post` or `put`. + url: + type: string + description: | + The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + verificationMode: + $ref: '#/components/schemas/verification_mode' + cases_webhook_config: + title: Connector request properties for Webhook - Case Management connector + required: + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + authType: + $ref: '#/components/schemas/auth_type' + ca: + $ref: '#/components/schemas/ca' + certType: + $ref: '#/components/schemas/cert_type' + createCommentJson: + type: string + description: | + A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. + example: '{"body": {{{case.comment}}}}' + createCommentMethod: + type: string + description: | + The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`. + default: put + enum: + - patch + - post + - put + createCommentUrl: + type: string + description: | + The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts. + example: https://example.com/issue/{{{external.system.id}}}/comment + createIncidentJson: + type: string + description: | + A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. + example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' + createIncidentMethod: + type: string + description: | + The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + default: post + createIncidentResponseKey: + type: string + description: The JSON key in the create external case response that contains the case ID. + createIncidentUrl: + type: string + description: | + The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + getIncidentResponseExternalTitleKey: + type: string + description: The JSON key in get external case response that contains the case title. + getIncidentUrl: + type: string + description: | + The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. + example: https://example.com/issue/{{{external.system.id}}} + hasAuth: + $ref: '#/components/schemas/has_auth' + headers: + type: string + description: | + A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods. + updateIncidentJson: + type: string + description: | + The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. + example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' + updateIncidentMethod: + type: string + description: | + The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`. + default: put + enum: + - patch + - post + - put + updateIncidentUrl: + type: string + description: | + The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + example: https://example.com/issue/{{{external.system.ID}}} + verificationMode: + $ref: '#/components/schemas/verification_mode' + viewIncidentUrl: + type: string + description: | + The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL. + example: https://testing-jira.atlassian.net/browse/{{{external.system.title}}} + xmatters_config: + title: Connector request properties for an xMatters connector + description: Defines properties for connectors when type is `.xmatters`. + type: object + properties: + configUrl: + description: | + The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`. + type: string + nullable: true + usesBasic: + description: Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`). + type: boolean + default: true + bedrock_secrets: + title: Connector secrets properties for an Amazon Bedrock connector + description: Defines secrets for connectors when type is `.bedrock`. + type: object + required: + - accessKey + - secret + properties: + accessKey: + type: string + description: The AWS access key for authentication. + secret: + type: string + description: The AWS secret for authentication. + crowdstrike_secrets: + title: Connector secrets properties for a Crowdstrike connector + description: Defines secrets for connectors when type is `.crowdstrike`. + type: object + required: + - clientId + - clientSecret + properties: + clientId: + description: The CrowdStrike API client identifier. + type: string + clientSecret: + description: The CrowdStrike API client secret to authenticate the `clientId`. + type: string + d3security_secrets: + title: Connector secrets properties for a D3 Security connector + description: Defines secrets for connectors when type is `.d3security`. + required: + - token + type: object + properties: + token: + type: string + description: The D3 Security token. + email_secrets: + title: Connector secrets properties for an email connector + description: Defines secrets for connectors when type is `.email`. + type: object + properties: + clientSecret: + type: string + description: | + The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required. + password: + type: string + description: | + The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. + user: + type: string + description: | + The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. + gemini_secrets: + title: Connector secrets properties for a Google Gemini connector + description: Defines secrets for connectors when type is `.gemini`. + type: object + required: + - credentialsJson + properties: + credentialsJson: + type: string + description: The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it. + resilient_secrets: + title: Connector secrets properties for IBM Resilient connector + required: + - apiKeyId + - apiKeySecret + description: Defines secrets for connectors when type is `.resilient`. + type: object + properties: + apiKeyId: + type: string + description: The authentication key ID for HTTP Basic authentication. + apiKeySecret: + type: string + description: The authentication key secret for HTTP Basic authentication. + jira_secrets: + title: Connector secrets properties for a Jira connector + required: + - apiToken + - email + description: Defines secrets for connectors when type is `.jira`. + type: object + properties: + apiToken: + description: The Jira API authentication token for HTTP basic authentication. + type: string + email: + description: The account email for HTTP Basic authentication. + type: string + teams_secrets: + title: Connector secrets properties for a Microsoft Teams connector + description: Defines secrets for connectors when type is `.teams`. + type: object + required: + - webhookUrl + properties: + webhookUrl: + type: string + description: | + The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + genai_secrets: + title: Connector secrets properties for an OpenAI connector + description: Defines secrets for connectors when type is `.gen-ai`. + type: object + properties: + apiKey: + type: string + description: The OpenAI API key. + opsgenie_secrets: + title: Connector secrets properties for an Opsgenie connector + required: + - apiKey + description: Defines secrets for connectors when type is `.opsgenie`. + type: object + properties: + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. + type: string + pagerduty_secrets: + title: Connector secrets properties for a PagerDuty connector + description: Defines secrets for connectors when type is `.pagerduty`. + type: object + required: + - routingKey + properties: + routingKey: + description: | + A 32 character PagerDuty Integration Key for an integration on a service. + type: string + sentinelone_secrets: + title: Connector secrets properties for a SentinelOne connector + description: Defines secrets for connectors when type is `.sentinelone`. + type: object + required: + - token + properties: + token: + description: The A SentinelOne API token. + type: string + servicenow_secrets: + title: Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors + description: Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`. + type: object + properties: + clientSecret: + type: string + description: The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`. + password: + type: string + description: The password for HTTP basic authentication. This property is required when `isOAuth` is `false`. + privateKey: + type: string + description: The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`. + privateKeyPassword: + type: string + description: The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key. + username: + type: string + description: The username for HTTP basic authentication. This property is required when `isOAuth` is `false`. + slack_api_secrets: + title: Connector secrets properties for a Web API Slack connector + description: Defines secrets for connectors when type is `.slack`. + required: + - token + type: object + properties: + token: + type: string + description: Slack bot user OAuth token. + swimlane_secrets: + title: Connector secrets properties for a Swimlane connector + description: Defines secrets for connectors when type is `.swimlane`. + type: object + properties: + apiToken: + description: Swimlane API authentication token. + type: string + thehive_secrets: + title: Connector secrets properties for a TheHive connector + description: Defines secrets for connectors when type is `.thehive`. + required: + - apiKey + type: object + properties: + apiKey: + type: string + description: The API key for authentication in TheHive. + tines_secrets: + title: Connector secrets properties for a Tines connector + description: Defines secrets for connectors when type is `.tines`. + type: object + required: + - email + - token + properties: + email: + description: The email used to sign in to Tines. + type: string + token: + description: The Tines API token. + type: string + torq_secrets: + title: Connector secrets properties for a Torq connector + description: Defines secrets for connectors when type is `.torq`. + type: object + required: + - token + properties: + token: + description: The secret of the webhook authentication header. + type: string + crt: + title: Certificate + type: string + description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file. + key: + title: Certificate key + type: string + description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file. + pfx: + title: Personal information exchange + type: string + description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + webhook_secrets: + title: Connector secrets properties for a Webhook connector + description: Defines secrets for connectors when type is `.webhook`. + type: object + properties: + crt: + $ref: '#/components/schemas/crt' + key: + $ref: '#/components/schemas/key' + pfx: + $ref: '#/components/schemas/pfx' + password: + type: string + description: | + The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. + user: + type: string + description: | + The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. + cases_webhook_secrets: + title: Connector secrets properties for Webhook - Case Management connector + type: object + properties: + crt: + $ref: '#/components/schemas/crt' + key: + $ref: '#/components/schemas/key' + pfx: + $ref: '#/components/schemas/pfx' + password: + type: string + description: | + The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required. + user: + type: string + description: | + The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. + xmatters_secrets: + title: Connector secrets properties for an xMatters connector + description: Defines secrets for connectors when type is `.xmatters`. + type: object + properties: + password: + description: | + A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. + type: string + secretsUrl: + description: | + The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`. + type: string + user: + description: | + A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. + type: string + run_acknowledge_resolve_pagerduty: + title: PagerDuty connector parameters + description: Test an action that acknowledges or resolves a PagerDuty alert. + type: object + required: + - dedupKey + - eventAction + properties: + dedupKey: + description: The deduplication key for the PagerDuty alert. + type: string + maxLength: 255 + eventAction: + description: The type of event. + type: string + enum: + - acknowledge + - resolve + run_documents: + title: Index connector parameters + description: Test an action that indexes a document into Elasticsearch. + type: object + required: + - documents + properties: + documents: + type: array + description: The documents in JSON format for index connectors. + items: + type: object + additionalProperties: true + run_message_email: + title: Email connector parameters + description: | + Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`. + type: object + required: + - message + - subject + - anyOf: + - to + - cc + - bcc + properties: + bcc: + type: array + items: + type: string + description: | + A list of "blind carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + cc: + type: array + items: + type: string + description: | + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + message: + type: string + description: The email message text. Markdown format is supported. + subject: + type: string + description: The subject line of the email. + to: + type: array + description: | + A list of email addresses. Addresses can be specified in `user@host-name` format or in name `` format. + items: + type: string + run_message_serverlog: + title: Server log connector parameters + description: Test an action that writes an entry to the Kibana server log. + type: object + required: + - message + properties: + level: + type: string + description: The log level of the message for server log connectors. + enum: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: + type: string + description: The message for server log connectors. + run_message_slack: + title: Slack connector parameters + description: | + Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`. + type: object + required: + - message + properties: + message: + type: string + description: The Slack message text, which cannot contain Markdown, images, or other advanced formatting. + run_trigger_pagerduty: + title: PagerDuty connector parameters + description: Test an action that triggers a PagerDuty alert. + type: object + required: + - eventAction + properties: + class: + description: The class or type of the event. + type: string + example: cpu load + component: + description: The component of the source machine that is responsible for the event. + type: string + example: eth0 + customDetails: + description: Additional details to add to the event. + type: object + dedupKey: + description: | + All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. + type: string + maxLength: 255 + eventAction: + description: The type of event. + type: string + enum: + - trigger + group: + description: The logical grouping of components of a service. + type: string + example: app-stack + links: + description: A list of links to add to the event. + type: array + items: + type: object + properties: + href: + description: The URL for the link. + type: string + text: + description: A plain text description of the purpose of the link. + type: string + severity: + description: The severity of the event on the affected system. + type: string + enum: + - critical + - error + - info + - warning + default: info + source: + description: | + The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action. + type: string + summary: + description: A summery of the event. + type: string + maxLength: 1024 + timestamp: + description: An ISO-8601 timestamp that indicates when the event was detected or generated. + type: string + format: date-time + run_addevent: + title: The addEvent subaction + type: object + required: + - subAction + description: The `addEvent` subaction for ServiceNow ITOM connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + run_closealert: + title: The closeAlert subaction + type: object + required: + - subAction + - subActionParams + description: The `closeAlert` subaction for Opsgenie connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + run_closeincident: + title: The closeIncident subaction + type: object + required: + - subAction + - subActionParams + description: The `closeIncident` subaction for ServiceNow ITSM connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - closeIncident + subActionParams: + type: object + required: + - incident + properties: + incident: + type: object + anyOf: + - required: + - correlation_id + - required: + - externalId + properties: + correlation_id: + type: string + nullable: true + description: | + An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID. + maxLength: 100 + default: '{{rule.id}}:{{alert.id}}' + externalId: + type: string + nullable: true + description: The unique identifier (`incidentId`) for the incident in ServiceNow. + run_createalert: + title: The createAlert subaction + type: object + required: + - subAction + - subActionParams + description: The `createAlert` subaction for Opsgenie and TheHive connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - createAlert + subActionParams: + type: object + properties: + actions: + type: array + description: The custom actions available to the alert in Opsgenie connectors. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: A description that provides detailed information about the alert. + details: + type: object + description: The custom properties of the alert in Opsgenie connectors. + additionalProperties: true + example: + key1: value1 + key2: value2 + entity: + type: string + description: The domain of the alert in Opsgenie connectors. For example, the application or server name. + message: + type: string + description: The alert message in Opsgenie connectors. + note: + type: string + description: Additional information for the alert in Opsgenie connectors. + priority: + type: string + description: The priority level for the alert in Opsgenie connectors. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: | + The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + severity: + type: integer + minimum: 1 + maximum: 4 + description: | + The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). + source: + type: string + description: The display name for the source of the alert in Opsgenie and TheHive connectors. + sourceRef: + type: string + description: A source reference for the alert in TheHive connectors. + tags: + type: array + description: The tags for the alert in Opsgenie and TheHive connectors. + items: + type: string + title: + type: string + description: | + A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base. + tlp: + type: integer + minimum: 0 + maximum: 4 + default: 2 + description: | + The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). + type: + type: string + description: The type of alert in TheHive connectors. + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: The user name. This property is required only when the `type` is `user`. + run_fieldsbyissuetype: + title: The fieldsByIssueType subaction + type: object + required: + - subAction + - subActionParams + description: The `fieldsByIssueType` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + run_getchoices: + title: The getChoices subaction + type: object + required: + - subAction + - subActionParams + description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + run_getfields: + title: The getFields subaction + type: object + required: + - subAction + description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + run_getincident: + title: The getIncident subaction + type: object + description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + required: + - externalId + properties: + externalId: + type: string + description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. + example: 71778 + run_issue: + title: The issue subaction + type: object + required: + - subAction + description: The `issue` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 + run_issues: + title: The issues subaction + type: object + required: + - subAction + - subActionParams + description: The `issues` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. + run_issuetypes: + title: The issueTypes subaction + type: object + required: + - subAction + description: The `issueTypes` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - issueTypes + run_postmessage: + title: The postMessage subaction + type: object + description: | + Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - postMessage + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + channelIds: + type: array + maxItems: 1 + description: | + The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration. + items: + type: string + channels: + type: array + deprecated: true + description: | + The name of a channel that your Slack app has access to. + maxItems: 1 + items: + type: string + text: + type: string + description: | + The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages. + minLength: 1 + run_pushtoservice: + title: The pushToService subaction + type: object + required: + - subAction + - subActionParams + description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident. + properties: + additional_fields: + type: string + nullable: true + maxLength: 20 + description: | + Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format. + alertId: + type: string + description: The alert identifier for Swimlane connectors. + caseId: + type: string + description: The case identifier for the incident for Swimlane connectors. + caseName: + type: string + description: The case name for the incident for Swimlane connectors. + category: + type: string + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_id: + type: string + description: | + The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. + dest_ip: + description: | + A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: | + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + id: + type: string + description: The external case identifier for Webhook - Case Management connectors. + impact: + type: string + description: The impact of the incident for ServiceNow ITSM connectors. + issueType: + type: integer + description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`. + labels: + type: array + items: + type: string + description: | + The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces. + malware_hash: + description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + otherFields: + type: object + additionalProperties: true + maxProperties: 20 + description: | + Custom field identifiers and their values for Jira connectors. + parent: + type: string + description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues. + priority: + type: string + description: The priority of the incident in Jira and ServiceNow SecOps connectors. + ruleName: + type: string + description: The rule name for Swimlane connectors. + severity: + type: integer + description: | + The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). + short_description: + type: string + description: | + A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base. + source_ip: + description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + status: + type: string + description: The status of the incident for Webhook - Case Management connectors. + subcategory: + type: string + description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + summary: + type: string + description: A summary of the incident for Jira connectors. + tags: + type: array + items: + type: string + description: A list of tags for TheHive and Webhook - Case Management connectors. + title: + type: string + description: | + A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base. + tlp: + type: integer + minimum: 0 + maximum: 4 + default: 2 + description: | + The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). + urgency: + type: string + description: The urgency of the incident for ServiceNow ITSM connectors. + run_validchannelid: + title: The validChannelId subaction + type: object + description: | + Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - validChannelId + subActionParams: + type: object + required: + - channelId + properties: + channelId: + type: string + description: The Slack channel identifier. + example: C123ABC456 + params_property_apm_anomaly: + required: + - windowSize + - windowUnit + - environment + - anomalySeverityType + properties: + serviceName: + type: string + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + windowSize: + type: number + example: 6 + description: The window size + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + anomalySeverityType: + type: string + description: The anomaly threshold value + enum: + - critical + - major + - minor + - warning + params_property_apm_error_count: + required: + - windowSize + - windowUnit + - threshold + - environment + properties: + serviceName: + type: string + description: The service name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + threshold: + type: number + description: The error count threshold value + groupBy: + type: array + default: + - service.name + - service.environment + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.name + - error.grouping_key + errorGroupingKey: + type: string + params_property_apm_transaction_duration: + required: + - windowSize + - windowUnit + - threshold + - environment + - aggregationType + properties: + serviceName: + type: string + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + transactionName: + type: string + description: The transaction name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: ç + enum: + - m + - h + - d + environment: + type: string + threshold: + type: number + description: The latency threshold value + groupBy: + type: array + default: + - service.name + - service.environment + - transaction.type + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.type + - transaction.name + aggregationType: + type: string + enum: + - avg + - 95th + - 99th + params_property_apm_transaction_error_rate: + required: + - windowSize + - windowUnit + - threshold + - environment + properties: + serviceName: + type: string + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + transactionName: + type: string + description: The transaction name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + threshold: + type: number + description: The error rate threshold value + groupBy: + type: array + default: + - service.name + - service.environment + - transaction.type + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.type + - transaction.name + aggfield: + description: | + The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`. + type: string + aggtype: + description: The type of aggregation to perform. + type: string + enum: + - avg + - count + - max + - min + - sum + default: count + excludehitsfrompreviousrun: + description: | + Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. + type: boolean + groupby: + description: | + Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked. + type: string + enum: + - all + - top + default: all + size: + description: | + The number of documents to pass to the configured actions when the threshold condition is met. + type: integer + termfield: + description: | + The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 4 + termsize: + description: | + This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. + type: integer + threshold: + description: | + The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values. + type: array + items: + type: integer + example: 4000 + thresholdcomparator: + description: The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between". + type: string + enum: + - '>' + - '>=' + - < + - <= + - between + - notBetween + example: '>' + timefield: + description: The field that is used to calculate the time window. + type: string + timewindowsize: + description: | + The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. + type: integer + example: 5 + timewindowunit: + description: | + The type of units for the time window: seconds, minutes, hours, or days. + type: string + enum: + - s + - m + - h + - d + example: m + params_es_query_dsl_rule: + title: Elasticsearch DSL query rule params + description: | + An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + type: object + required: + - esQuery + - index + - threshold + - thresholdComparator + - timeField + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + esQuery: + description: The query definition, which uses Elasticsearch Query DSL. + type: string + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/groupby' + index: + description: The indices to query. + oneOf: + - type: array + items: + type: string + - type: string + searchType: + description: The type of query, in this case a query that uses Elasticsearch Query DSL. + type: string + enum: + - esQuery + default: esQuery + example: esQuery + size: + $ref: '#/components/schemas/size' + termField: + $ref: '#/components/schemas/termfield' + termSize: + $ref: '#/components/schemas/termsize' + threshold: + $ref: '#/components/schemas/threshold' + thresholdComparator: + $ref: '#/components/schemas/thresholdcomparator' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + params_es_query_esql_rule: + title: Elasticsearch ES|QL query rule params + description: | + An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + type: object + required: + - esqlQuery + - searchType + - size + - threshold + - thresholdComparator + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + esqlQuery: + type: object + required: + - esql + properties: + esql: + description: The query definition, which uses Elasticsearch Query Language. + type: string + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/groupby' + searchType: + description: The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL). + type: string + enum: + - esqlQuery + example: esqlQuery + size: + type: integer + description: | + When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior. + example: 0 + termSize: + $ref: '#/components/schemas/termsize' + threshold: + type: array + items: + type: integer + minimum: 0 + maximum: 0 + description: | + The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero. + thresholdComparator: + type: string + description: | + The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to ">". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results. + enum: + - '>' + example: '>' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + filter: + type: object + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + properties: + meta: + type: object + properties: + alias: + type: string + nullable: true + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: + type: object + type: + type: string + value: + type: string + query: + type: object + $state: + type: object + params_es_query_kql_rule: + title: Elasticsearch KQL query rule params + description: | + An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + type: object + required: + - searchType + - size + - threshold + - thresholdComparator + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/groupby' + searchConfiguration: + description: The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch. + type: object + properties: + filter: + type: array + items: + $ref: '#/components/schemas/filter' + index: + description: The indices to query. + oneOf: + - type: string + - type: array + items: + type: string + query: + type: object + properties: + language: + type: string + example: kuery + query: + type: string + searchType: + description: The type of query, in this case a text-based query that uses KQL or Lucene. + type: string + enum: + - searchSource + example: searchSource + size: + $ref: '#/components/schemas/size' + termField: + $ref: '#/components/schemas/termfield' + termSize: + $ref: '#/components/schemas/termsize' + threshold: + $ref: '#/components/schemas/threshold' + thresholdComparator: + $ref: '#/components/schemas/thresholdcomparator' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + params_index_threshold_rule: + title: Index threshold rule params + description: An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`. + type: object + required: + - index + - threshold + - thresholdComparator + - timeField + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + filterKuery: + description: A KQL expression thats limits the scope of alerts. + type: string + groupBy: + $ref: '#/components/schemas/groupby' + index: + description: The indices to query. + type: array + items: + type: string + termField: + $ref: '#/components/schemas/termfield' + termSize: + $ref: '#/components/schemas/termsize' + threshold: + $ref: '#/components/schemas/threshold' + thresholdComparator: + $ref: '#/components/schemas/thresholdcomparator' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + params_property_infra_inventory: + properties: + criteria: + type: array + items: + type: object + properties: + metric: + type: string + enum: + - count + - cpu + - diskLatency + - load + - memory + - memoryTotal + - tx + - rx + - logRate + - diskIOReadBytes + - diskIOWriteBytes + - s3TotalRequests + - s3NumberOfObjects + - s3BucketSize + - s3DownloadBytes + - s3UploadBytes + - rdsConnections + - rdsQueriesExecuted + - rdsActiveTransactions + - rdsLatency + - sqsMessagesVisible + - sqsMessagesDelayed + - sqsMessagesSent + - sqsMessagesEmpty + - sqsOldestMessage + - custom + timeSize: + type: number + timeUnit: + type: string + enum: + - s + - m + - h + - d + sourceId: + type: string + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + customMetric: + type: object + properties: + type: + type: string + enum: + - custom + field: + type: string + aggregation: + type: string + enum: + - avg + - max + - min + - rate + id: + type: string + label: + type: string + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + filterQuery: + type: string + filterQueryText: + type: string + nodeType: + type: string + enum: + - host + - pod + - container + - awsEC2 + - awsS3 + - awsSQS + - awsRDS + sourceId: + type: string + alertOnNoData: + type: boolean + params_property_log_threshold: + oneOf: + - title: Count + type: object + required: + - count + - timeSize + - timeUnit + - logView + properties: + criteria: + type: array + items: + type: object + properties: + field: + type: string + example: my.field + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + oneOf: + - type: number + example: 42 + - type: string + example: value + count: + type: object + properties: + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + type: number + example: 100 + timeSize: + type: number + example: 6 + timeUnit: + type: string + enum: + - s + - m + - h + - d + logView: + type: object + properties: + logViewId: + type: string + type: + type: string + enum: + - log-view-reference + example: log-view-reference + groupBy: + type: array + items: + type: string + - title: Ratio + type: object + required: + - count + - timeSize + - timeUnit + - logView + properties: + criteria: + type: array + items: + minItems: 2 + maxItems: 2 + type: array + items: + type: object + properties: + field: + type: string + example: my.field + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + oneOf: + - type: number + example: 42 + - type: string + example: value + count: + type: object + properties: + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + type: number + example: 100 + timeSize: + type: number + example: 6 + timeUnit: + type: string + enum: + - s + - m + - h + - d + logView: + type: object + properties: + logViewId: + type: string + type: + type: string + enum: + - log-view-reference + example: log-view-reference + groupBy: + type: array + items: + type: string + params_property_infra_metric_threshold: + properties: + criteria: + type: array + items: + oneOf: + - title: non count criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + metric: + type: string + aggType: + type: string + enum: + - avg + - max + - min + - cardinality + - rate + - count + - sum + - p95 + - p99 + - custom + - title: count criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + aggType: + type: string + enum: + - count + - title: custom criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + aggType: + type: string + enum: + - custom + customMetric: + type: array + items: + oneOf: + - type: object + properties: + name: + type: string + aggType: + type: string + enum: + - avg + - sum + - max + - min + - cardinality + field: + type: string + - type: object + properties: + name: + type: string + aggType: + type: string + enum: + - count + filter: + type: string + equation: + type: string + label: + type: string + groupBy: + oneOf: + - type: string + - type: array + items: + type: string + filterQuery: + type: string + sourceId: + type: string + alertOnNoData: + type: boolean + alertOnGroupDisappear: + type: boolean + params_property_slo_burn_rate: + properties: + sloId: + description: The SLO identifier used by the rule + type: string + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + burnRateThreshold: + description: The burn rate threshold used to trigger the alert + type: number + example: 14.4 + maxBurnRateThreshold: + description: The maximum burn rate threshold value defined by the SLO error budget + type: number + example: 168 + longWindow: + description: The duration of the long window used to compute the burn rate + type: object + properties: + value: + description: The duration value + type: number + example: 6 + unit: + description: The duration unit + type: string + example: h + shortWindow: + description: The duration of the short window used to compute the burn rate + type: object + properties: + value: + description: The duration value + type: number + example: 30 + unit: + description: The duration unit + type: string + example: m + params_property_synthetics_uptime_tls: + properties: + search: + type: string + certExpirationThreshold: + type: number + certAgeThreshold: + type: number + params_property_synthetics_monitor_status: + required: + - numTimes + - shouldCheckStatus + - shouldCheckAvailability + properties: + availability: + type: object + properties: + range: + type: number + rangeUnit: + type: string + threshold: + type: string + filters: + oneOf: + - type: string + - type: object + deprecated: true + properties: + monitor.type: + type: array + items: + type: string + observer.geo.name: + type: array + items: + type: string + tags: + type: array + items: + type: string + url.port: + type: array + items: + type: string + locations: + deprecated: true + type: array + items: + type: string + numTimes: + type: number + search: + type: string + shouldCheckStatus: + type: boolean + shouldCheckAvailability: + type: boolean + timerangeCount: + type: number + timerangeUnit: + type: string + timerange: + deprecated: true + type: object + properties: + from: + type: string + to: + type: string + version: + type: number + isAutoGenerated: + type: boolean + securitySchemes: + apiKeyAuth: + description: You must create an API key and use the encoded value in the request header. To learn about creating keys, go to [API keys](https://www.elastic.co/docs/current/serverless/api-keys). + in: header + name: Authorization + type: apiKey diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index db3282f2c7899..f84c98205effe 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -2,68 +2,38 @@ openapi: 3.0.3 info: contact: name: Kibana Team - description: > - The Kibana REST APIs enable you to manage resources such as connectors, data - views, and saved objects. - + description: | + The Kibana REST APIs enable you to manage resources such as connectors, data views, and saved objects. The API calls are stateless. - - Each request that you make happens in isolation from other calls and must - include all of the necessary information for Kibana to fulfill the - + Each request that you make happens in isolation from other calls and must include all of the necessary information for Kibana to fulfill the request. - - API requests return JSON output, which is a format that is machine-readable - and works well for automation. - + API requests return JSON output, which is a format that is machine-readable and works well for automation. To interact with Kibana APIs, use the following operations: - - GET: Fetches the information. - - PATCH: Applies partial modifications to the existing information. - - POST: Adds new information. - - PUT: Updates the existing information. - - DELETE: Removes the information. - - You can prepend any Kibana API endpoint with `kbn:` and run the request in - **Dev Tools → Console**. - + You can prepend any Kibana API endpoint with `kbn:` and run the request in **Dev Tools → Console**. For example: - ``` - GET kbn:/api/data_views - ``` + For more information about the console, refer to [Run API requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html). - For more information about the console, refer to [Run API - requests](https://www.elastic.co/guide/en/kibana/current/console-kibana.html). - - - NOTE: Access to internal Kibana API endpoints will be restricted in Kibana - version 9.0. Please move any integrations to publicly documented APIs. - + NOTE: Access to internal Kibana API endpoints will be restricted in Kibana version 9.0. Please move any integrations to publicly documented APIs. ## Documentation source and versions + This documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository. + It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/). - This documentation is derived from the `main` branch of the - [kibana](https://github.com/elastic/kibana) repository. - - It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 - International](https://creativecommons.org/licenses/by-nc-nd/4.0/). - - - This documentation contains work-in-progress information for future Elastic - Stack releases. + This documentation contains work-in-progress information for future Elastic Stack releases. title: Kibana APIs version: 1.0.2 x-doc-license: @@ -71,13 +41,131 @@ info: url: https://creativecommons.org/licenses/by-nc-nd/4.0/ x-feedbackLink: label: Feedback - url: >- - https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ + url: https://github.com/elastic/docs-content/issues/new?assignees=&labels=feedback%2Ccommunity&projects=&template=api-feedback.yaml&title=%5BFeedback%5D%3A+ servers: - url: https://{kibana_url} variables: kibana_url: default: localhost:5601 +security: + - apiKeyAuth: [] + - basicAuth: [] +tags: + - name: alerting + description: | + Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations. + externalDocs: + description: Alerting documentation + url: https://www.elastic.co/guide/en/kibana/master/alerting-getting-started.html + x-displayName: Alerting + - description: | + Adjust APM agent configuration without need to redeploy your application. + name: APM agent configuration + - description: | + Configure APM agent keys to authorize requests from APM agents to the APM Server. + name: APM agent keys + - description: | + Annotate visualizations in the APM app with significant events. Annotations enable you to easily see how events are impacting the performance of your applications. + name: APM annotations + - description: Create APM fleet server schema. + name: APM server schema + - description: Configure APM source maps. + name: APM sourcemaps + - description: | + Cases are used to open and track issues. You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. You can also send cases to external incident management systems by configuring connectors. + name: cases + externalDocs: + description: Cases documentation + url: https://www.elastic.co/guide/en/kibana/master/cases.html + x-displayName: Cases + - name: connectors + description: | + Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met. + externalDocs: + description: Connector documentation + url: https://www.elastic.co/guide/en/kibana/current/action-types.html + x-displayName: Connectors + - name: Data streams + - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns. + name: data views + x-displayName: Data views + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Agents + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet Server hosts + - name: Fleet service tokens + - name: Fleet uninstall tokens + - name: Message Signing Service + - description: Machine learning + name: ml + x-displayName: Machine learning + - name: roles + x-displayName: Roles + description: Manage the roles that grant Elasticsearch and Kibana privileges. + externalDocs: + description: Kibana role management + url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html + - description: | + Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs. + + To manage a specific type of saved object, use the corresponding APIs. + For example, use: + + * [Data views](../group/endpoint-data-views) + * [Spaces](https://www.elastic.co/guide/en/kibana/current/spaces-api.html) + * [Short URLs](https://www.elastic.co/guide/en/kibana/current/short-urls-api.html) + + Warning: Do not write documents directly to the `.kibana` index. When you write directly to the `.kibana` index, the data becomes corrupted and permanently breaks future Kibana versions. + name: saved objects + x-displayName: Saved objects + - description: Manage and interact with Security Assistant resources. + name: Security AI Assistant API + x-displayName: Security AI assistant + - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + name: Security Detections API + x-displayName: Security detections + - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + name: Security Endpoint Exceptions API + x-displayName: Security endpoint exceptions + - description: Interact with and manage endpoints running the Elastic Defend integration. + name: Security Endpoint Management API + x-displayName: Security endpoint management + - description: '' + name: Security Entity Analytics API + x-displayName: Security entity analytics + - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + name: Security Exceptions API + x-displayName: Security exceptions + - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + name: Security Lists API + x-displayName: Security lists + - description: Run live queries, manage packs and saved queries. + name: Security Osquery API + x-displayName: Security Osquery + - description: You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. + name: Security Timeline API + x-displayName: Security timeline + - description: SLO APIs enable you to define, manage and track service-level objectives + name: slo + x-displayName: Service level objectives + - name: spaces + x-displayName: Spaces + description: Manage your Kibana spaces. + externalDocs: + url: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html + description: Space overview + - name: system + x-displayName: System + description: | + Get information about the system status, resource usage, and installed plugins. paths: /api/actions/connector_types: get: @@ -92,15 +180,20 @@ paths: enum: - '2023-10-31' type: string - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). + - description: A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). in: query name: feature_id required: false schema: type: string - responses: {} + responses: + '200': + description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorTypesServerlessResponse: + $ref: '#/components/examples/get_connector_types_generativeai_response' summary: Get connector types tags: - connectors @@ -177,15 +270,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -197,6 +285,9 @@ paths: - is_preconfigured - is_deprecated - is_system_action + examples: + getConnectorResponse: + $ref: '#/components/examples/get_connector_response' description: Indicates a successful call. summary: Get connector information tags: @@ -222,7 +313,7 @@ paths: - description: An identifier for the connector. in: path name: id - required: false + required: true schema: type: string requestBody: @@ -232,23 +323,77 @@ paths: additionalProperties: false type: object properties: - config: - additionalProperties: {} - default: {} - type: object connector_type_id: description: The type of connector. type: string name: description: The display name for the connector. type: string + config: + additionalProperties: {} + default: {} + description: The connector configuration details. + oneOf: + - $ref: '#/components/schemas/bedrock_config' + - $ref: '#/components/schemas/crowdstrike_config' + - $ref: '#/components/schemas/d3security_config' + - $ref: '#/components/schemas/email_config' + - $ref: '#/components/schemas/gemini_config' + - $ref: '#/components/schemas/resilient_config' + - $ref: '#/components/schemas/index_config' + - $ref: '#/components/schemas/jira_config' + - $ref: '#/components/schemas/genai_azure_config' + - $ref: '#/components/schemas/genai_openai_config' + - $ref: '#/components/schemas/opsgenie_config' + - $ref: '#/components/schemas/pagerduty_config' + - $ref: '#/components/schemas/sentinelone_config' + - $ref: '#/components/schemas/servicenow_config' + - $ref: '#/components/schemas/servicenow_itom_config' + - $ref: '#/components/schemas/slack_api_config' + - $ref: '#/components/schemas/swimlane_config' + - $ref: '#/components/schemas/thehive_config' + - $ref: '#/components/schemas/tines_config' + - $ref: '#/components/schemas/torq_config' + - $ref: '#/components/schemas/webhook_config' + - $ref: '#/components/schemas/cases_webhook_config' + - $ref: '#/components/schemas/xmatters_config' secrets: additionalProperties: {} default: {} - type: object + oneOf: + - $ref: '#/components/schemas/bedrock_secrets' + - $ref: '#/components/schemas/crowdstrike_secrets' + - $ref: '#/components/schemas/d3security_secrets' + - $ref: '#/components/schemas/email_secrets' + - $ref: '#/components/schemas/gemini_secrets' + - $ref: '#/components/schemas/resilient_secrets' + - $ref: '#/components/schemas/jira_secrets' + - $ref: '#/components/schemas/teams_secrets' + - $ref: '#/components/schemas/genai_secrets' + - $ref: '#/components/schemas/opsgenie_secrets' + - $ref: '#/components/schemas/pagerduty_secrets' + - $ref: '#/components/schemas/sentinelone_secrets' + - $ref: '#/components/schemas/servicenow_secrets' + - $ref: '#/components/schemas/slack_api_secrets' + - $ref: '#/components/schemas/swimlane_secrets' + - $ref: '#/components/schemas/thehive_secrets' + - $ref: '#/components/schemas/tines_secrets' + - $ref: '#/components/schemas/torq_secrets' + - $ref: '#/components/schemas/webhook_secrets' + - $ref: '#/components/schemas/cases_webhook_secrets' + - $ref: '#/components/schemas/xmatters_secrets' required: - name - connector_type_id + examples: + createEmailConnectorRequest: + $ref: '#/components/examples/create_email_connector_request' + createIndexConnectorRequest: + $ref: '#/components/examples/create_index_connector_request' + createWebhookConnectorRequest: + $ref: '#/components/examples/create_webhook_connector_request' + createXmattersConnectorRequest: + $ref: '#/components/examples/create_xmatters_connector_request' responses: '200': content: @@ -273,15 +418,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -293,6 +433,15 @@ paths: - is_preconfigured - is_deprecated - is_system_action + examples: + createEmailConnectorResponse: + $ref: '#/components/examples/create_email_connector_response' + createIndexConnectorResponse: + $ref: '#/components/examples/create_index_connector_response' + createWebhookConnectorResponse: + $ref: '#/components/examples/create_webhook_connector_response' + createXmattersConnectorResponse: + $ref: '#/components/examples/get_connector_response' description: Indicates a successful call. summary: Create a connector tags: @@ -328,19 +477,67 @@ paths: additionalProperties: false type: object properties: - config: - additionalProperties: {} - default: {} - type: object name: description: The display name for the connector. type: string + config: + additionalProperties: {} + default: {} + description: The connector configuration details. + oneOf: + - $ref: '#/components/schemas/bedrock_config' + - $ref: '#/components/schemas/crowdstrike_config' + - $ref: '#/components/schemas/d3security_config' + - $ref: '#/components/schemas/email_config' + - $ref: '#/components/schemas/gemini_config' + - $ref: '#/components/schemas/resilient_config' + - $ref: '#/components/schemas/index_config' + - $ref: '#/components/schemas/jira_config' + - $ref: '#/components/schemas/genai_azure_config' + - $ref: '#/components/schemas/genai_openai_config' + - $ref: '#/components/schemas/opsgenie_config' + - $ref: '#/components/schemas/pagerduty_config' + - $ref: '#/components/schemas/sentinelone_config' + - $ref: '#/components/schemas/servicenow_config' + - $ref: '#/components/schemas/servicenow_itom_config' + - $ref: '#/components/schemas/slack_api_config' + - $ref: '#/components/schemas/swimlane_config' + - $ref: '#/components/schemas/thehive_config' + - $ref: '#/components/schemas/tines_config' + - $ref: '#/components/schemas/torq_config' + - $ref: '#/components/schemas/webhook_config' + - $ref: '#/components/schemas/cases_webhook_config' + - $ref: '#/components/schemas/xmatters_config' secrets: additionalProperties: {} default: {} - type: object + oneOf: + - $ref: '#/components/schemas/bedrock_secrets' + - $ref: '#/components/schemas/crowdstrike_secrets' + - $ref: '#/components/schemas/d3security_secrets' + - $ref: '#/components/schemas/email_secrets' + - $ref: '#/components/schemas/gemini_secrets' + - $ref: '#/components/schemas/resilient_secrets' + - $ref: '#/components/schemas/jira_secrets' + - $ref: '#/components/schemas/teams_secrets' + - $ref: '#/components/schemas/genai_secrets' + - $ref: '#/components/schemas/opsgenie_secrets' + - $ref: '#/components/schemas/pagerduty_secrets' + - $ref: '#/components/schemas/sentinelone_secrets' + - $ref: '#/components/schemas/servicenow_secrets' + - $ref: '#/components/schemas/slack_api_secrets' + - $ref: '#/components/schemas/swimlane_secrets' + - $ref: '#/components/schemas/thehive_secrets' + - $ref: '#/components/schemas/tines_secrets' + - $ref: '#/components/schemas/torq_secrets' + - $ref: '#/components/schemas/webhook_secrets' + - $ref: '#/components/schemas/cases_webhook_secrets' + - $ref: '#/components/schemas/xmatters_secrets' required: - name + examples: + updateIndexConnectorRequest: + $ref: '#/components/examples/update_index_connector_request' responses: '200': content: @@ -365,15 +562,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -391,9 +583,7 @@ paths: - connectors /api/actions/connector/{id}/_execute: post: - description: >- - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. + description: You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. operationId: post-actions-connector-id-execute parameters: - description: The version of the API to use @@ -426,9 +616,40 @@ paths: properties: params: additionalProperties: {} - type: object + oneOf: + - $ref: '#/components/schemas/run_acknowledge_resolve_pagerduty' + - $ref: '#/components/schemas/run_documents' + - $ref: '#/components/schemas/run_message_email' + - $ref: '#/components/schemas/run_message_serverlog' + - $ref: '#/components/schemas/run_message_slack' + - $ref: '#/components/schemas/run_trigger_pagerduty' + - $ref: '#/components/schemas/run_addevent' + - $ref: '#/components/schemas/run_closealert' + - $ref: '#/components/schemas/run_closeincident' + - $ref: '#/components/schemas/run_createalert' + - $ref: '#/components/schemas/run_fieldsbyissuetype' + - $ref: '#/components/schemas/run_getchoices' + - $ref: '#/components/schemas/run_getfields' + - $ref: '#/components/schemas/run_getincident' + - $ref: '#/components/schemas/run_issue' + - $ref: '#/components/schemas/run_issues' + - $ref: '#/components/schemas/run_issuetypes' + - $ref: '#/components/schemas/run_postmessage' + - $ref: '#/components/schemas/run_pushtoservice' + - $ref: '#/components/schemas/run_validchannelid' required: - params + examples: + runIndexConnectorRequest: + $ref: '#/components/examples/run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/run_jira_connector_request' + runServerLogConnectorRequest: + $ref: '#/components/examples/run_servicenow_itom_connector_request' + runSlackConnectorRequest: + $ref: '#/components/examples/run_slack_api_connector_request' + runSwimlaneConnectorRequest: + $ref: '#/components/examples/run_swimlane_connector_request' responses: '200': content: @@ -453,15 +674,10 @@ paths: description: Indicates whether the connector is missing secrets. type: boolean is_preconfigured: - description: >- - Indicates whether the connector is preconfigured. If true, - the `config` and `is_missing_secrets` properties are - omitted from the response. + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' type: boolean is_system_action: - description: >- - Indicates whether the connector is used for system - actions. + description: Indicates whether the connector is used for system actions. type: boolean name: description: ' The name of the rule.' @@ -473,6 +689,19 @@ paths: - is_preconfigured - is_deprecated - is_system_action + examples: + runIndexConnectorResponse: + $ref: '#/components/examples/run_index_connector_response' + runJiraConnectorResponse: + $ref: '#/components/examples/run_jira_connector_response' + runServerLogConnectorResponse: + $ref: '#/components/examples/run_server_log_connector_response' + runServiceNowITOMConnectorResponse: + $ref: '#/components/examples/run_servicenow_itom_connector_response' + runSlackConnectorResponse: + $ref: '#/components/examples/run_slack_api_connector_response' + runSwimlaneConnectorResponse: + $ref: '#/components/examples/run_swimlane_connector_response' description: Indicates a successful call. summary: Run a connector tags: @@ -489,16 +718,21 @@ paths: enum: - '2023-10-31' type: string - responses: {} + responses: + '200': + description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorsResponse: + $ref: '#/components/examples/get_connectors_response' summary: Get all connectors tags: - connectors /api/alerting/_health: get: - description: > - You must have `read` privileges for the **Management > Stack Rules** - feature or for at least one of the **Analytics > Discover**, **Analytics - > Machine Learning**, **Observability**, or **Security** features. + description: | + You must have `read` privileges for the **Management > Stack Rules** feature or for at least one of the **Analytics > Discover**, **Analytics > Machine Learning**, **Observability**, or **Security** features. operationId: getAlertingHealth responses: '200': @@ -511,10 +745,8 @@ paths: type: object properties: alerting_framework_health: - description: > - Three substates identify the health of the alerting - framework: `decryption_health`, `execution_health`, and - `read_health`. + description: | + Three substates identify the health of the alerting framework: `decryption_health`, `execution_health`, and `read_health`. type: object properties: decryption_health: @@ -563,9 +795,7 @@ paths: format: date-time type: string has_permanent_encryption_key: - description: >- - If `false`, the encrypted saved object plugin does not - have a permanent encryption key. + description: If `false`, the encrypted saved object plugin does not have a permanent encryption key. example: true type: boolean is_sufficiently_secure: @@ -584,14 +814,8 @@ paths: - alerting /api/alerting/rule_types: get: - description: > - If you have `read` privileges for one or more Kibana features, the API - response contains information about the appropriate rule types. For - example, there are rule types associated with the **Management > Stack - Rules** feature, **Analytics > Discover** and **Machine Learning** - features, **Observability** features, and **Security** features. To get - rule types associated with the **Stack Monitoring** feature, use the - `monitoring_user` built-in role. + description: | + If you have `read` privileges for one or more Kibana features, the API response contains information about the appropriate rule types. For example, there are rule types associated with the **Management > Stack Rules** feature, **Analytics > Discover** and **Machine Learning** features, **Observability** features, and **Security** features. To get rule types associated with the **Stack Monitoring** feature, use the `monitoring_user` built-in role. operationId: getRuleTypes responses: '200': @@ -605,11 +829,8 @@ paths: type: object properties: action_groups: - description: > - An explicit list of groups for which the rule type can - schedule actions, each with the action group's unique ID - and human readable name. Rule actions validation uses - this configuration to ensure that groups are valid. + description: | + An explicit list of groups for which the rule type can schedule actions, each with the action group's unique ID and human readable name. Rule actions validation uses this configuration to ensure that groups are valid. items: type: object properties: @@ -619,13 +840,8 @@ paths: type: string type: array action_variables: - description: > - A list of action variables that the rule type makes - available via context and state in action parameter - templates, and a short human readable description. When - you create a rule in Kibana, it uses this information to - prompt you for these variables in action parameter - editors. + description: | + A list of action variables that the rule type makes available via context and state in action parameter templates, and a short human readable description. When you create a rule in Kibana, it uses this information to prompt you for these variables in action parameter editors. type: object properties: context: @@ -658,9 +874,8 @@ paths: type: string type: array alerts: - description: > - Details for writing alerts as data documents for this - rule type. + description: | + Details for writing alerts as data documents for this rule type. type: object properties: context: @@ -686,48 +901,37 @@ paths: - 'true' type: string isSpaceAware: - description: > - Indicates whether the alerts are space-aware. If - true, space-specific alert indices are used. + description: | + Indicates whether the alerts are space-aware. If true, space-specific alert indices are used. type: boolean mappings: type: object properties: fieldMap: additionalProperties: - $ref: >- - #/components/schemas/Alerting_fieldmap_properties - description: > - Mapping information for each field supported in - alerts as data documents for this rule type. For - more information about mapping parameters, refer - to the Elasticsearch documentation. + $ref: '#/components/schemas/Alerting_fieldmap_properties' + description: | + Mapping information for each field supported in alerts as data documents for this rule type. For more information about mapping parameters, refer to the Elasticsearch documentation. type: object secondaryAlias: - description: > - A secondary alias. It is typically used to support - the signals alias for detection rules. + description: | + A secondary alias. It is typically used to support the signals alias for detection rules. type: string shouldWrite: - description: > - Indicates whether the rule should write out alerts - as data. + description: | + Indicates whether the rule should write out alerts as data. type: boolean useEcs: - description: > - Indicates whether to include the ECS component - template for the alerts. + description: | + Indicates whether to include the ECS component template for the alerts. type: boolean useLegacyAlerts: default: false - description: > - Indicates whether to include the legacy component - template for the alerts. + description: | + Indicates whether to include the legacy component template for the alerts. type: boolean authorized_consumers: - description: >- - The list of the plugins IDs that have access to the rule - type. + description: The list of the plugins IDs that have access to the rule type. type: object properties: alerts: @@ -808,9 +1012,7 @@ paths: read: type: boolean category: - description: >- - The rule category, which is used by features such as - category-specific maintenance windows. + description: The rule category, which is used by features such as category-specific maintenance windows. enum: - management - observability @@ -820,19 +1022,13 @@ paths: description: The default identifier for the rule type group. type: string does_set_recovery_context: - description: >- - Indicates whether the rule passes context variables to - its recovery action. + description: Indicates whether the rule passes context variables to its recovery action. type: boolean enabled_in_license: - description: >- - Indicates whether the rule type is enabled or disabled - based on the subscription. + description: Indicates whether the rule type is enabled or disabled based on the subscription. type: boolean has_alerts_mappings: - description: >- - Indicates whether the rule type has custom mappings for - the alert data. + description: Indicates whether the rule type has custom mappings for the alert data. type: boolean has_fields_for_a_a_d: type: boolean @@ -840,9 +1036,7 @@ paths: description: The unique identifier for the rule type. type: string is_exportable: - description: >- - Indicates whether the rule type is exportable in **Stack - Management > Saved Objects**. + description: Indicates whether the rule type is exportable in **Stack Management > Saved Objects**. type: boolean minimum_license_required: description: The subscriptions required to use the rule type. @@ -852,15 +1046,11 @@ paths: description: The descriptive name of the rule type. type: string producer: - description: >- - An identifier for the application that produces this - rule type. + description: An identifier for the application that produces this rule type. example: stackAlerts type: string recovery_action_group: - description: >- - An action group to use when an alert goes from an active - state to an inactive one. + description: An action group to use when an alert goes from an active state to an inactive one. type: object properties: id: @@ -950,9 +1140,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -960,15 +1148,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -978,9 +1161,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -997,9 +1178,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -1009,12 +1188,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -1031,55 +1205,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -1089,18 +1238,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -1108,30 +1246,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -1145,36 +1273,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -1184,9 +1300,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -1300,9 +1414,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -1352,9 +1464,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -1377,18 +1487,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -1413,29 +1519,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -1466,19 +1562,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -1504,9 +1588,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -1542,9 +1624,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -1562,12 +1642,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -1576,13 +1651,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -1593,26 +1662,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -1623,10 +1684,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -1664,23 +1722,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -1734,12 +1783,10 @@ paths: schema: example: 'true' type: string - - description: >- - The identifier for the rule. If it is omitted, an ID is randomly - generated. + - description: The identifier for the rule. If it is omitted, an ID is randomly generated. in: path name: id - required: false + required: true schema: type: string requestBody: @@ -1758,12 +1805,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Conditions that affect whether the action runs. If you - specify multiple conditions, all conditions must be - met for the action to run. For example, if an alert - occurs within the specified time frame and matches the - query, the action runs. + description: Conditions that affect whether the action runs. If you specify multiple conditions, all conditions must be met for the action to run. For example, if an alert occurs within the specified time frame and matches the query, the action runs. type: object properties: query: @@ -1771,15 +1813,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -1789,9 +1826,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -1808,27 +1843,18 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql - filters timeframe: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -1842,32 +1868,20 @@ paths: type: array hours: additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days @@ -1878,21 +1892,7 @@ paths: type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -1902,17 +1902,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -1920,12 +1910,7 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. @@ -1933,10 +1918,7 @@ paths: params: additionalProperties: {} default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. @@ -1949,30 +1931,20 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, `infrastructure`, - `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, - `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string enabled: default: true - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean flapping: additionalProperties: false @@ -1991,49 +1963,26 @@ paths: - look_back_window - status_change_threshold name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert - onThrottleInterval nullable: true type: string - params: - additionalProperties: {} - default: {} - description: The parameters for the rule. - type: object rule_type_id: description: The rule type identifier. type: string schedule: additionalProperties: false - description: >- - The check interval, which specifies how frequently the rule - conditions are checked. + description: The check interval, which specifies how frequently the rule conditions are checked. type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -2044,20 +1993,44 @@ paths: type: string type: array throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string + params: + additionalProperties: {} + default: {} + description: The parameters for the rule. + anyOf: + - $ref: '#/components/schemas/params_property_apm_anomaly' + - $ref: '#/components/schemas/params_property_apm_error_count' + - $ref: '#/components/schemas/params_property_apm_transaction_duration' + - $ref: '#/components/schemas/params_property_apm_transaction_error_rate' + - $ref: '#/components/schemas/params_es_query_dsl_rule' + - $ref: '#/components/schemas/params_es_query_esql_rule' + - $ref: '#/components/schemas/params_es_query_kql_rule' + - $ref: '#/components/schemas/params_index_threshold_rule' + - $ref: '#/components/schemas/params_property_infra_inventory' + - $ref: '#/components/schemas/params_property_log_threshold' + - $ref: '#/components/schemas/params_property_infra_metric_threshold' + - $ref: '#/components/schemas/params_property_slo_burn_rate' + - $ref: '#/components/schemas/params_property_synthetics_uptime_tls' + - $ref: '#/components/schemas/params_property_synthetics_monitor_status' required: - name - rule_type_id - consumer - schedule + examples: + createEsQueryEsqlRuleRequest: + $ref: '#/components/examples/create_es_query_esql_rule_request' + createEsQueryRuleRequest: + $ref: '#/components/examples/create_es_query_rule_request' + createEsQueryKqlRuleRequest: + $ref: '#/components/examples/create_es_query_kql_rule_request' + createIndexThresholdRuleRequest: + $ref: '#/components/examples/create_index_threshold_rule_request' + createTrackingContainmentRuleRequest: + $ref: '#/components/examples/create_tracking_containment_rule_request' responses: '200': content: @@ -2073,9 +2046,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -2083,15 +2054,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -2101,9 +2067,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -2120,9 +2084,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -2132,12 +2094,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -2154,55 +2111,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -2212,18 +2144,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -2231,30 +2152,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -2268,36 +2179,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -2307,9 +2206,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -2423,9 +2320,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -2475,9 +2370,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -2500,18 +2393,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -2536,29 +2425,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -2589,19 +2468,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -2627,9 +2494,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -2665,9 +2530,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -2685,12 +2548,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -2699,13 +2557,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -2716,26 +2568,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -2746,10 +2590,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -2787,23 +2628,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -2829,6 +2661,17 @@ paths: - muted_alert_ids - execution_status - revision + examples: + createEsQueryEsqlRuleResponse: + $ref: '#/components/examples/create_es_query_esql_rule_response' + createEsQueryRuleResponse: + $ref: '#/components/examples/create_es_query_rule_response' + createEsQueryKqlRuleResponse: + $ref: '#/components/examples/create_es_query_kql_rule_response' + createIndexThresholdRuleResponse: + $ref: '#/components/examples/create_index_threshold_rule_response' + createTrackingContainmentRuleResponse: + $ref: '#/components/examples/create_tracking_containment_rule_response' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -2886,15 +2729,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query Domain - Specific Language (DSL) as defined in the - `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -2904,9 +2742,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -2923,27 +2759,18 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql - filters timeframe: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the days - of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -2957,32 +2784,20 @@ paths: type: array hours: additionalProperties: false - description: >- - Defines the range of time in a day that the - action can run. If the `start` value is - `00:00` and the `end` value is `24:00`, - actions be generated all day. + description: Defines the range of time in a day that the action can run. If the `start` value is `00:00` and the `end` value is `24:00`, actions be generated all day. type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work but - lack built-in daylight savings time support - and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days @@ -2993,21 +2808,7 @@ paths: type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. Valid - values include: `onActionGroupChange`: Actions run - when the alert status changes; `onActiveAlert`: - Actions run when the alert becomes active and at - each check interval while the rule conditions are - met; `onThrottleInterval`: Actions run when the - alert becomes active and at the interval specified - in the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` at - both the rule and action level. The recommended - method is to set it for each action. If you set it - at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific - values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -3017,17 +2818,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often an - alert generates repeated actions. It is specified - in seconds, minutes, hours, or days and is - applicable only if `notify_when` is set to - `onThrottleInterval`. NOTE: You cannot specify the - throttle interval at both the rule and action - level. The recommended method is to set it for - each action. If you set it at the rule level then - update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if `notify_when` is set to `onThrottleInterval`. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -3035,12 +2826,7 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. @@ -3048,10 +2834,7 @@ paths: params: additionalProperties: {} default: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. @@ -3064,15 +2847,11 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active @@ -3093,24 +2872,10 @@ paths: - look_back_window - status_change_threshold name: - description: >- - The name of the rule. While this name does not have to be - unique, a distinctive name can help you identify a rule. + description: The name of the rule. While this name does not have to be unique, a distinctive name can help you identify a rule. type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while the rule - conditions are met; `onThrottleInterval`: Actions run when - the alert becomes active and at the interval specified in - the throttle property while the rule conditions are met. - NOTE: You cannot specify `notify_when` at both the rule and - action level. The recommended method is to set it for each - action. If you set it at the rule level then update the rule - in Kibana, it is automatically changed to use - action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -3127,9 +2892,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, or - days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -3140,18 +2903,15 @@ paths: type: string type: array throttle: - description: >- - Use the `throttle` property in the action `frequency` object - instead. The throttle interval, which defines how often an - alert generates repeated actions. NOTE: You cannot specify - the throttle interval at both the rule and action level. If - you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. + description: 'Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: - name - schedule + examples: + updateRuleRequest: + $ref: '#/components/examples/update_rule_request' responses: '200': content: @@ -3167,9 +2927,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -3177,15 +2935,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -3195,9 +2948,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -3214,9 +2965,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -3226,12 +2975,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -3248,55 +2992,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -3306,18 +3025,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -3325,30 +3033,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -3362,36 +3060,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -3401,9 +3087,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -3517,9 +3201,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -3569,9 +3251,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -3594,18 +3274,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -3630,29 +3306,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -3683,19 +3349,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -3721,9 +3375,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -3759,9 +3411,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -3779,12 +3429,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -3793,13 +3438,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -3810,26 +3449,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -3840,10 +3471,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -3881,23 +3509,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -3923,6 +3542,9 @@ paths: - muted_alert_ids - execution_status - revision + examples: + updateRuleResponse: + $ref: '#/components/examples/update_rule_response' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -4248,9 +3870,7 @@ paths: default: 1 minimum: 1 type: number - - description: >- - An Elasticsearch simple_query_string query that filters the objects - in the response. + - description: An Elasticsearch simple_query_string query that filters the objects in the response. in: query name: search required: false @@ -4276,9 +3896,7 @@ paths: type: string type: array - type: string - - description: >- - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. + - description: Determines which field is used to sort the results. The field must exist in the `attributes` key of the response. in: query name: sort_field required: false @@ -4293,9 +3911,7 @@ paths: - asc - desc type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. + - description: Filters the rules that have a relation with the reference objects with a specific type and identifier. in: query name: has_reference required: false @@ -4319,12 +3935,7 @@ paths: description: The fields to return in the `attributes` key of the response. type: string type: array - - description: >- - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. + - description: 'A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`.' in: query name: filter required: false @@ -4353,9 +3964,7 @@ paths: properties: alerts_filter: additionalProperties: false - description: >- - Defines a period that limits whether the action - runs. + description: Defines a period that limits whether the action runs. type: object properties: query: @@ -4363,15 +3972,10 @@ paths: type: object properties: dsl: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL). + description: A filter written in Elasticsearch Query Domain Specific Language (DSL). type: string filters: - description: >- - A filter written in Elasticsearch Query - Domain Specific Language (DSL) as defined in - the `kbn-es-query` package. + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. items: additionalProperties: false type: object @@ -4381,9 +3985,7 @@ paths: type: object properties: store: - description: >- - A filter can be either specific to an - application context or applied globally. + description: A filter can be either specific to an application context or applied globally. enum: - appState - globalState @@ -4400,9 +4002,7 @@ paths: - meta type: array kql: - description: >- - A filter written in Kibana Query Language - (KQL). + description: A filter written in Kibana Query Language (KQL). type: string required: - kql @@ -4412,12 +4012,7 @@ paths: type: object properties: days: - description: >- - Defines the days of the week that the action - can run, represented as an array of numbers. - For example, `1` represents Monday. An empty - array is equivalent to specifying all the - days of the week. + description: Defines the days of the week that the action can run, represented as an array of numbers. For example, `1` represents Monday. An empty array is equivalent to specifying all the days of the week. items: enum: - 1 @@ -4434,55 +4029,30 @@ paths: type: object properties: end: - description: >- - The end of the time frame in 24-hour - notation (`hh:mm`). + description: The end of the time frame in 24-hour notation (`hh:mm`). type: string start: - description: >- - The start of the time frame in 24-hour - notation (`hh:mm`). + description: The start of the time frame in 24-hour notation (`hh:mm`). type: string required: - start - end timezone: - description: >- - The ISO time zone for the `hours` values. - Values such as `UTC` and `UTC+1` also work - but lack built-in daylight savings time - support and are not recommended. + description: The ISO time zone for the `hours` values. Values such as `UTC` and `UTC+1` also work but lack built-in daylight savings time support and are not recommended. type: string required: - days - hours - timezone connector_type_id: - description: >- - The type of connector. This property appears in - responses but cannot be set in requests. + description: The type of connector. This property appears in responses but cannot be set in requests. type: string frequency: additionalProperties: false type: object properties: notify_when: - description: >- - Indicates how often alerts generate actions. - Valid values include: `onActionGroupChange`: - Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert - becomes active and at each check interval while - the rule conditions are met; - `onThrottleInterval`: Actions run when the alert - becomes active and at the interval specified in - the throttle property while the rule conditions - are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The - recommended method is to set it for each action. - If you set it at the rule level then update the - rule in Kibana, it is automatically changed to - use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -4492,18 +4062,7 @@ paths: description: Indicates whether the action is a summary. type: boolean throttle: - description: >- - The throttle interval, which defines how often - an alert generates repeated actions. It is - specified in seconds, minutes, hours, or days - and is applicable only if 'notify_when' is set - to 'onThrottleInterval'. NOTE: You cannot - specify the throttle interval at both the rule - and action level. The recommended method is to - set it for each action. If you set it at the - rule level then update the rule in Kibana, it is - automatically changed to use action-specific - values. + description: 'The throttle interval, which defines how often an alert generates repeated actions. It is specified in seconds, minutes, hours, or days and is applicable only if ''notify_when'' is set to ''onThrottleInterval''. NOTE: You cannot specify the throttle interval at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string required: @@ -4511,30 +4070,20 @@ paths: - notify_when - throttle group: - description: >- - The group name, which affects when the action runs - (for example, when the threshold is met or when the - alert is recovered). Each rule type has a list of - valid action group names. If you don't need to group - actions, set to `default`. + description: The group name, which affects when the action runs (for example, when the threshold is met or when the alert is recovered). Each rule type has a list of valid action group names. If you don't need to group actions, set to `default`. type: string id: description: The identifier for the connector saved object. type: string params: additionalProperties: {} - description: >- - The parameters for the action, which are sent to the - connector. The `params` are handled as Mustache - templates and passed a default set of context. + description: The parameters for the action, which are sent to the connector. The `params` are handled as Mustache templates and passed a default set of context. type: object use_alert_data_for_template: description: Indicates whether to use alert data as a template. type: boolean uuid: - description: >- - A universally unique identifier (UUID) for the - action. + description: A universally unique identifier (UUID) for the action. type: string required: - id @@ -4548,36 +4097,24 @@ paths: type: array alert_delay: additionalProperties: false - description: >- - Indicates that an alert occurs only when the specified - number of consecutive runs met the rule conditions. + description: Indicates that an alert occurs only when the specified number of consecutive runs met the rule conditions. type: object properties: active: - description: >- - The number of consecutive runs that must meet the rule - conditions. + description: The number of consecutive runs that must meet the rule conditions. type: number required: - active api_key_created_by_user: - description: >- - Indicates whether the API key that is associated with the - rule was created by the user. + description: Indicates whether the API key that is associated with the rule was created by the user. nullable: true type: boolean api_key_owner: - description: >- - The owner of the API key that is associated with the rule - and used to run background tasks. + description: The owner of the API key that is associated with the rule and used to run background tasks. nullable: true type: string consumer: - description: >- - The name of the application or feature that owns the rule. - For example: `alerts`, `apm`, `discover`, - `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, - `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + description: 'The name of the application or feature that owns the rule. For example: `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`.' type: string created_at: description: The date and time that the rule was created. @@ -4587,9 +4124,7 @@ paths: nullable: true type: string enabled: - description: >- - Indicates whether you want to run the rule on an interval - basis after it is created. + description: Indicates whether you want to run the rule on an interval basis after it is created. type: boolean execution_status: additionalProperties: false @@ -4703,9 +4238,7 @@ paths: nullable: true type: number outcome: - description: >- - Outcome of last run of the rule. Value could be - succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning @@ -4755,9 +4288,7 @@ paths: properties: calculated_metrics: additionalProperties: false - description: >- - Calculation of different percentiles and success - ratio. + description: Calculation of different percentiles and success ratio. type: object properties: p50: @@ -4780,18 +4311,14 @@ paths: description: Duration of the rule run. type: number outcome: - description: >- - Outcome of last run of the rule. Value could - be succeeded, warning or failed. + description: Outcome of last run of the rule. Value could be succeeded, warning or failed. enum: - succeeded - warning - failed type: string success: - description: >- - Indicates whether the rule run was - successful. + description: Indicates whether the rule run was successful. type: boolean timestamp: description: Time of rule run. @@ -4816,29 +4343,19 @@ paths: nullable: true type: number total_alerts_created: - description: >- - Total number of alerts created during last - rule run. + description: Total number of alerts created during last rule run. nullable: true type: number total_alerts_detected: - description: >- - Total number of alerts detected during - last rule run. + description: Total number of alerts detected during last rule run. nullable: true type: number total_indexing_duration_ms: - description: >- - Total time spent indexing documents during - last rule run in milliseconds. + description: Total time spent indexing documents during last rule run in milliseconds. nullable: true type: number total_search_duration_ms: - description: >- - Total time spent performing Elasticsearch - searches as measured by Kibana; includes - network latency and time spent serializing - or deserializing the request and response. + description: Total time spent performing Elasticsearch searches as measured by Kibana; includes network latency and time spent serializing or deserializing the request and response. nullable: true type: number timestamp: @@ -4869,19 +4386,7 @@ paths: nullable: true type: string notify_when: - description: >- - Indicates how often alerts generate actions. Valid values - include: `onActionGroupChange`: Actions run when the alert - status changes; `onActiveAlert`: Actions run when the - alert becomes active and at each check interval while the - rule conditions are met; `onThrottleInterval`: Actions run - when the alert becomes active and at the interval - specified in the throttle property while the rule - conditions are met. NOTE: You cannot specify `notify_when` - at both the rule and action level. The recommended method - is to set it for each action. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Indicates how often alerts generate actions. Valid values include: `onActionGroupChange`: Actions run when the alert status changes; `onActiveAlert`: Actions run when the alert becomes active and at each check interval while the rule conditions are met; `onThrottleInterval`: Actions run when the alert becomes active and at the interval specified in the throttle property while the rule conditions are met. NOTE: You cannot specify `notify_when` at both the rule and action level. The recommended method is to set it for each action. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' enum: - onActionGroupChange - onActiveAlert @@ -4907,9 +4412,7 @@ paths: type: object properties: interval: - description: >- - The interval is specified in seconds, minutes, hours, - or days. + description: The interval is specified in seconds, minutes, hours, or days. type: string required: - interval @@ -4945,9 +4448,7 @@ paths: type: array bymonth: items: - description: >- - Indicates months of the year that this rule - should recur. + description: Indicates months of the year that this rule should recur. type: number nullable: true type: array @@ -4965,12 +4466,7 @@ paths: type: array bysetpos: items: - description: >- - A positive or negative integer affecting the - nth day of the month. For example, -2 combined - with `byweekday` of FR is 2nd to last Friday - of the month. It is recommended to not set - this manually and just use `byweekday`. + description: A positive or negative integer affecting the nth day of the month. For example, -2 combined with `byweekday` of FR is 2nd to last Friday of the month. It is recommended to not set this manually and just use `byweekday`. type: number nullable: true type: array @@ -4979,13 +4475,7 @@ paths: anyOf: - type: string - type: number - description: >- - Indicates the days of the week to recur or - else nth-day-of-month strings. For example, - "+2TU" second Tuesday of month, "-1FR" last - Friday of the month, which are internally - converted to a `byweekday/bysetpos` - combination. + description: Indicates the days of the week to recur or else nth-day-of-month strings. For example, "+2TU" second Tuesday of month, "-1FR" last Friday of the month, which are internally converted to a `byweekday/bysetpos` combination. nullable: true type: array byweekno: @@ -4996,26 +4486,18 @@ paths: type: array byyearday: items: - description: >- - Indicates the days of the year that this rule - should recur. + description: Indicates the days of the year that this rule should recur. type: number nullable: true type: array count: - description: >- - Number of times the rule should recur until it - stops. + description: Number of times the rule should recur until it stops. type: number dtstart: - description: >- - Rule start date in Coordinated Universal Time - (UTC). + description: Rule start date in Coordinated Universal Time (UTC). type: string freq: - description: >- - Indicates frequency of the rule. Options are - YEARLY, MONTHLY, WEEKLY, DAILY. + description: Indicates frequency of the rule. Options are YEARLY, MONTHLY, WEEKLY, DAILY. enum: - 0 - 1 @@ -5026,10 +4508,7 @@ paths: - 6 type: integer interval: - description: >- - Indicates the interval of frequency. For - example, 1 and YEARLY is every 1 year, 2 and - WEEKLY is every 2 weeks. + description: Indicates the interval of frequency. For example, 1 and YEARLY is every 1 year, 2 and WEEKLY is every 2 weeks. type: number tzid: description: Indicates timezone abbreviation. @@ -5067,23 +4546,14 @@ paths: type: array throttle: deprecated: true - description: >- - Deprecated in 8.13.0. Use the `throttle` property in the - action `frequency` object instead. The throttle interval, - which defines how often an alert generates repeated - actions. NOTE: You cannot specify the throttle interval at - both the rule and action level. If you set it at the rule - level then update the rule in Kibana, it is automatically - changed to use action-specific values. + description: 'Deprecated in 8.13.0. Use the `throttle` property in the action `frequency` object instead. The throttle interval, which defines how often an alert generates repeated actions. NOTE: You cannot specify the throttle interval at both the rule and action level. If you set it at the rule level then update the rule in Kibana, it is automatically changed to use action-specific values.' nullable: true type: string updated_at: description: The date and time that the rule was updated most recently. type: string updated_by: - description: >- - The identifier for the user that updated this rule most - recently. + description: The identifier for the user that updated this rule most recently. nullable: true type: string view_in_app_relative_url: @@ -5109,6 +4579,11 @@ paths: - muted_alert_ids - execution_status - revision + examples: + findRulesResponse: + $ref: '#/components/examples/find_rules_response' + findConditionalActionRulesResponse: + $ref: '#/components/examples/find_rules_response_conditional_action' description: Indicates a successful call. '400': description: Indicates an invalid schema or parameters. @@ -5120,9 +4595,8 @@ paths: /api/alerts/alert/{alertId}: delete: deprecated: true - description: > - Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After - you delete an alert, you cannot recover it. + description: | + Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it. operationId: legaryDeleteAlert parameters: - $ref: '#/components/parameters/Alerting_kbn_xsrf' @@ -5179,9 +4653,7 @@ paths: operationId: legacyCreateAlert parameters: - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: >- - An UUID v1 or v4 identifier for the alert. If this parameter is - omitted, the identifier is randomly generated. + - description: An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated. in: path name: alertId required: true @@ -5203,19 +4675,15 @@ paths: description: The identifier for the action type. type: string group: - description: > - Grouping actions is recommended for escalations for - different types of alert instances. If you don't need - this functionality, set it to `default`. + description: | + Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`. type: string id: description: The ID of the action saved object. type: string params: - description: > - The map to the `params` that the action type will - receive. `params` are handled as Mustache templates - and passed a default set of context. + description: | + The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context. type: object required: - actionTypeId @@ -5224,20 +4692,13 @@ paths: - params type: array alertTypeId: - description: >- - The ID of the alert type that you want to call when the - alert is scheduled to run. + description: The ID of the alert type that you want to call when the alert is scheduled to run. type: string consumer: - description: >- - The name of the application that owns the alert. This name - has to match the Kibana feature name, as that dictates the - required role-based access control privileges. + description: The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges. type: string enabled: - description: >- - Indicates if you want to run the alert on an interval basis - after it is created. + description: Indicates if you want to run the alert on an interval basis after it is created. type: boolean name: description: A name to reference and search. @@ -5250,22 +4711,15 @@ paths: - onThrottleInterval type: string params: - description: >- - The parameters to pass to the alert type executor `params` - value. This will also validate against the alert type params - validator, if defined. + description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined. type: object schedule: - description: > - The schedule specifying when this alert should be run. A - schedule is structured such that the key specifies the - format you wish to use and its value specifies the schedule. + description: | + The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule. type: object properties: interval: - description: >- - The interval format specifies the interval in seconds, - minutes, hours or days at which the alert should run. + description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run. example: 10s type: string tags: @@ -5274,13 +4728,8 @@ paths: type: string type: array throttle: - description: > - How often this alert should fire the same actions. This will - prevent the alert from sending out the same notification - over and over. For example, if an alert with a schedule of 1 - minute stays in a triggered state for 90 minutes, setting a - throttle of `10m` or `1h` will prevent it from sending 90 - notifications during this period. + description: | + How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period. type: string required: - alertTypeId @@ -5334,19 +4783,15 @@ paths: description: The identifier for the action type. type: string group: - description: > - Grouping actions is recommended for escalations for - different types of alert instances. If you don't need - this functionality, set it to `default`. + description: | + Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`. type: string id: description: The ID of the action saved object. type: string params: - description: > - The map to the `params` that the action type will - receive. `params` are handled as Mustache templates - and passed a default set of context. + description: | + The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context. type: object required: - actionTypeId @@ -5365,22 +4810,15 @@ paths: - onThrottleInterval type: string params: - description: >- - The parameters to pass to the alert type executor `params` - value. This will also validate against the alert type params - validator, if defined. + description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined. type: object schedule: - description: > - The schedule specifying when this alert should be run. A - schedule is structured such that the key specifies the - format you wish to use and its value specifies the schedule. + description: | + The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule. type: object properties: interval: - description: >- - The interval format specifies the interval in seconds, - minutes, hours or days at which the alert should run. + description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run. example: 1d type: string tags: @@ -5389,13 +4827,8 @@ paths: type: string type: array throttle: - description: > - How often this alert should fire the same actions. This will - prevent the alert from sending out the same notification - over and over. For example, if an alert with a schedule of 1 - minute stays in a triggered state for 90 minutes, setting a - throttle of `10m` or `1h` will prevent it from sending 90 - notifications during this period. + description: | + How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period. type: string required: - name @@ -5592,12 +5025,8 @@ paths: /api/alerts/alerts/_find: get: deprecated: true - description: > - Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert - `params` are stored as a flattened field type and analyzed as keywords. - As alerts change in Kibana, the results on each page of the response - also change. Use the find API for traditional paginated results, but - avoid using it to export large amounts of data. + description: | + Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert `params` are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data. operationId: legacyFindAlerts parameters: - description: The default operator to use for the `simple_query_string`. @@ -5614,19 +5043,13 @@ paths: items: type: string type: array - - description: > - A KQL string that you filter with an attribute from your saved - object. It should look like `savedObjectType.attributes.title: - "myTitle"`. However, if you used a direct attribute of a saved - object, such as `updatedAt`, you must define your filter, for - example, `savedObjectType.updatedAt > 2018-12-22`. + - description: | + A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`. in: query name: filter schema: type: string - - description: >- - Filters the rules that have a relation with the reference objects - with a specific type and identifier. + - description: Filters the rules that have a relation with the reference objects with a specific type and identifier. in: query name: has_reference schema: @@ -5650,16 +5073,12 @@ paths: schema: default: 20 type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the alerts - in the response. + - description: An Elasticsearch `simple_query_string` query that filters the alerts in the response. in: query name: search schema: type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. + - description: The fields to perform the `simple_query_string` parsed query against. in: query name: search_fields schema: @@ -5668,9 +5087,8 @@ paths: - items: type: string type: array - - description: > - Determines which field is used to sort the results. The field must - exist in the `attributes` key of the response. + - description: | + Determines which field is used to sort the results. The field must exist in the `attributes` key of the response. in: query name: sort_field schema: @@ -5725,10 +5143,8 @@ paths: type: object properties: alertingFrameworkHealth: - description: > - Three substates identify the health of the alerting - framework: `decryptionHealth`, `executionHealth`, and - `readHealth`. + description: | + Three substates identify the health of the alerting framework: `decryptionHealth`, `executionHealth`, and `readHealth`. type: object properties: decryptionHealth: @@ -5777,9 +5193,7 @@ paths: format: date-time type: string hasPermanentEncryptionKey: - description: >- - If `false`, the encrypted saved object plugin does not - have a permanent encryption key. + description: If `false`, the encrypted saved object plugin does not have a permanent encryption key. example: true type: boolean isSufficientlySecure: @@ -5810,11 +5224,8 @@ paths: type: object properties: actionGroups: - description: > - An explicit list of groups for which the alert type can - schedule actions, each with the action group's unique ID - and human readable name. Alert actions validation uses - this configuration to ensure that groups are valid. + description: | + An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid. items: type: object properties: @@ -5824,12 +5235,8 @@ paths: type: string type: array actionVariables: - description: > - A list of action variables that the alert type makes - available via context and state in action parameter - templates, and a short human readable description. The - Alert UI will use this information to prompt users for - these variables in action parameter editors. + description: | + A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors. type: object properties: context: @@ -5860,25 +5267,19 @@ paths: type: string type: array authorizedConsumers: - description: >- - The list of the plugins IDs that have access to the - alert type. + description: The list of the plugins IDs that have access to the alert type. type: object defaultActionGroupId: description: The default identifier for the alert type group. type: string enabledInLicense: - description: >- - Indicates whether the rule type is enabled based on the - subscription. + description: Indicates whether the rule type is enabled based on the subscription. type: boolean id: description: The unique identifier for the alert type. type: string isExportable: - description: >- - Indicates whether the alert type is exportable in Saved - Objects Management UI. + description: Indicates whether the alert type is exportable in Saved Objects Management UI. type: boolean minimumLicenseRequired: description: The subscriptions required to use the alert type. @@ -5887,15 +5288,11 @@ paths: description: The descriptive name of the alert type. type: string producer: - description: >- - An identifier for the application that produces this - alert type. + description: An identifier for the application that produces this alert type. type: string recoveryActionGroup: - description: > - An action group to use when an alert instance goes from - an active state to an inactive one. If it is not - specified, the default recovered action group is used. + description: | + An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used. type: object properties: id: @@ -6142,8 +5539,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/APM_UI_delete_agent_configurations_response + $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' description: Successful response '400': content: @@ -6336,9 +5732,8 @@ paths: - APM agent configuration /api/apm/settings/agent-configuration/search: post: - description: > - This endpoint allows to search for single agent configuration and update - 'applied_by_agent' field. + description: | + This endpoint allows to search for single agent configuration and update 'applied_by_agent' field. operationId: searchSingleConfiguration parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' @@ -6354,8 +5749,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/APM_UI_search_agent_configuration_response + $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' description: Successful response '400': content: @@ -6400,8 +5794,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/APM_UI_single_agent_configuration_response + $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' description: Successful response '400': content: @@ -6614,13 +6007,10 @@ paths: type: object properties: deleted: - description: >- - True if the record was deleted or false if the record did - not exist. + description: True if the record was deleted or false if the record did not exist. type: boolean record: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: The deleted record if it existed. required: - deleted @@ -6652,8 +6042,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response '400': description: Invalid request @@ -6663,27 +6052,21 @@ paths: tags: - Security Entity Analytics API post: - description: > + description: | Create or update an asset criticality record for a specific entity. - - If a record already exists for the specified entity, that record is - overwritten with the specified value. If a record doesn't exist for the - specified entity, a new record is created. + If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. operationId: CreateAssetCriticalityRecord requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' - type: object properties: refresh: - description: >- - If 'wait_for' the request will wait for the index - refresh. + description: If 'wait_for' the request will wait for the index refresh. enum: - wait_for type: string @@ -6693,8 +6076,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response '400': description: Invalid request @@ -6703,14 +6085,10 @@ paths: - Security Entity Analytics API /api/asset_criticality/bulk: post: - description: > + description: | Bulk upsert up to 1000 asset criticality records. - - If asset criticality records already exist for the specified entities, - those records are overwritten with the specified values. If asset - criticality records don't exist for the specified entities, new records - are created. + If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. operationId: BulkUpsertAssetCriticalityRecords requestBody: content: @@ -6728,8 +6106,7 @@ paths: properties: records: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' maxItems: 1000 minItems: 1 type: array @@ -6752,12 +6129,10 @@ paths: properties: errors: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem' type: array stats: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats' required: - errors - stats @@ -6829,8 +6204,7 @@ paths: type: integer records: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' type: array total: minimum: 0 @@ -6846,11 +6220,8 @@ paths: - Security Entity Analytics API /api/cases: delete: - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. + description: | + You must have `read` or `all` privileges and the `delete` sub-feature privilege for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. operationId: deleteCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -6868,11 +6239,8 @@ paths: tags: - cases patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. operationId: updateCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -6906,11 +6274,8 @@ paths: tags: - cases post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. operationId: createCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -6944,10 +6309,8 @@ paths: - cases /api/cases/_find: get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. operationId: findCasesDefaultSpace parameters: - $ref: '#/components/parameters/Cases_assignees_filter' @@ -7005,10 +6368,8 @@ paths: - cases /api/cases/{caseId}: get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. operationId: getCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7036,10 +6397,8 @@ paths: - cases /api/cases/{caseId}/alerts: get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. operationId: getCaseAlertsDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7067,11 +6426,8 @@ paths: x-state: Technical preview /api/cases/{caseId}/comments: delete: - description: > - Deletes all comments and alerts from a case. You must have `all` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. + description: | + Deletes all comments and alerts from a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. operationId: deleteCaseCommentsDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -7090,13 +6446,8 @@ paths: - cases get: deprecated: true - description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; instead, use the get case comment API, which requires a - comment identifier in the path. You must have `read` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on the - owner of the cases with the comments you're seeking. + description: | + Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. operationId: getAllCaseCommentsDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7117,11 +6468,8 @@ paths: tags: - cases patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. operationId: updateCaseCommentDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -7155,11 +6503,8 @@ paths: tags: - cases post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - NOTE: Each case can have a maximum of 1,000 alerts. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're creating. NOTE: Each case can have a maximum of 1,000 alerts. operationId: addCaseCommentDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -7194,12 +6539,8 @@ paths: - cases /api/cases/{caseId}/comments/_find: get: - description: > - Retrieves a paginated list of comments for a case. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases with the comments you're - seeking. + description: | + Retrieves a paginated list of comments for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. operationId: findCaseCommentsDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7224,10 +6565,8 @@ paths: - cases /api/cases/{caseId}/comments/{commentId}: delete: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. + description: | + You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're deleting. operationId: deleteCaseCommentDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -7246,11 +6585,8 @@ paths: tags: - cases get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. operationId: getCaseCommentDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7264,10 +6600,8 @@ paths: $ref: '#/components/examples/Cases_get_comment_response' schema: oneOf: - - $ref: >- - #/components/schemas/Cases_alert_comment_response_properties - - $ref: >- - #/components/schemas/Cases_user_comment_response_properties + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' description: Indicates a successful call. '401': content: @@ -7280,12 +6614,8 @@ paths: - cases /api/cases/{caseId}/connector/{connectorId}/_push: post: - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. + description: | + You must have `all` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. You must also have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're pushing. operationId: pushCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7319,13 +6649,8 @@ paths: /api/cases/{caseId}/user_actions: get: deprecated: true - description: > - Returns all user activity for a case. Deprecated in 8.1.0. This API is - deprecated and will be removed in a future release; use the find user - actions API instead. You must have `read` privileges for the **Cases** - feature in the **Management**, **Observability**, or **Security** - section of the Kibana feature privileges, depending on the owner of the - case you're seeking. + description: | + Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. operationId: getCaseActivityDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7349,11 +6674,8 @@ paths: - cases /api/cases/{caseId}/user_actions/_find: get: - description: > - Retrives a paginated list of user activity for a case. You must have - `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the case you're seeking. + description: | + Retrives a paginated list of user activity for a case. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. operationId: findCaseActivityDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' @@ -7379,8 +6701,7 @@ paths: type: integer userActions: items: - $ref: >- - #/components/schemas/Cases_user_actions_find_response_properties + $ref: '#/components/schemas/Cases_user_actions_find_response_properties' maxItems: 10000 type: array description: Indicates a successful call. @@ -7395,10 +6716,8 @@ paths: - cases /api/cases/alerts/{alertId}: get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. + description: | + You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. operationId: getCasesByAlertDefaultSpace parameters: - $ref: '#/components/parameters/Cases_alert_id' @@ -7435,12 +6754,8 @@ paths: x-state: Technical preview /api/cases/configure: get: - description: > - Get setting details such as the closure type, custom fields, templatse, - and the default connector for cases. You must have `read` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the cases were created. + description: | + Get setting details such as the closure type, custom fields, templatse, and the default connector for cases. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the cases were created. operationId: getCaseConfigurationDefaultSpace parameters: - $ref: '#/components/parameters/Cases_owner_filter' @@ -7461,24 +6776,15 @@ paths: type: object properties: fields: - description: >- - The fields specified in the case configuration are - not used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object id: - description: >- - The identifier for the connector. If you do not want - a default connector, use `none`. To retrieve - connector IDs, use the find connectors API. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. example: none type: string name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. example: none type: string type: @@ -7515,27 +6821,19 @@ paths: type: object properties: defaultValue: - description: > - A default value for the custom field. If the - `type` is `text`, the default value must be a - string. If the `type` is `toggle`, the default - value must be boolean. + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. oneOf: - type: string - type: boolean key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. maxLength: 36 minLength: 1 type: string label: - description: >- - The custom field label that is displayed in the - case. + description: The custom field label that is displayed in the case. maxLength: 50 minLength: 1 type: string @@ -7546,10 +6844,8 @@ paths: - toggle type: string required: - description: > - Indicates whether the field is required. If - `false`, the custom field can be set to null or - omitted when a case is created or updated. + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. type: boolean type: array error: @@ -7620,16 +6916,8 @@ paths: tags: - cases post: - description: > - Case settings include external connection details, custom fields, and - templates. Connectors are used to interface with external systems. You - must create a connector before you can use it in your cases. If you set - a default connector, it is automatically selected when you create cases - in Kibana. If you use the create case API, however, you must still - specify all of the connector details. You must have `all` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where you are creating cases. + description: | + Case settings include external connection details, custom fields, and templates. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. If you set a default connector, it is automatically selected when you create cases in Kibana. If you use the create case API, however, you must still specify all of the connector details. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where you are creating cases. operationId: setCaseConfigurationDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -7657,24 +6945,15 @@ paths: type: object properties: fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. example: none type: string name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. example: none type: string type: @@ -7711,27 +6990,19 @@ paths: type: object properties: defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. oneOf: - type: string - type: boolean key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. maxLength: 36 minLength: 1 type: string label: - description: >- - The custom field label that is displayed in the - case. + description: The custom field label that is displayed in the case. maxLength: 50 minLength: 1 type: string @@ -7742,10 +7013,8 @@ paths: - toggle type: string required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. type: boolean type: array error: @@ -7816,14 +7085,8 @@ paths: - cases /api/cases/configure/{configurationId}: patch: - description: > - Updates setting details such as the closure type, custom fields, - templates, and the default connector for cases. Connectors are used to - interface with external systems. You must create a connector before you - can use it in your cases. You must have `all` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the case was created. + description: | + Updates setting details such as the closure type, custom fields, templates, and the default connector for cases. Connectors are used to interface with external systems. You must create a connector before you can use it in your cases. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on where the case was created. operationId: updateCaseConfigurationDefaultSpace parameters: - $ref: '#/components/parameters/Cases_kbn_xsrf' @@ -7842,8 +7105,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: updateCaseConfigurationResponse: - $ref: >- - #/components/examples/Cases_update_case_configuration_response + $ref: '#/components/examples/Cases_update_case_configuration_response' schema: type: object properties: @@ -7853,24 +7115,15 @@ paths: type: object properties: fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. example: none type: string name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. example: none type: string type: @@ -7907,27 +7160,19 @@ paths: type: object properties: defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. oneOf: - type: string - type: boolean key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. maxLength: 36 minLength: 1 type: string label: - description: >- - The custom field label that is displayed in the - case. + description: The custom field label that is displayed in the case. maxLength: 50 minLength: 1 type: string @@ -7938,10 +7183,8 @@ paths: - toggle type: string required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. type: boolean type: array error: @@ -8012,10 +7255,8 @@ paths: - cases /api/cases/configure/connectors/_find: get: - description: > - Get information about connectors that are supported for use in cases. - You must have `read` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. + description: | + Get information about connectors that are supported for use in cases. You must have `read` privileges for the **Actions and Connectors** feature in the **Management** section of the Kibana feature privileges. operationId: findCaseConnectorsDefaultSpace responses: '200': @@ -8064,15 +7305,8 @@ paths: - cases /api/cases/reporters: get: - description: > - Returns information about the users who opened cases. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. + description: | + Returns information about the users who opened cases. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases. The API returns information about the users as they existed at the time of the case creation, including their name, full name, and email address. If any of those details change thereafter or if a user is deleted, the information returned by this API is unchanged. operationId: getCaseReportersDefaultSpace parameters: - $ref: '#/components/parameters/Cases_owner_filter' @@ -8121,13 +7355,8 @@ paths: /api/cases/status: get: deprecated: true - description: > - Returns the number of cases that are open, closed, and in progress. - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; use the find cases API instead. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. + description: | + Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. operationId: getCaseStatusDefaultSpace parameters: - $ref: '#/components/parameters/Cases_owner_filter' @@ -8156,11 +7385,8 @@ paths: - cases /api/cases/tags: get: - description: > - Aggregates and returns a list of case tags. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. + description: | + Aggregates and returns a list of case tags. You must have read privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. operationId: getCaseTagsDefaultSpace parameters: - $ref: '#/components/parameters/Cases_owner_filter' @@ -8331,9 +7557,8 @@ paths: - data views /api/data_views/data_view/{viewId}/fields: post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. + description: | + Update fields presentation metadata such as count, customLabel, customDescription, and format. operationId: updateFieldsMetadataDefault parameters: - $ref: '#/components/parameters/Data_views_kbn_xsrf' @@ -8560,8 +7785,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response + $ref: '#/components/examples/Data_views_get_default_data_view_response' schema: type: object properties: @@ -8591,10 +7815,8 @@ paths: type: object properties: data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. + description: | + The data view identifier. NOTE: The API does not validate whether it is a valid identifier. Use `null` to unset the default data view. nullable: true type: string force: @@ -8625,10 +7847,8 @@ paths: - data views /api/data_views/swap_references: post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. + description: | + Changes saved object references from one data view identifier to another. WARNING: Misuse can break large numbers of saved objects! Practicing with a backup is recommended. operationId: swapDataViewsDefault parameters: - $ref: '#/components/parameters/Data_views_kbn_xsrf' @@ -8672,9 +7892,8 @@ paths: - data views /api/data_views/swap_references/_preview: post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. + description: | + Preview the impact of swapping saved object references from one data view identifier to another. operationId: previewSwapDataViewsDefault parameters: - $ref: '#/components/parameters/Data_views_kbn_xsrf' @@ -8683,8 +7902,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request + $ref: '#/components/examples/Data_views_preview_swap_data_view_request' schema: $ref: '#/components/schemas/Data_views_swap_data_view_request_object' required: true @@ -8729,8 +7947,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: @@ -8753,7 +7970,6 @@ paths: summary: Delete an alerts index tags: - Security Detections API - - Alert index API get: operationId: ReadAlertsIndex responses: @@ -8776,8 +7992,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: @@ -8800,7 +8015,6 @@ paths: summary: Reads the alert index name if it exists tags: - Security Detections API - - Alert index API post: operationId: CreateAlertsIndex responses: @@ -8819,8 +8033,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: @@ -8843,17 +8056,12 @@ paths: summary: Create an alerts index tags: - Security Detections API - - Alert index API /api/detection_engine/privileges: get: - description: > - Retrieves whether or not the user is authenticated, and the user's - Kibana - + description: | + Retrieves whether or not the user is authenticated, and the user's Kibana space and index privileges, which determine if the user can create an - index for the Elastic Security alerts generated by - detection engine rules. operationId: ReadPrivileges responses: @@ -8875,8 +8083,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -8887,7 +8094,6 @@ paths: summary: Returns user privileges for the Kibana space tags: - Security Detections API - - Privileges API /api/detection_engine/rules: delete: description: Delete a detection rule using the `rule_id` or `id` field. @@ -8915,7 +8121,6 @@ paths: summary: Delete a detection rule tags: - Security Detections API - - Rules API get: description: Retrieve a detection rule using the `rule_id` or `id` field. operationId: ReadRule @@ -8942,11 +8147,8 @@ paths: summary: Retrieve a detection rule tags: - Security Detections API - - Rules API patch: - description: >- - Update specific fields of an existing detection rule using the `rule_id` - or `id` field. + description: Update specific fields of an existing detection rule using the `rule_id` or `id` field. operationId: PatchRule requestBody: content: @@ -8964,7 +8166,6 @@ paths: summary: Patch a detection rule tags: - Security Detections API - - Rules API post: description: Create a new detection rule. operationId: CreateRule @@ -8984,14 +8185,10 @@ paths: summary: Create a detection rule tags: - Security Detections API - - Rules API put: - description: > - Update a detection rule using the `rule_id` or `id` field. The original - rule is replaced, and all unspecified fields are deleted. - + description: | + Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` or `rule_id` values. operationId: UpdateRule requestBody: @@ -9010,13 +8207,9 @@ paths: summary: Update a detection rule tags: - Security Detections API - - Rules API /api/detection_engine/rules/_bulk_action: post: - description: >- - Apply a bulk action, such as bulk edit, duplicate, or delete, to - multiple detection rules. The bulk action is applied to all rules that - match the query or to the rules listed by their IDs. + description: Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. operationId: PerformRulesBulkAction parameters: - description: Enables dry run mode for the request call. @@ -9031,14 +8224,11 @@ paths: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkDisableRules' - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - - $ref: >- - #/components/schemas/Security_Detections_API_BulkDuplicateRules - - $ref: >- - #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkDuplicateRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkManualRuleRun' - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': @@ -9046,15 +8236,12 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResponse - - $ref: >- - #/components/schemas/Security_Detections_API_BulkExportActionResponse + - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportActionResponse' description: OK summary: Apply a bulk action to detection rules tags: - Security Detections API - - Bulk API /api/detection_engine/rules/_bulk_create: post: deprecated: true @@ -9074,13 +8261,11 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. summary: Create multiple detection rules tags: - Security Detections API - - Bulk API /api/detection_engine/rules/_bulk_delete: delete: deprecated: true @@ -9096,37 +8281,30 @@ paths: id: $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' type: array - description: >- - A JSON array of `id` or `rule_id` fields of the rules you want to - delete. + description: A JSON array of `id` or `rule_id` fields of the rules you want to delete. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -9137,7 +8315,6 @@ paths: summary: Delete multiple detection rules tags: - Security Detections API - - Bulk API post: deprecated: true description: Deletes multiple rules. @@ -9152,37 +8329,30 @@ paths: id: $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' type: array - description: >- - A JSON array of `id` or `rule_id` fields of the rules you want to - delete. + description: A JSON array of `id` or `rule_id` fields of the rules you want to delete. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -9193,13 +8363,10 @@ paths: summary: Delete multiple detection rules tags: - Security Detections API - - Bulk API /api/detection_engine/rules/_bulk_update: patch: deprecated: true - description: >- - Update specific fields of existing detection rules using the `rule_id` - or `id` field. + description: Update specific fields of existing detection rules using the `rule_id` or `id` field. operationId: BulkPatchRules requestBody: content: @@ -9215,21 +8382,16 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. summary: Patch multiple detection rules tags: - Security Detections API - - Bulk API put: deprecated: true - description: > - Update multiple detection rules using the `rule_id` or `id` field. The - original rules are replaced, and all unspecified fields are deleted. - + description: | + Update multiple detection rules using the `rule_id` or `id` field. The original rules are replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` or `rule_id` values. operationId: BulkUpdateRules requestBody: @@ -9239,34 +8401,25 @@ paths: items: $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' type: array - description: >- - A JSON array where each element includes the `id` or `rule_id` field - of the rule you want to update and the fields you want to modify. + description: A JSON array where each element includes the `id` or `rule_id` field of the rule you want to update and the fields you want to modify. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. summary: Update multiple detection rules tags: - Security Detections API - - Bulk API /api/detection_engine/rules/_export: post: - description: > - Export detection rules to an `.ndjson` file. The following configuration - items are also included in the `.ndjson` file: - + description: | + Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: - Actions - - Exception lists - > info - > You cannot export prebuilt rules. operationId: ExportRules parameters: @@ -9292,15 +8445,12 @@ paths: type: object properties: objects: - description: >- - Array of `rule_id` fields. Exports all rules when - unspecified. + description: Array of `rule_id` fields. Exports all rules when unspecified. items: type: object properties: rule_id: - $ref: >- - #/components/schemas/Security_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' required: - rule_id type: array @@ -9319,12 +8469,9 @@ paths: summary: Export detection rules tags: - Security Detections API - - Import/Export API /api/detection_engine/rules/_find: get: - description: >- - Retrieve a paginated list of detection rules. By default, the first page - is returned, with 20 results per page. + description: Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. operationId: FindRules parameters: - in: query @@ -9377,8 +8524,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array page: type: integer @@ -9395,39 +8541,29 @@ paths: summary: List all detection rules tags: - Security Detections API - - Rules API /api/detection_engine/rules/_import: post: - description: > - Import detection rules from an `.ndjson` file, including actions and - exception lists. The request must include: - + description: | + Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: - The `Content-Type: multipart/form-data` HTTP header. - - A link to the `.ndjson` file containing the rules. operationId: ImportRules parameters: - - description: >- - Determines whether existing rules with the same `rule_id` are - overwritten. + - description: Determines whether existing rules with the same `rule_id` are overwritten. in: query name: overwrite required: false schema: default: false type: boolean - - description: >- - Determines whether existing exception lists with the same `list_id` - are overwritten. + - description: Determines whether existing exception lists with the same `list_id` are overwritten. in: query name: overwrite_exceptions required: false schema: default: false type: boolean - - description: >- - Determines whether existing actions with the same - `kibana.alert.rule.actions.id` are overwritten. + - description: Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten. in: query name: overwrite_action_connectors required: false @@ -9471,8 +8607,7 @@ paths: type: integer action_connectors_warnings: items: - $ref: >- - #/components/schemas/Security_Detections_API_WarningSchema + $ref: '#/components/schemas/Security_Detections_API_WarningSchema' type: array errors: items: @@ -9511,7 +8646,6 @@ paths: summary: Import detection rules tags: - Security Detections API - - Import/Export API /api/detection_engine/rules/{id}/exceptions: post: description: Create exception items that apply to a single detection rule. @@ -9531,8 +8665,7 @@ paths: properties: items: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps' type: array required: - items @@ -9544,8 +8677,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' type: array description: Successful response '400': @@ -9553,24 +8685,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: @@ -9618,12 +8746,9 @@ paths: summary: Install prebuilt detection rules and Timelines tags: - Security Detections API - - Prebuilt Rules API /api/detection_engine/rules/prepackaged/_status: get: - description: >- - Retrieve the status of all Elastic prebuilt detection rules and - Timelines. + description: Retrieve the status of all Elastic prebuilt detection rules and Timelines. operationId: ReadPrebuiltRulesAndTimelinesStatus responses: '200': @@ -9642,9 +8767,7 @@ paths: minimum: 0 type: integer rules_not_installed: - description: >- - The total number of available prebuilt rules that are not - installed + description: The total number of available prebuilt rules that are not installed minimum: 0 type: integer rules_not_updated: @@ -9656,9 +8779,7 @@ paths: minimum: 0 type: integer timelines_not_installed: - description: >- - The total number of available prebuilt timelines that are - not installed + description: The total number of available prebuilt timelines that are not installed minimum: 0 type: integer timelines_not_updated: @@ -9677,14 +8798,11 @@ paths: summary: Retrieve the status of prebuilt detection rules and Timelines tags: - Security Detections API - - Prebuilt Rules API /api/detection_engine/rules/preview: post: operationId: RulePreview parameters: - - description: >- - Enables logging and returning in response ES queries, performed - during rule execution + - description: Enables logging and returning in response ES queries, performed during rule execution in: query name: enable_logged_requests required: false @@ -9696,50 +8814,32 @@ paths: schema: anyOf: - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' - allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewParams + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_RulePreviewParams' discriminator: propertyName: type - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + description: An object containing tags to add or remove and alert ids the changes will be applied required: true responses: '200': @@ -9752,12 +8852,10 @@ paths: type: boolean logs: items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLogs + $ref: '#/components/schemas/Security_Detections_API_RulePreviewLogs' type: array previewId: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - logs description: Successful response @@ -9766,17 +8864,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -9787,7 +8882,6 @@ paths: summary: Preview rule alerts generated on specified time range tags: - Security Detections API - - Rule preview API /api/detection_engine/signals/assignees: post: description: | @@ -9821,13 +8915,9 @@ paths: - Security Detections API /api/detection_engine/signals/finalize_migration: post: - description: > - Finalize successful migrations of detection alerts. This replaces the - original index's alias with the successfully migrated index's alias. - - The endpoint is idempotent; therefore, it can safely be used to poll a - given migration and, upon completion, - + description: | + Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. + The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, finalize it. operationId: FinalizeAlertsMigration requestBody: @@ -9851,8 +8941,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Detections_API_MigrationFinalizationResult + $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult' type: array description: Successful response '400': @@ -9860,17 +8949,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -9881,26 +8967,16 @@ paths: summary: Finalize detection alert migrations tags: - Security Detections API - - Alerts migration API /api/detection_engine/signals/migration: delete: - description: > - Migrations favor data integrity over shard size. Consequently, unused or - orphaned indices are artifacts of - - the migration process. A successful migration will result in both the - old and new indices being present. - + description: | + Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of + the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted. - While you can delete these indices manually, - - the endpoint accomplishes this task by applying a deletion policy to the - relevant index, causing it to be deleted - - after 30 days. It also deletes other artifacts specific to the migration - implementation. + the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted + after 30 days. It also deletes other artifacts specific to the migration implementation. operationId: AlertsMigrationCleanup requestBody: content: @@ -9923,8 +8999,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Detections_API_MigrationCleanupResult + $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult' type: array description: Successful response '400': @@ -9932,17 +9007,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -9953,15 +9025,10 @@ paths: summary: Clean up detection alert migrations tags: - Security Detections API - - Alerts migration API post: - description: > + description: | Initiate a migration of detection alerts. - - Migrations are initiated per index. While the process is neither - destructive nor interferes with existing data, it may be - resource-intensive. As such, it is recommended that you plan your - migrations accordingly. + Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. operationId: CreateAlertsMigration requestBody: content: @@ -9972,14 +9039,12 @@ paths: properties: index: items: - $ref: >- - #/components/schemas/Security_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array required: - index - - $ref: >- - #/components/schemas/Security_Detections_API_AlertsReindexOptions + - $ref: '#/components/schemas/Security_Detections_API_AlertsReindexOptions' description: Alerts migration parameters required: true responses: @@ -9992,12 +9057,9 @@ paths: indices: items: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess - - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexMigrationError - - $ref: >- - #/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration + - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess' + - $ref: '#/components/schemas/Security_Detections_API_AlertsIndexMigrationError' + - $ref: '#/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration' type: array required: - indices @@ -10007,17 +9069,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -10028,12 +9087,9 @@ paths: summary: Initiate a detection alert migration tags: - Security Detections API - - Alerts migration API /api/detection_engine/signals/migration_status: post: - description: >- - Retrieve indices that contain detection alerts of a particular age, - along with migration information for each of those indices. + description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. operationId: ReadAlertsMigrationStatus parameters: - description: Maximum age of qualifying detection alerts @@ -10041,12 +9097,9 @@ paths: name: from required: true schema: - description: > - Time from which data is analyzed. For example, now-4200s means the - rule analyzes data from 70 minutes - - before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). + description: | + Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes + before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). format: date-math type: string responses: @@ -10058,8 +9111,7 @@ paths: properties: indices: items: - $ref: >- - #/components/schemas/Security_Detections_API_IndexMigrationStatus + $ref: '#/components/schemas/Security_Detections_API_IndexMigrationStatus' type: array required: - indices @@ -10069,17 +9121,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -10090,7 +9139,6 @@ paths: summary: Retrieve the status of detection alert migrations tags: - Security Detections API - - Alerts migration API /api/detection_engine/signals/search: post: description: Find and/or aggregate detection alerts that match the given query. @@ -10145,17 +9193,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -10166,7 +9211,6 @@ paths: summary: Find and/or aggregate detection alerts tags: - Security Detections API - - Alerts API /api/detection_engine/signals/status: post: description: Set the status of one or more detection alerts. @@ -10176,13 +9220,9 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - - $ref: >- - #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery - description: >- - An object containing desired status and explicit alert ids or a query - to select alerts + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' + - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByQuery' + description: An object containing desired status and explicit alert ids or a query to select alerts required: true responses: '200': @@ -10198,17 +9238,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -10219,7 +9256,6 @@ paths: summary: Set a detection alert status tags: - Security Detections API - - Alerts API /api/detection_engine/signals/tags: post: description: | @@ -10240,9 +9276,7 @@ paths: required: - ids - tags - description: >- - An object containing tags to add or remove and alert ids the changes - will be applied + description: An object containing tags to add or remove and alert ids the changes will be applied required: true responses: '200': @@ -10258,17 +9292,14 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Detections_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Detections_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: @@ -10279,7 +9310,6 @@ paths: summary: Add and remove detection alert tags tags: - Security Detections API - - Alerts API /api/detection_engine/tags: get: description: List all unique tags from all detection rules. @@ -10294,45 +9324,26 @@ paths: summary: List all detection rule tags tags: - Security Detections API - - Tags API /api/encrypted_saved_objects/_rotate_key: post: - description: > + description: | Superuser role required. + If a saved object cannot be decrypted using the primary encryption key, then Kibana will attempt to decrypt it using the specified decryption-only keys. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key. - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. operationId: rotateEncryptionKey parameters: - - description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. + - description: | + Specifies a maximum number of saved objects that Kibana can process in a single batch. Bulk key rotation is an iterative process since Kibana may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value. in: query name: batch_size required: false schema: default: 10000 type: number - - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. + - description: | + Limits encryption key rotation only to the saved objects with the specified type. By default, Kibana tries to rotate the encryption key for all saved object types that may contain encrypted attributes. in: query name: type required: false @@ -10349,28 +9360,18 @@ paths: type: object properties: failed: - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. + description: | + Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that Kibana failed to re-encrypt with the primary key. type: number successful: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - + description: | + Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption. - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. + NOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that Kibana may not need or may not be able to rotate encryption keys for all encrypted saved objects. type: number total: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. + description: | + Indicates the total number of all encrypted saved objects (optionally filtered by the requested `type`), regardless of the key Kibana used for encryption. type: number description: Indicates a successful call. '400': @@ -10390,58 +9391,47 @@ paths: - saved objects /api/endpoint_list: post: - description: >- - Create an endpoint exception list, which groups endpoint exception list - items. If an endpoint exception list already exists, an empty response - is returned. + description: Create an endpoint exception list, which groups endpoint exception list items. If an endpoint exception list already exists, an empty response is returned. operationId: CreateEndpointList responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Create an endpoint exception list tags: - Security Endpoint Exceptions API /api/endpoint_list/items: delete: - description: >- - Delete an endpoint exception list item using the `id` or `item_id` - field. + description: Delete an endpoint exception list item using the `id` or `item_id` field. operationId: DeleteEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -10449,68 +9439,57 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Delete an endpoint exception list item tags: - Security Endpoint Exceptions API get: - description: >- - Get the details of an endpoint exception list item using the `id` or - `item_id` field. + description: Get the details of an endpoint exception list item using the `id` or `item_id` field. operationId: ReadEndpointListItem parameters: - description: Either `id` or `item_id` must be specified @@ -10518,23 +9497,20 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' type: array description: Successful response '400': @@ -10542,46 +9518,38 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Get an endpoint exception list item tags: - Security Endpoint Exceptions API post: - description: >- - Create an endpoint exception list item, and associate it with the - endpoint exception list. + description: Create an endpoint exception list item, and associate it with the endpoint exception list. operationId: CreateEndpointListItem requestBody: content: @@ -10590,35 +9558,26 @@ paths: type: object properties: comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' default: [] type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' required: - type - name @@ -10631,54 +9590,45 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item already exists '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Create an endpoint exception list item tags: - Security Endpoint Exceptions API put: - description: >- - Update an endpoint exception list item using the `id` or `item_id` - field. + description: Update an endpoint exception list item using the `id` or `item_id` field. operationId: UpdateEndpointListItem requestBody: content: @@ -10689,39 +9639,29 @@ paths: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' description: Either `id` or `item_id` must be specified meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' required: - type - name @@ -10734,46 +9674,39 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Update an endpoint exception list item tags: @@ -10783,17 +9716,14 @@ paths: description: Get a list of all endpoint exception list items. operationId: FindEndpointListItems parameters: - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the `:` syntax. in: query name: filter required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter' - description: The page number to return in: query name: page @@ -10813,8 +9743,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -10833,8 +9762,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' type: array page: minimum: 0 @@ -10858,38 +9786,32 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error summary: Get endpoint exception list items tags: @@ -10903,15 +9825,13 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get response actions tags: @@ -10934,8 +9854,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse' description: OK summary: Get response actions status tags: @@ -10955,8 +9874,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get action details tags: @@ -10981,8 +9899,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get file information tags: @@ -11007,8 +9924,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Download a file tags: @@ -11021,16 +9937,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Run a command tags: @@ -11043,40 +9957,34 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a file tags: - Security Endpoint Management API /api/endpoint/action/isolate: post: - description: >- - Isolate an endpoint from the network. The endpoint remains isolated - until it's released. + description: Isolate an endpoint from the network. The endpoint remains isolated until it's released. operationId: EndpointIsolateAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Isolate an endpoint tags: @@ -11089,16 +9997,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Terminate a process tags: @@ -11111,16 +10017,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get running processes tags: @@ -11133,33 +10037,28 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Scan a file or directory tags: - Security Endpoint Management API /api/endpoint/action/state: get: - description: >- - Get a response actions state, which reports whether encryption is - enabled. + description: Get a response actions state, which reports whether encryption is enabled. operationId: EndpointGetActionsState responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse' description: OK summary: Get actions state tags: @@ -11172,16 +10071,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Suspend a process tags: @@ -11194,16 +10091,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Release an isolated endpoint tags: @@ -11216,16 +10111,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Upload a file tags: @@ -11238,15 +10131,13 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery + $ref: '#/components/schemas/Security_Endpoint_Management_API_ListRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a metadata list tags: @@ -11265,8 +10156,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get metadata tags: @@ -11288,8 +10178,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a policy response tags: @@ -11308,8 +10197,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK summary: Get a protection updates note tags: @@ -11336,8 +10224,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse + $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK summary: Create or update a protection updates note tags: @@ -11356,8 +10243,7 @@ paths: type: integer engines: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' type: array description: Successful response summary: List the Entity Engines @@ -11406,8 +10292,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response summary: Get an Entity Engine tags: @@ -11435,8 +10320,7 @@ paths: filter: type: string indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' description: Schema for the engine initialization required: true responses: @@ -11444,8 +10328,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response summary: Initialize an Entity Engine tags: @@ -11491,22 +10374,19 @@ paths: type: object properties: indexPattern: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_IndexPattern + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' indices: items: type: object type: array status: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineStatus + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' transforms: items: type: object type: array type: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' description: Successful response summary: Get Entity Engine stats tags: @@ -11546,8 +10426,7 @@ paths: properties: result: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' type: array success: type: boolean @@ -11564,8 +10443,7 @@ paths: type: array result: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDataviewUpdateResult' type: array success: type: boolean @@ -11636,8 +10514,7 @@ paths: type: object properties: inspect: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_InspectQuery + $ref: '#/components/schemas/Security_Entity_Analytics_API_InspectQuery' page: minimum: 1 type: integer @@ -11647,8 +10524,7 @@ paths: type: integer records: items: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_Entity + $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity' type: array total: minimum: 0 @@ -11683,8 +10559,7 @@ paths: name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -11698,24 +10573,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -11752,8 +10623,7 @@ paths: name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -11767,24 +10637,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -11802,19 +10668,10 @@ paths: tags: - Security Exceptions API post: - description: > - An exception list groups exception items and can be associated with - detection rules. You can assign detection rules with multiple exception - lists. - + description: | + An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. + > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList requestBody: content: @@ -11823,34 +10680,25 @@ paths: type: object properties: description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' default: [] type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' default: 1 required: - name @@ -11870,24 +10718,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: @@ -11916,36 +10760,27 @@ paths: _version: type: string description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' version: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' required: - name - description @@ -11964,24 +10799,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -12013,11 +10844,8 @@ paths: name: namespace_type required: true schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + - description: Determines whether to include expired exceptions in the exported list in: query name: include_expired_exceptions required: true @@ -12039,24 +10867,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '405': content: @@ -12094,11 +10918,8 @@ paths: name: namespace_type required: true schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - - description: >- - Determines whether to include expired exceptions in the exported - list + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + - description: Determines whether to include expired exceptions in the exported list in: query name: include_expired_exceptions required: true @@ -12113,9 +10934,7 @@ paths: content: application/ndjson; Elastic-Api-Version=2023-10-31: schema: - description: >- - A `.ndjson` file containing specified exception list and its - items + description: A `.ndjson` file containing specified exception list and its items format: binary type: string description: Successful response @@ -12124,24 +10943,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -12163,29 +10978,20 @@ paths: description: Get a list of all exception lists. operationId: FindExceptionLists parameters: - - description: > - Filters the returned results according to the value of the specified - field. - - - Uses the `so type.field name:field` value syntax, where `so type` - can be: + - description: | + Filters the returned results according to the value of the specified field. + Uses the `so type.field name:field` value syntax, where `so type` can be: - `exception-list`: Specify a space-aware exception list. - - - `exception-list-agnostic`: Specify an exception list that is - shared across spaces. + - `exception-list-agnostic`: Specify an exception list that is shared across spaces. in: query name: filter required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - + $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListsFilter' + - description: | + Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) in: query name: namespace_type @@ -12194,8 +11000,7 @@ paths: default: - single items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - description: The page number to return in: query @@ -12235,8 +11040,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' type: array page: minimum: 1 @@ -12258,24 +11062,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: @@ -12291,12 +11091,9 @@ paths: description: Import an exception list and its associated items from an NDJSON file. operationId: ImportExceptionList parameters: - - description: > - Determines whether existing exception lists with the same `list_id` - are overwritten. - - If any exception items have the same `item_id`, those are also - overwritten. + - description: | + Determines whether existing exception lists with the same `list_id` are overwritten. + If any exception items have the same `item_id`, those are also overwritten. in: query name: overwrite required: false @@ -12315,13 +11112,9 @@ paths: schema: default: false type: boolean - - description: > - Determines whether the list being imported will have a new `list_id` - generated. - - Additional `item_id`'s are generated for each exception item. Both - the exception - + - description: | + Determines whether the list being imported will have a new `list_id` generated. + Additional `item_id`'s are generated for each exception item. Both the exception list and its items are overwritten. in: query name: as_new_list @@ -12348,8 +11141,7 @@ paths: type: object properties: errors: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray' success: type: boolean success_count: @@ -12379,24 +11171,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: @@ -12423,14 +11211,12 @@ paths: name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - in: query name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -12444,24 +11230,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -12479,9 +11261,7 @@ paths: tags: - Security Exceptions API get: - description: >- - Get the details of an exception list item using the `id` or `item_id` - field. + description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - description: Either `id` or `item_id` must be specified @@ -12495,14 +11275,12 @@ paths: name: item_id required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - in: query name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single responses: '200': @@ -12516,24 +11294,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -12551,12 +11325,9 @@ paths: tags: - Security Exceptions API post: - description: > - Create an exception item and associate it with the specified exception - list. - + description: | + Create an exception item and associate it with the specified exception list. > info - > Before creating exception items, you must create an exception list. operationId: CreateExceptionListItem requestBody: @@ -12566,45 +11337,34 @@ paths: type: object properties: comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' default: [] type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: - list_id - type @@ -12625,24 +11385,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: @@ -12671,49 +11427,37 @@ paths: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' description: Either `id` or `item_id` must be specified list_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' type: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: - type - name @@ -12733,24 +11477,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -12778,13 +11518,10 @@ paths: required: true schema: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' type: array - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the `:` syntax. in: query name: filter @@ -12792,13 +11529,10 @@ paths: schema: default: [] items: - $ref: >- - #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter + $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter' type: array - - description: > - Determines whether the returned containers are Kibana associated - with a Kibana space - + - description: | + Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) in: query name: namespace_type @@ -12807,8 +11541,7 @@ paths: default: - single items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' type: array - in: query name: search @@ -12853,8 +11586,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' type: array page: minimum: 1 @@ -12878,24 +11610,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -12933,8 +11661,7 @@ paths: name: namespace_type required: false schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single - description: Search filter clause in: query @@ -12967,24 +11694,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: @@ -13003,19 +11726,10 @@ paths: - Security Exceptions API /api/exceptions/shared: post: - description: > - An exception list groups exception items and can be associated with - detection rules. A shared exception list can apply to multiple detection - rules. - + description: | + An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. > info - - > All exception items added to the same list are evaluated using `OR` - logic. That is, if any of the items in a list evaluate to `true`, the - exception prevents the rule from generating an alert. Likewise, `OR` - logic is used for evaluating exceptions when more than one exception - list is assigned to a rule. To use the `AND` operator, you can define - multiple clauses (`entries`) in a single exception item. + > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateSharedExceptionList requestBody: content: @@ -13024,11 +11738,9 @@ paths: type: object properties: description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' name: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' required: - name - description @@ -13045,24 +11757,20 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Exceptions_API_SiemErrorResponse + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: @@ -13115,9 +11823,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -13191,9 +11897,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -13222,9 +11926,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -13348,9 +12050,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -13420,9 +12120,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. See the - proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -13451,9 +12149,7 @@ paths: name: type: string proxy_id: - description: >- - The ID of the proxy to use for this download source. - See the proxies API for more information. + description: The ID of the proxy to use for this download source. See the proxies API for more information. nullable: true type: string required: @@ -13610,9 +12306,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -13644,15 +12338,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -13719,11 +12409,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -13731,10 +12417,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -13780,9 +12463,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -13810,9 +12491,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -13865,9 +12544,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -13888,9 +12565,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -13904,20 +12579,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -13966,16 +12635,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package - policy will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -14006,9 +12671,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -14038,9 +12701,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -14169,9 +12830,7 @@ paths: force: type: boolean global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -14204,9 +12863,7 @@ paths: type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -14273,11 +12930,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object space_ids: @@ -14286,9 +12939,7 @@ paths: type: array supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -14353,9 +13004,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -14387,15 +13036,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -14462,11 +13107,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -14474,10 +13115,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -14523,9 +13161,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -14553,9 +13189,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -14608,9 +13242,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -14631,9 +13263,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -14647,20 +13277,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -14709,16 +13333,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -14749,9 +13369,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -14781,9 +13399,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -14931,9 +13547,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -14965,15 +13579,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -15040,11 +13650,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -15052,10 +13658,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list - of agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -15101,9 +13704,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -15131,9 +13732,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -15186,9 +13785,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -15209,9 +13806,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -15225,20 +13820,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank - to inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -15287,16 +13876,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package - policy will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -15327,9 +13912,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -15359,9 +13942,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports - agentless integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -15489,9 +14070,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -15523,15 +14102,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -15598,11 +14173,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -15610,10 +14181,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -15659,9 +14227,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -15689,9 +14255,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -15744,9 +14308,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -15767,9 +14329,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -15783,20 +14343,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -15845,16 +14399,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -15885,9 +14435,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -15917,9 +14465,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -16047,9 +14593,7 @@ paths: force: type: boolean global_data_tags: - description: >- - User defined data tags that are added to all of the inputs. - The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -16082,9 +14626,7 @@ paths: type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -16151,11 +14693,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent policy. - Input settings cannot be overridden. The override option - should be used only in unusual circumstances and not as a - routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object space_ids: @@ -16164,9 +14702,7 @@ paths: type: array supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -16231,9 +14767,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -16265,15 +14799,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -16340,11 +14870,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -16352,10 +14878,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -16401,9 +14924,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -16431,9 +14952,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -16486,9 +15005,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -16509,9 +15026,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -16525,20 +15040,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -16587,16 +15096,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -16627,9 +15132,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -16659,9 +15162,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -16809,9 +15310,7 @@ paths: nullable: true type: string global_data_tags: - description: >- - User defined data tags that are added to all of the - inputs. The values can be strings or numbers. + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. items: additionalProperties: false type: object @@ -16843,15 +15342,11 @@ paths: is_preconfigured: type: boolean is_protected: - description: >- - Indicates whether the agent policy has tamper - protection enabled. Default false. + description: Indicates whether the agent policy has tamper protection enabled. Default false. type: boolean keep_monitoring_alive: default: false - description: >- - When set to true, monitoring will be enabled but - logs/metrics collection will be disabled + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled nullable: true type: boolean monitoring_diagnostics: @@ -16918,11 +15413,7 @@ paths: type: string overrides: additionalProperties: {} - description: >- - Override settings that are defined in the agent - policy. Input settings cannot be overridden. The - override option should be used only in unusual - circumstances and not as a routine procedure. + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object package_policies: @@ -16930,10 +15421,7 @@ paths: - items: type: string type: array - - description: >- - This field is present only when retrieving a - single agent policy, or when retrieving a list of - agent policies with the ?full=true parameter + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter items: additionalProperties: false type: object @@ -16979,9 +15467,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -17009,9 +15495,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -17064,9 +15548,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -17087,9 +15569,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -17103,20 +15583,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should - be used only in unusual circumstances and - not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -17165,16 +15639,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy - will be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -17205,9 +15675,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -17237,9 +15705,7 @@ paths: type: string supports_agentless: default: false - description: >- - Indicates whether the agent policy supports agentless - integrations. + description: Indicates whether the agent policy supports agentless integrations. nullable: true type: boolean unenroll_timeout: @@ -17824,9 +16290,7 @@ paths: agentPolicyId: type: string force: - description: >- - bypass validation checks that can prevent agent policy - deletion + description: bypass validation checks that can prevent agent policy deletion type: boolean required: - agentPolicyId @@ -19864,9 +18328,7 @@ paths: latestErrors: items: additionalProperties: false - description: >- - latest errors that happened when the agents - executed the action + description: latest errors that happened when the agents executed the action type: object properties: agentId: @@ -20287,9 +18749,7 @@ paths: description: Unenrolls hosted agents too type: boolean includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too + description: When passing agents by KQL query, unenrolls inactive agents too type: boolean revoke: description: Revokes API keys of agents @@ -20614,10 +19074,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: additionalProperties: false - description: >- - A summary of the agent setup status. `isReady` indicates - whether the setup is ready. If the setup is not ready, - `missing_requirements` lists which requirements are missing. + description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. type: object properties: is_secrets_storage_enabled: @@ -20691,11 +19148,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. type: object properties: isInitialized: @@ -20992,14 +19445,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -21012,9 +19461,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -21103,14 +19550,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -21123,9 +19566,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -21243,14 +19684,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -21263,9 +19700,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id @@ -29413,9 +27848,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -29443,9 +27876,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -29498,9 +27929,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -29521,9 +27950,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -29536,9 +27963,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -29546,9 +27971,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -29573,15 +27996,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -29606,14 +28023,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -29622,20 +28034,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -29684,16 +28090,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -29729,9 +28131,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -29755,9 +28155,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -29843,9 +28241,7 @@ paths: enabled: type: boolean force: - description: >- - Force package policy creation even if package is not - verified, or if the agent policy is managed. + description: Force package policy creation even if package is not verified, or if the agent policy is managed. type: boolean id: description: Package policy unique identifier @@ -29867,9 +28263,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -29897,9 +28291,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -29952,9 +28344,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -29975,9 +28365,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -29989,19 +28377,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -30055,9 +28438,7 @@ paths: type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array vars: @@ -30072,9 +28453,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation for more - information) + description: Package variable (see integration documentation for more information) type: object required: - name @@ -30102,9 +28481,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default to - true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -30129,13 +28506,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation to - know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -30160,13 +28533,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object name: type: string @@ -30245,16 +28614,12 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object required: - name - package - description: >- - You should use inputs as an object and not use the deprecated - inputs array. + description: You should use inputs as an object and not use the deprecated inputs array. responses: '200': content: @@ -30311,9 +28676,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -30341,9 +28704,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -30396,9 +28757,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -30419,9 +28778,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -30434,9 +28791,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -30444,9 +28799,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -30471,14 +28824,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation - to know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -30503,13 +28851,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -30518,19 +28862,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -30579,16 +28918,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -30624,9 +28959,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -30650,9 +28983,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -30804,9 +29135,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -30834,9 +29163,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -30889,9 +29216,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -30912,9 +29237,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -30927,9 +29250,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -30937,9 +29258,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -30964,15 +29283,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -30997,14 +29310,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -31013,20 +29321,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine - procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -31075,16 +29377,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -31120,9 +29418,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -31146,9 +29442,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -31338,9 +29632,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -31368,9 +29660,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -31423,9 +29713,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -31446,9 +29734,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -31461,9 +29747,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -31471,9 +29755,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -31498,14 +29780,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation - to know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -31530,13 +29807,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -31545,19 +29818,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -31606,16 +29874,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -31651,9 +29915,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -31677,9 +29939,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -31790,9 +30050,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -31820,9 +30078,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -31875,9 +30131,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -31898,9 +30152,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -31911,19 +30163,14 @@ paths: name: type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit the - agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -31977,9 +30224,7 @@ paths: type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array vars: @@ -31994,9 +30239,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation for more - information) + description: Package variable (see integration documentation for more information) type: object version: type: string @@ -32023,9 +30266,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default to - true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -32050,13 +30291,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation to - know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -32081,13 +30318,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration documentation to - know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object name: type: string @@ -32166,9 +30399,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object required: - name @@ -32229,9 +30460,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -32259,9 +30488,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -32314,9 +30541,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -32337,9 +30562,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -32352,9 +30575,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default to - true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -32362,9 +30583,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -32389,14 +30608,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration documentation - to know what streams are available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -32421,13 +30635,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -32436,19 +30646,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to inherit - the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the package - policy. The override option should be used only in - unusual circumstances and not as a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -32497,16 +30702,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will be - added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy will be - added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -32542,9 +30743,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration documentation - for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -32568,9 +30767,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see integration - documentation for more information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -33037,9 +31234,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -33067,9 +31262,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -33122,9 +31315,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -33145,9 +31336,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -33160,9 +31349,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that input, (default - to true) + description: enable or disable that input, (default to true) type: boolean streams: additionalProperties: @@ -33170,9 +31357,7 @@ paths: type: object properties: enabled: - description: >- - enable or disable that stream, (default - to true) + description: enable or disable that stream, (default to true) type: boolean vars: additionalProperties: @@ -33197,15 +31382,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Input streams (see integration - documentation to know what streams are - available) + description: Input streams (see integration documentation to know what streams are available) type: object vars: additionalProperties: @@ -33230,15 +31409,9 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object - description: >- - Package policy inputs (see integration - documentation to know what inputs are - available) + description: Package policy inputs (see integration documentation to know what inputs are available) type: object x-oas-optional: true is_managed: @@ -33247,20 +31420,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -33309,16 +31476,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will - be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array revision: @@ -33354,9 +31517,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object - additionalProperties: anyOf: @@ -33380,10 +31541,7 @@ paths: - id - isSecretRef nullable: true - description: >- - Input/stream level variable (see - integration documentation for more - information) + description: Input/stream level variable (see integration documentation for more information) type: object x-oas-optional: true version: @@ -33438,9 +31596,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object enabled: type: boolean @@ -33468,9 +31624,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object data_stream: additionalProperties: false @@ -33523,9 +31677,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - enabled @@ -33546,9 +31698,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - type @@ -33565,20 +31715,14 @@ paths: description: Package policy name (should be unique) type: string namespace: - description: >- - The package policy namespace. Leave blank to - inherit the agent policy's namespace. + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. type: string output_id: nullable: true type: string overrides: additionalProperties: false - description: >- - Override settings that are defined in the - package policy. The override option should be - used only in unusual circumstances and not as - a routine procedure. + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object properties: @@ -33627,16 +31771,12 @@ paths: - version policy_id: deprecated: true - description: >- - Agent policy ID where that package policy will - be added + description: Agent policy ID where that package policy will be added nullable: true type: string policy_ids: items: - description: >- - Agent policy IDs where that package policy - will be added + description: Agent policy IDs where that package policy will be added type: string type: array vars: @@ -33651,9 +31791,7 @@ paths: value: {} required: - value - description: >- - Package variable (see integration - documentation for more information) + description: Package variable (see integration documentation for more information) type: object required: - name @@ -34463,11 +32601,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: additionalProperties: false - description: >- - A summary of the result of Fleet's `setup` lifecycle. If - `isInitialized` is true, Fleet is ready to accept agent - enrollment. `nonFatalErrors` may include useful insight into - non-blocking issues with Fleet setup. + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. type: object properties: isInitialized: @@ -34728,8 +32862,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -34781,8 +32914,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -34850,8 +32982,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -34926,8 +33057,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -34958,12 +33088,9 @@ paths: tags: - Security Lists API put: - description: > - Update a list using the list ID. The original list is replaced, and all - unspecified fields are deleted. - + description: | + Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` value. operationId: UpdateList requestBody: @@ -35003,8 +33130,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35036,9 +33162,7 @@ paths: - Security Lists API /api/lists/_find: get: - description: >- - Get a paginated subset of lists. By default, the first page is returned, - with 20 results per page. + description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page. operationId: FindLists parameters: - description: The page number to return @@ -35068,24 +33192,17 @@ paths: - desc - asc type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. + - description: | + Returns the list that come after the last list returned in the previous call + (use the cursor value returned in the previous call). This parameter uses + the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false schema: $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the : syntax. in: query name: filter @@ -35126,8 +33243,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35172,8 +33288,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35226,8 +33341,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35277,8 +33391,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35331,9 +33444,7 @@ paths: required: false schema: type: string - - description: >- - Determines when changes made by the request are made visible to - search + - description: Determines when changes made by the request are made visible to search in: query name: refresh required: false @@ -35360,8 +33471,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35429,8 +33539,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35476,9 +33585,7 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: >- - Determines when changes made by the request are made visible - to search + description: Determines when changes made by the request are made visible to search enum: - 'true' - 'false' @@ -35502,8 +33609,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35534,15 +33640,11 @@ paths: tags: - Security Lists API post: - description: > + description: | Create a list item and associate it with the specified list. - - All list items in the same list must be the same type. For example, each - list item in an `ip` list must define a specific IP address. - + All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. > info - > Before creating a list item, you must create a list. operationId: CreateListItem requestBody: @@ -35558,9 +33660,7 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: >- - Determines when changes made by the request are made visible - to search + description: Determines when changes made by the request are made visible to search enum: - 'true' - 'false' @@ -35585,8 +33685,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35617,12 +33716,9 @@ paths: tags: - Security Lists API put: - description: > - Update a list item using the list item ID. The original list item is - replaced, and all unspecified fields are deleted. - + description: | + Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. > info - > You cannot modify the `id` value. operationId: UpdateListItem requestBody: @@ -35656,8 +33752,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35712,8 +33807,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35781,24 +33875,17 @@ paths: - desc - asc type: string - - description: > - Returns the list that come after the last list returned in the - previous call - - (use the cursor value returned in the previous call). This parameter - uses - - the `tie_breaker_id` field to ensure all lists are sorted and - returned correctly. + - description: | + Returns the list that come after the last list returned in the previous call + (use the cursor value returned in the previous call). This parameter uses + the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false schema: $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - - description: > - Filters the returned results according to the value of the specified - field, - + - description: | + Filters the returned results according to the value of the specified field, using the : syntax. in: query name: filter @@ -35813,8 +33900,7 @@ paths: type: object properties: cursor: - $ref: >- - #/components/schemas/Security_Lists_API_FindListItemsCursor + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' data: items: $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -35840,8 +33926,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35867,10 +33952,8 @@ paths: - Security Lists API /api/lists/items/_import: post: - description: > - Import list items from a TXT or CSV file. The maximum file size is 9 - million bytes. - + description: | + Import list items from a TXT or CSV file. The maximum file size is 9 million bytes. You can import items to a new or existing list. operationId: ImportListItems @@ -35884,12 +33967,10 @@ paths: required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: > + - description: | Type of the importing list. - - Required when importing a new list that is `list_id` is not - specified. + Required when importing a new list that is `list_id` is not specified. in: query name: type required: false @@ -35905,9 +33986,7 @@ paths: required: false schema: type: string - - description: >- - Determines when changes made by the request are made visible to - search + - description: Determines when changes made by the request are made visible to search in: query name: refresh required: false @@ -35924,9 +34003,7 @@ paths: type: object properties: file: - description: >- - A `.txt` or `.csv` file containing newline separated list - items + description: A `.txt` or `.csv` file containing newline separated list items format: binary type: string required: true @@ -35942,8 +34019,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -35999,8 +34075,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: >- - #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': @@ -36026,12 +34101,8 @@ paths: - Security Lists API /api/ml/saved_objects/sync: get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. + description: | + Synchronizes Kibana saved objects for machine learning jobs and trained models in the default space. You must have `all` privileges for the **Machine Learning** feature in the **Analytics** section of the Kibana feature privileges. This API runs automatically when you start Kibana and periodically thereafter. operationId: mlSync parameters: - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' @@ -36095,7 +34166,6 @@ paths: summary: Delete a note tags: - Security Timeline API - - access:securitySolution get: description: Get all notes for a given document. operationId: GetNotes @@ -36159,7 +34229,6 @@ paths: summary: Get notes tags: - Security Timeline API - - access:securitySolution patch: description: Add a note to a Timeline or update an existing note. operationId: PersistNoteRoute @@ -36204,8 +34273,7 @@ paths: type: object properties: persistNote: - $ref: >- - #/components/schemas/Security_Timeline_API_ResponseNote + $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' required: - persistNote required: @@ -36214,7 +34282,6 @@ paths: summary: Add or update a note tags: - Security Timeline API - - access:securitySolution /api/osquery/live_queries: get: description: Get a list of all live queries. @@ -36224,15 +34291,13 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get live queries tags: @@ -36244,16 +34309,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Create a live query tags: @@ -36278,8 +34341,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get live query details tags: @@ -36303,15 +34365,13 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get live query results tags: @@ -36331,8 +34391,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get packs tags: @@ -36351,8 +34410,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Create a pack tags: @@ -36372,8 +34430,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Delete a pack tags: @@ -36392,8 +34449,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get pack details tags: @@ -36421,8 +34477,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Update a pack tags: @@ -36436,15 +34491,13 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get saved queries tags: @@ -36456,16 +34509,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + $ref: '#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Create a saved query tags: @@ -36485,8 +34536,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Delete a saved query tags: @@ -36505,8 +34555,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Get saved query details tags: @@ -36527,16 +34576,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + $ref: '#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK summary: Update a saved query tags: @@ -36574,8 +34621,7 @@ paths: type: object properties: persistPinnedEventOnTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' required: - persistPinnedEventOnTimeline required: @@ -36584,12 +34630,9 @@ paths: summary: Pin an event tags: - Security Timeline API - - access:securitySolution /api/risk_score/engine/dangerously_delete_data: delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms + description: Cleaning up the the Risk Engine by removing the indices, mapping and transforms operationId: CleanUpRiskEngine responses: '200': @@ -36605,25 +34648,20 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse' description: Unexpected error summary: Cleanup the Risk Engine tags: - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: - description: >- - Schedule the risk scoring engine to run as soon as possible. You can use - this to recalculate entity risk scores after updating their asset - criticality. + description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. operationId: ScheduleRiskEngineNow requestBody: content: @@ -36633,22 +34671,19 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse' description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse' description: Unexpected error summary: Run the risk scoring engine tags: @@ -36696,19 +34731,8 @@ paths: operationId: bulkDeleteSavedObjects parameters: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. + - description: | + When true, force delete objects that exist in multiple namespaces. Note that the option applies to the whole request. Use the delete object API to specify per-object deletion behavior. TIP: Use this if you attempted to delete objects and received an HTTP 400 error with the following message: "Unable to delete saved object that exists in multiple namespaces, use the force option to delete it anyway". WARNING: When you bulk delete objects that exist in multiple namespaces, the API also deletes legacy url aliases that reference the object. These requests are batched to minimise the impact but they can place a heavy load on Kibana. Make sure you limit the number of objects that exist in multiple namespaces in a single bulk delete operation. in: query name: force schema: @@ -36727,10 +34751,8 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + description: | + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -36773,14 +34795,8 @@ paths: /api/saved_objects/_bulk_resolve: post: deprecated: true - description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. + description: | + Retrieve multiple Kibana saved objects by identifier using any legacy URL aliases if they exist. Under certain circumstances when Kibana is upgraded, saved object migrations may necessitate regenerating some object IDs to enable new features. When an object's ID is regenerated, a legacy URL alias is created for that object, preserving its old ID. In such a scenario, that object can be retrieved by the bulk resolve API using either its new ID or its old ID. operationId: bulkResolveSavedObjects parameters: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' @@ -36798,10 +34814,8 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + description: | + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -36832,10 +34846,8 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + description: | + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -36847,24 +34859,15 @@ paths: - saved objects /api/saved_objects/_export: post: - description: > + description: | Retrieve sets of saved objects that you want to import into Kibana. - You must include `type` or `objects` in the request body. + Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana. - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - + NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be exported. - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. operationId: exportSavedObjectsDefault parameters: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' @@ -36882,9 +34885,7 @@ paths: description: Do not add export details entry at the end of the stream. type: boolean includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. + description: Includes all of the referenced objects in the exported objects. type: boolean objects: description: A list of objects to export. @@ -36892,9 +34893,7 @@ paths: type: object type: array type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. + description: The saved object types to include in the export. Use `*` to export all the types. oneOf: - type: string - items: @@ -36927,15 +34926,8 @@ paths: description: Retrieve a paginated set of Kibana saved objects. operationId: findSavedObjects parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. + - description: | + An aggregation structure, serialized as a string. The field format is similar to filter, meaning that to use a saved object type attribute in the aggregation, the `savedObjectType.attributes.title: "myTitle"` format must be used. For root fields, the syntax is `savedObjectType.rootField`. NOTE: As objects change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data. in: query name: aggs schema: @@ -36952,41 +34944,28 @@ paths: oneOf: - type: string - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. + - description: | + The filter is a KQL string with the caveat that if you filter with an attribute from your saved object type, it should look like that: `savedObjectType.attributes.title: "myTitle"`. However, if you use a root attribute of a saved object such as `updated_at`, you will have to define your filter like that: `savedObjectType.updated_at > 2018-12-22`. in: query name: filter schema: type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. + - description: Filters to objects that do not have a relationship with the type and identifier combination. in: query name: has_no_reference schema: type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. + - description: The operator to use for the `has_no_reference` parameter. Either `OR` or `AND`. Defaults to `OR`. in: query name: has_no_reference_operator schema: type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. + - description: Filters to objects that have a relationship with the type and ID combination. in: query name: has_reference schema: type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. + - description: The operator to use for the `has_reference` parameter. Either `OR` or `AND`. Defaults to `OR`. in: query name: has_reference_operator schema: @@ -37001,30 +34980,20 @@ paths: name: per_page schema: type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. + - description: An Elasticsearch `simple_query_string` query that filters the objects in the response. in: query name: search schema: type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. + - description: The fields to perform the `simple_query_string` parsed query against. in: query name: search_fields schema: oneOf: - type: string - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. + - description: | + Sorts the response. Includes "root" and "type" fields. "root" fields exist for all saved objects, such as "updated_at". "type" fields are specific to an object type, such as fields returned in the attributes key of the response. When a single type is defined in the type parameter, the "root" and "type" fields are allowed, and validity checks are made in that order. When multiple types are defined in the type parameter, only "root" fields are allowed. in: query name: sort_field schema: @@ -37055,49 +35024,30 @@ paths: - saved objects /api/saved_objects/_import: post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - + description: | + Create sets of Kibana saved objects from a file created by the export API. + Saved objects can be imported only into the same version, a newer minor on the same major, or the next major. Exported saved objects are not backwards compatible and cannot be imported into an older version of Kibana. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. operationId: importSavedObjectsDefault parameters: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. + - description: | + Creates copies of saved objects, regenerates each object ID, and resets the origin. When used, potential conflict errors are avoided. NOTE: This option cannot be used with the `overwrite` and `compatibilityMode` options. in: query name: createNewCopies required: false schema: type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. + - description: | + Overwrites saved objects when they already exist. When used, potential conflict errors are automatically resolved by overwriting the destination object. NOTE: This option cannot be used with the `createNewCopies` option. in: query name: overwrite required: false schema: type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. + - description: | + Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with imported saved objects. NOTE: This option cannot be used with the `createNewCopies` option. in: query name: compatibilityMode required: false @@ -37113,13 +35063,8 @@ paths: type: object properties: file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. + description: | + A file exported using the export API. NOTE: The `savedObjects.maxImportExportSize` configuration setting limits the number of saved objects which may be included in this file. Similarly, the `savedObjects.maxImportPayloadBytes` setting limits the overall size of the file that can be imported. required: true responses: '200': @@ -37132,38 +35077,25 @@ paths: type: object properties: errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - + description: | + Indicates the import was unsuccessful and specifies the objects that failed to import. - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. + NOTE: One object may result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and conflict error. items: type: object type: array success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. + description: | + Indicates when the import was successfully completed. When set to false, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. type: boolean successCount: description: Indicates the number of successfully imported records. type: integer successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - + description: | + Indicates the objects that are successfully imported, with any metadata if applicable. - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. + NOTE: Objects are created only when all resolvable errors are addressed, including conflicts and missing references. If objects are created as new copies, each entry in the `successResults` array includes a `destinationId` attribute. items: type: object type: array @@ -37187,39 +35119,26 @@ paths: --form file=@file.ndjson /api/saved_objects/_resolve_import_errors: post: - description: > + description: | To resolve errors from the Import objects API, you can: - * Retry certain saved objects - * Overwrite specific saved objects - * Change references to different saved objects - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. operationId: resolveImportErrors parameters: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. + - description: | + Applies various adjustments to the saved objects that are being imported to maintain compatibility between different Kibana versions. When enabled during the initial import, also enable when resolving import errors. This option cannot be used with the `createNewCopies` option. in: query name: compatibilityMode required: false schema: type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. + - description: | + Creates copies of the saved objects, regenerates each object ID, and resets the origin. When enabled during the initial import, also enable when resolving import errors. in: query name: createNewCopies required: false @@ -37230,8 +35149,7 @@ paths: multipart/form-data; Elastic-Api-Version=2023-10-31: examples: resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request + $ref: '#/components/examples/Saved_objects_resolve_missing_reference_request' schema: type: object properties: @@ -37240,35 +35158,24 @@ paths: format: binary type: string retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. + description: The retry operations, which can specify how to resolve different types of errors. items: type: object properties: destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. + description: Specifies the destination ID that the imported object should have, if different from the current ID. type: string id: description: The saved object ID. type: string ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. + description: When set to `true`, ignores missing reference errors. When set to `false`, does nothing. type: boolean overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. + description: When set to `true`, the source object overwrites the conflicting destination object. When set to `false`, does nothing. type: boolean replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. + description: A list of `type`, `from`, and `to` used to change the object references. items: type: object properties: @@ -37295,41 +35202,31 @@ paths: application/json; Elastic-Api-Version=2023-10-31: examples: resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response + $ref: '#/components/examples/Saved_objects_resolve_missing_reference_response' schema: type: object properties: errors: - description: > + description: | Specifies the objects that failed to resolve. - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. + NOTE: One object can result in multiple errors, which requires separate steps to resolve. For instance, a `missing_references` error and a `conflict` error. items: type: object type: array success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. + description: | + Indicates a successful import. When set to `false`, some objects may not have been created. For additional information, refer to the `errors` and `successResults` properties. type: boolean successCount: description: | Indicates the number of successfully resolved records. type: number successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - + description: | + Indicates the objects that are successfully imported, with any metadata if applicable. - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. + NOTE: Objects are only created when all resolvable errors are addressed, including conflict and missing references. items: type: object type: array @@ -37413,9 +35310,7 @@ paths: - saved objects post: deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. + description: Create a Kibana saved object and specify its identifier instead of using a randomly generated ID. operationId: createSavedObjectId parameters: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' @@ -37496,14 +35391,8 @@ paths: /api/saved_objects/resolve/{type}/{id}: get: deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. + description: | + Retrieve a single Kibana saved object by identifier using any legacy URL alias if it exists. Under certain circumstances, when Kibana is upgraded, saved object migrations may necessitate regenerating some object IDs to enable new features. When an object's ID is regenerated, a legacy URL alias is created for that object, preserving its old ID. In such a scenario, that object can be retrieved using either its new ID or its old ID. operationId: resolveSavedObject parameters: - $ref: '#/components/parameters/Saved_objects_saved_object_id' @@ -37526,10 +35415,7 @@ paths: - saved objects /api/security_ai_assistant/anonymization_fields/_bulk_action: post: - description: >- - Apply a bulk action to multiple anonymization fields. The bulk action is - applied to all anonymization fields that match the filter or to the list - of anonymization fields by their IDs. + description: Apply a bulk action to multiple anonymization fields. The bulk action is applied to all anonymization fields that match the filter or to the list of anonymization fields by their IDs. operationId: PerformAnonymizationFieldsBulkAction requestBody: content: @@ -37539,8 +35425,7 @@ paths: properties: create: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps' type: array delete: type: object @@ -37556,16 +35441,14 @@ paths: type: string update: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps' type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse' description: Indicates a successful call. '400': content: @@ -37583,7 +35466,6 @@ paths: summary: Apply a bulk action to anonymization fields tags: - Security AI Assistant API - - Bulk API /api/security_ai_assistant/anonymization_fields/_find: get: description: Get a list of all anonymization fields. @@ -37607,8 +35489,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + $ref: '#/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField' - description: Sort order in: query name: sort_order @@ -37640,8 +35521,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' type: array page: type: integer @@ -37671,7 +35551,6 @@ paths: summary: Get anonymization fields tags: - Security AI Assistant API - - AnonymizationFields API /api/security_ai_assistant/chat/complete: post: description: Create a model response for the given chat conversation. @@ -37706,7 +35585,6 @@ paths: summary: Create a model response tags: - Security AI Assistant API - - Chat Complete API /api/security_ai_assistant/current_user/conversations: post: description: Create a new Security AI Assistant conversation. @@ -37715,16 +35593,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -37742,7 +35618,6 @@ paths: summary: Create a conversation tags: - Security AI Assistant API - - Conversation API /api/security_ai_assistant/current_user/conversations/_find: get: description: Get a list of all conversations for the current user. @@ -37766,8 +35641,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + $ref: '#/components/schemas/Security_AI_Assistant_API_FindConversationsSortField' - description: Sort order in: query name: sort_order @@ -37799,8 +35673,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' type: array page: type: integer @@ -37830,7 +35703,6 @@ paths: summary: Get conversations tags: - Security AI Assistant API - - Conversations API /api/security_ai_assistant/current_user/conversations/{id}: delete: description: Delete an existing conversation using the conversation ID. @@ -37847,8 +35719,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -37866,7 +35737,6 @@ paths: summary: Delete a conversation tags: - Security AI Assistant API - - Conversation API get: description: Get the details of an existing conversation using the conversation ID. operationId: ReadConversation @@ -37882,8 +35752,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -37901,7 +35770,6 @@ paths: summary: Get a conversation tags: - Security AI Assistant API - - Conversations API put: description: Update an existing conversation using the conversation ID. operationId: UpdateConversation @@ -37916,16 +35784,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: @@ -37943,13 +35809,9 @@ paths: summary: Update a conversation tags: - Security AI Assistant API - - Conversation API /api/security_ai_assistant/prompts/_bulk_action: post: - description: >- - Apply a bulk action to multiple prompts. The bulk action is applied to - all prompts that match the filter or to the list of prompts by their - IDs. + description: Apply a bulk action to multiple prompts. The bulk action is applied to all prompts that match the filter or to the list of prompts by their IDs. operationId: PerformPromptsBulkAction requestBody: content: @@ -37959,8 +35821,7 @@ paths: properties: create: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptCreateProps' type: array delete: type: object @@ -37976,16 +35837,14 @@ paths: type: string update: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptUpdateProps' type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse' description: Indicates a successful call. '400': content: @@ -38003,7 +35862,6 @@ paths: summary: Apply a bulk action to prompts tags: - Security AI Assistant API - - Bulk API /api/security_ai_assistant/prompts/_find: get: description: Get a list of all prompts. @@ -38027,8 +35885,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + $ref: '#/components/schemas/Security_AI_Assistant_API_FindPromptsSortField' - description: Sort order in: query name: sort_order @@ -38060,8 +35917,7 @@ paths: properties: data: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' type: array page: type: integer @@ -38091,7 +35947,6 @@ paths: summary: Get prompts tags: - Security AI Assistant API - - Prompts API /api/security/role: get: operationId: get-security-role @@ -38104,10 +35959,7 @@ paths: enum: - '2023-10-31' type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. + - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges. in: query name: replaceDeprecatedPrivileges required: false @@ -38116,6 +35968,11 @@ paths: responses: '200': description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRolesResponse1: + $ref: '#/components/examples/get_roles_response1' summary: Get all roles tags: - roles @@ -38168,10 +36025,7 @@ paths: schema: minLength: 1 type: string - - description: >- - If `true` and the response contains any privileges that are - associated with deprecated features, they are omitted in favor of - details about the appropriate replacement feature privileges. + - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges. in: query name: replaceDeprecatedPrivileges required: false @@ -38180,13 +36034,16 @@ paths: responses: '200': description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRoleResponse1: + $ref: '#/components/examples/get_role_response1' summary: Get a role tags: - roles put: - description: >- - Create a new Kibana role or update the attributes of an existing role. - Kibana roles are stored in the Elasticsearch native realm. + description: Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm. operationId: put-security-role-name parameters: - description: The version of the API to use @@ -38236,9 +36093,7 @@ paths: properties: cluster: items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. + description: Cluster privileges that define the cluster level actions that users can perform. type: string type: array indices: @@ -38247,55 +36102,29 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - covers the restricted indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. type: boolean field_security: additionalProperties: items: - description: >- - The document fields that the role members have - read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - The data streams, indices, and aliases to which - the permissions in this entry apply. It supports - wildcards (*). + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that the role members - have for the data streams and indices. + description: The index level privileges that the role members have for the data streams and indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. type: string required: - names @@ -38308,19 +36137,13 @@ paths: properties: clusters: items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array privileges: items: - description: >- - The cluster level privileges for the remote - cluster. The allowed values are a subset of the - cluster privileges. + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. type: string minItems: 1 type: array @@ -38334,64 +36157,35 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be directly - accessed. Only internal system roles should - normally grant privileges over the restricted - indices. Toggling this flag is very strongly - discouraged because it could effectively grant - unrestricted operations on critical data, making - the entire system unstable or leaking sensitive - information. If for administrative purposes you - need to create a role with privileges covering - restricted indices, however, you can set this - property to true. In that case, the names field - will cover the restricted indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. type: boolean clusters: items: - description: >- - A list of remote cluster aliases. It supports - literal strings as well as wildcards and regular - expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: - description: >- - The document fields that the role members have - read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that role members - have for the specified indices. + description: The index level privileges that role members have for the specified indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents the role - members have read access to. A document within the - specified data streams and indices must match this - query in order for it to be accessible by the role - members. + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' type: string required: - clusters @@ -38419,23 +36213,17 @@ paths: nullable: true oneOf: - items: - description: >- - A base privilege that grants applies to all - spaces. + description: A base privilege that grants applies to all spaces. type: string type: array - items: - description: >- - A base privilege that applies to specific - spaces. + description: A base privilege that applies to specific spaces. type: string type: array feature: additionalProperties: items: - description: >- - The privileges that the role member has for the - feature. + description: The privileges that the role member has for the feature. type: string type: array type: object @@ -38462,6 +36250,15 @@ paths: type: object required: - elasticsearch + examples: + createRoleRequest1: + $ref: '#/components/examples/create_role_request1' + createRoleRequest2: + $ref: '#/components/examples/create_role_request2' + createRoleRequest3: + $ref: '#/components/examples/create_role_request3' + createRoleRequest4: + $ref: '#/components/examples/create_role_request4' responses: '204': description: Indicates a successful call. @@ -38509,9 +36306,7 @@ paths: properties: cluster: items: - description: >- - Cluster privileges that define the cluster level - actions that users can perform. + description: Cluster privileges that define the cluster level actions that users can perform. type: string type: array indices: @@ -38520,58 +36315,29 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field covers the restricted - indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field covers the restricted indices too. type: boolean field_security: additionalProperties: items: - description: >- - The document fields that the role - members have read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - The data streams, indices, and aliases to - which the permissions in this entry apply. - It supports wildcards (*). + description: The data streams, indices, and aliases to which the permissions in this entry apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that the role - members have for the data streams and - indices. + description: The index level privileges that the role members have for the data streams and indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role members. + description: A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. type: string required: - names @@ -38584,19 +36350,13 @@ paths: properties: clusters: items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array privileges: items: - description: >- - The cluster level privileges for the - remote cluster. The allowed values are a - subset of the cluster privileges. + description: The cluster level privileges for the remote cluster. The allowed values are a subset of the cluster privileges. type: string minItems: 1 type: array @@ -38610,67 +36370,35 @@ paths: type: object properties: allow_restricted_indices: - description: >- - Restricted indices are a special category of - indices that are used internally to store - configuration data and should not be - directly accessed. Only internal system - roles should normally grant privileges over - the restricted indices. Toggling this flag - is very strongly discouraged because it - could effectively grant unrestricted - operations on critical data, making the - entire system unstable or leaking sensitive - information. If for administrative purposes - you need to create a role with privileges - covering restricted indices, however, you - can set this property to true. In that case, - the names field will cover the restricted - indices too. + description: Restricted indices are a special category of indices that are used internally to store configuration data and should not be directly accessed. Only internal system roles should normally grant privileges over the restricted indices. Toggling this flag is very strongly discouraged because it could effectively grant unrestricted operations on critical data, making the entire system unstable or leaking sensitive information. If for administrative purposes you need to create a role with privileges covering restricted indices, however, you can set this property to true. In that case, the names field will cover the restricted indices too. type: boolean clusters: items: - description: >- - A list of remote cluster aliases. It - supports literal strings as well as - wildcards and regular expressions. + description: A list of remote cluster aliases. It supports literal strings as well as wildcards and regular expressions. type: string minItems: 1 type: array field_security: additionalProperties: items: - description: >- - The document fields that the role - members have read access to. + description: The document fields that the role members have read access to. type: string type: array type: object names: items: - description: >- - A list of remote aliases, data streams, or - indices to which the permissions apply. It - supports wildcards (*). + description: A list of remote aliases, data streams, or indices to which the permissions apply. It supports wildcards (*). type: string minItems: 1 type: array privileges: items: - description: >- - The index level privileges that role - members have for the specified indices. + description: The index level privileges that role members have for the specified indices. type: string minItems: 1 type: array query: - description: >- - A search query that defines the documents - the role members have read access to. A - document within the specified data streams - and indices must match this query in order - for it to be accessible by the role - members. + description: 'A search query that defines the documents the role members have read access to. A document within the specified data streams and indices must match this query in order for it to be accessible by the role members. ' type: string required: - clusters @@ -38679,9 +36407,7 @@ paths: type: array run_as: items: - description: >- - A user name that the role member can - impersonate. + description: A user name that the role member can impersonate. type: string type: array kibana: @@ -38700,23 +36426,17 @@ paths: nullable: true oneOf: - items: - description: >- - A base privilege that grants applies to - all spaces. + description: A base privilege that grants applies to all spaces. type: string type: array - items: - description: >- - A base privilege that applies to specific - spaces. + description: A base privilege that applies to specific spaces. type: string type: array feature: additionalProperties: items: - description: >- - The privileges that the role member has for - the feature. + description: The privileges that the role member has for the feature. type: string type: array type: object @@ -38754,15 +36474,7 @@ paths: - roles /api/spaces/_copy_saved_objects: post: - description: >- - It also allows you to automatically copy related objects, so when you - copy a dashboard, this can automatically copy over the associated - visualizations, data views, and saved searches, as required. You can - request to overwrite any objects that already exist in the target space - if they share an identifier or you can use the resolve copy saved - objects conflicts API to do this on a per-object - basis.

[Required authorization] Route required privileges: ALL - of [copySavedObjectsToSpaces]. + description: 'It also allows you to automatically copy related objects, so when you copy a dashboard, this can automatically copy over the associated visualizations, data views, and saved searches, as required. You can request to overwrite any objects that already exist in the target space if they share an identifier or you can use the resolve copy saved objects conflicts API to do this on a per-object basis.

[Required authorization] Route required privileges: ALL of [copySavedObjectsToSpaces].' operationId: post-spaces-copy-saved-objects parameters: - description: The version of the API to use @@ -38789,26 +36501,15 @@ paths: properties: compatibilityMode: default: false - description: >- - Apply various adjustments to the saved objects that are - being copied to maintain compatibility between different - Kibana versions. Use this option only if you encounter - issues with copied saved objects. This option cannot be used - with the `createNewCopies` option. + description: Apply various adjustments to the saved objects that are being copied to maintain compatibility between different Kibana versions. Use this option only if you encounter issues with copied saved objects. This option cannot be used with the `createNewCopies` option. type: boolean createNewCopies: default: true - description: >- - Create new copies of saved objects, regenerate each object - identifier, and reset the origin. When used, potential - conflict errors are avoided. This option cannot be used - with the `overwrite` and `compatibilityMode` options. + description: Create new copies of saved objects, regenerate each object identifier, and reset the origin. When used, potential conflict errors are avoided. This option cannot be used with the `overwrite` and `compatibilityMode` options. type: boolean includeReferences: default: false - description: >- - When set to true, all saved objects related to the specified - saved objects will also be copied into the target spaces. + description: When set to true, all saved objects related to the specified saved objects will also be copied into the target spaces. type: boolean objects: items: @@ -38827,24 +36528,34 @@ paths: type: array overwrite: default: false - description: >- - When set to true, all conflicts are automatically - overridden. When a saved object with a matching type and - identifier exists in the target space, that version is - replaced with the version from the source space. This option - cannot be used with the `createNewCopies` option. + description: When set to true, all conflicts are automatically overridden. When a saved object with a matching type and identifier exists in the target space, that version is replaced with the version from the source space. This option cannot be used with the `createNewCopies` option. type: boolean spaces: items: - description: >- - The identifiers of the spaces where you want to copy the - specified objects. + description: The identifiers of the spaces where you want to copy the specified objects. type: string type: array required: - spaces - objects - responses: {} + examples: + copySavedObjectsRequestExample1: + $ref: '#/components/examples/copy_saved_objects_request1' + copySavedObjectsRequestExample2: + $ref: '#/components/examples/copy_saved_objects_request2' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + copySavedObjectsResponseExample1: + $ref: '#/components/examples/copy_saved_objects_response1' + copySavedObjectsResponseExample2: + $ref: '#/components/examples/copy_saved_objects_response2' + copySavedObjectsResponseExample3: + $ref: '#/components/examples/copy_saved_objects_response3' + copySavedObjectsResponseExample4: + $ref: '#/components/examples/copy_saved_objects_response4' summary: Copy saved objects between spaces tags: - spaces @@ -38880,9 +36591,7 @@ paths: type: object properties: sourceId: - description: >- - The alias source object identifier. This is the legacy - object identifier. + description: The alias source object identifier. This is the legacy object identifier. type: string targetSpace: description: The space where the alias target object exists. @@ -38897,6 +36606,9 @@ paths: type: array required: - aliases + examples: + disableLegacyURLRequestExample1: + $ref: '#/components/examples/disable_legacy_url_request1' responses: {} summary: Disable legacy URL aliases tags: @@ -38949,10 +36661,7 @@ paths: - spaces /api/spaces/_resolve_copy_saved_objects_errors: post: - description: >- - Overwrite saved objects that are returned as errors from the copy saved - objects to space API.

[Required authorization] Route required - privileges: ALL of [copySavedObjectsToSpaces]. + description: 'Overwrite saved objects that are returned as errors from the copy saved objects to space API.

[Required authorization] Route required privileges: ALL of [copySavedObjectsToSpaces].' operationId: post-spaces-resolve-copy-saved-objects-errors parameters: - description: The version of the API to use @@ -39006,30 +36715,20 @@ paths: type: object properties: createNewCopy: - description: >- - Creates new copies of the saved objects, regenerates - each object ID, and resets the origin. + description: Creates new copies of the saved objects, regenerates each object ID, and resets the origin. type: boolean destinationId: - description: >- - Specifies the destination identifier that the copied - object should have, if different from the current - identifier. + description: Specifies the destination identifier that the copied object should have, if different from the current identifier. type: string id: description: The saved object identifier. type: string ignoreMissingReferences: - description: >- - When set to true, any missing references errors are - ignored. + description: When set to true, any missing references errors are ignored. type: boolean overwrite: default: false - description: >- - When set to true, the saved object from the source - space overwrites the conflicting object in the - destination space. + description: When set to true, the saved object from the source space overwrites the conflicting object in the destination space. type: boolean type: description: The saved object type. @@ -39042,7 +36741,20 @@ paths: required: - retries - objects - responses: {} + examples: + resolveCopySavedObjectsRequestExample1: + $ref: '#/components/examples/resolve_copy_saved_objects_request1' + resolveCopySavedObjectsRequestExample2: + $ref: '#/components/examples/resolve_copy_saved_objects_request2' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + resolveCopySavedObjectsResponseExample1: + $ref: '#/components/examples/copy_saved_objects_response1' + resolveCopySavedObjectsResponseExample2: + $ref: '#/components/examples/copy_saved_objects_response2' summary: Resolve conflicts copying saved objects tags: [] /api/spaces/_update_objects_spaces: @@ -39089,23 +36801,28 @@ paths: type: array spacesToAdd: items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. + description: The identifiers of the spaces the saved objects should be added to or removed from. type: string type: array spacesToRemove: items: - description: >- - The identifiers of the spaces the saved objects should be - added to or removed from. + description: The identifiers of the spaces the saved objects should be added to or removed from. type: string type: array required: - objects - spacesToAdd - spacesToRemove - responses: {} + examples: + updateObjectSpacesRequestExample1: + $ref: '#/components/examples/update_saved_objects_spaces_request1' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateObjectSpacesResponseExample1: + $ref: '#/components/examples/update_saved_objects_spaces_response1' summary: Update saved objects in spaces tags: - spaces @@ -39121,9 +36838,7 @@ paths: enum: - '2023-10-31' type: string - - description: >- - Specifies which authorization checks are applied to the API call. - The default value is `any`. + - description: Specifies which authorization checks are applied to the API call. The default value is `any`. in: query name: purpose required: false @@ -39133,14 +36848,7 @@ paths: - copySavedObjectsIntoSpace - shareSavedObjectsIntoSpace type: string - - description: >- - When enabled, the API returns any spaces that the user is authorized - to access in any capacity and each space will contain the purposes - for which the user is authorized. This can be useful to determine - which spaces a user can read but not take a specific action in. If - the security plugin is not enabled, this parameter has no effect, - since no authorization checks take place. This parameter cannot be - used in with the `purpose` parameter. + - description: When enabled, the API returns any spaces that the user is authorized to access in any capacity and each space will contain the purposes for which the user is authorized. This can be useful to determine which spaces a user can read but not take a specific action in. If the security plugin is not enabled, this parameter has no effect, since no authorization checks take place. This parameter cannot be used in with the `purpose` parameter. in: query name: include_authorized_purposes required: true @@ -39163,6 +36871,13 @@ paths: responses: '200': description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getSpacesResponseExample1: + $ref: '#/components/examples/get_spaces_response1' + getSpacesResponseExample2: + $ref: '#/components/examples/get_spaces_response2' summary: Get all spaces tags: - spaces @@ -39194,10 +36909,7 @@ paths: _reserved: type: boolean color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. type: string description: description: A description for the space. @@ -39209,26 +36921,13 @@ paths: type: string type: array id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. type: string imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. type: string initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. maxLength: 2 type: string name: @@ -39245,6 +36944,9 @@ paths: required: - id - name + examples: + createSpaceRequest: + $ref: '#/components/examples/create_space_request' responses: '200': description: Indicates a successful call. @@ -39253,9 +36955,7 @@ paths: - spaces /api/spaces/space/{id}: delete: - description: >- - When you delete a space, all saved objects that belong to the space are - automatically deleted, which is permanent and cannot be undone. + description: When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone. operationId: delete-spaces-space-id parameters: - description: The version of the API to use @@ -39307,6 +37007,11 @@ paths: responses: '200': description: Indicates a successful call. + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getSpaceResponseExample: + $ref: '#/components/examples/get_space_response' summary: Get a space tags: - spaces @@ -39328,9 +37033,7 @@ paths: schema: example: 'true' type: string - - description: >- - The space identifier. You are unable to change the ID with the - update operation. + - description: The space identifier. You are unable to change the ID with the update operation. in: path name: id required: true @@ -39346,10 +37049,7 @@ paths: _reserved: type: boolean color: - description: >- - The hexadecimal color code used in the space avatar. By - default, the color is automatically generated from the space - name. + description: The hexadecimal color code used in the space avatar. By default, the color is automatically generated from the space name. type: string description: description: A description for the space. @@ -39361,26 +37061,13 @@ paths: type: string type: array id: - description: >- - The space ID that is part of the Kibana URL when inside the - space. Space IDs are limited to lowercase alphanumeric, - underscore, and hyphen characters (a-z, 0-9, _, and -). You - are cannot change the ID with the update operation. + description: The space ID that is part of the Kibana URL when inside the space. Space IDs are limited to lowercase alphanumeric, underscore, and hyphen characters (a-z, 0-9, _, and -). You are cannot change the ID with the update operation. type: string imageUrl: - description: >- - The data-URL encoded image to display in the space avatar. - If specified, initials will not be displayed and the color - will be visible as the background color for transparent - images. For best results, your image should be 64x64. Images - will not be optimized by this API call, so care should be - taken when using custom images. + description: The data-URL encoded image to display in the space avatar. If specified, initials will not be displayed and the color will be visible as the background color for transparent images. For best results, your image should be 64x64. Images will not be optimized by this API call, so care should be taken when using custom images. type: string initials: - description: >- - One or two characters that are shown in the space avatar. By - default, the initials are automatically generated from the - space name. + description: One or two characters that are shown in the space avatar. By default, the initials are automatically generated from the space name. maxLength: 2 type: string name: @@ -39397,6 +37084,9 @@ paths: required: - id - name + examples: + updateSpaceRequest: + $ref: '#/components/examples/update_space_request' responses: '200': description: Indicates a successful call. @@ -39434,11 +37124,8 @@ paths: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. description: Overall status is OK and Kibana should be functioning normally. '503': content: @@ -39446,14 +37133,9 @@ paths: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse' + description: Kibana's operational status. A minimal response is sent for unauthorized users. + description: Kibana or some of it's essential services are unavailable. Kibana may be degraded or unavailable. summary: Get Kibana's current status tags: - system @@ -39472,9 +37154,7 @@ paths: type: string type: array searchIds: - description: >- - Saved search ids that should be deleted alongside the - timelines + description: Saved search ids that should be deleted alongside the timelines items: type: string type: array @@ -39502,7 +37182,6 @@ paths: summary: Delete Timelines or Timeline templates tags: - Security Timeline API - - access:securitySolution get: description: Get the details of an existing saved Timeline or Timeline template. operationId: GetTimeline @@ -39529,8 +37208,7 @@ paths: type: object properties: getOneTimeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' required: - getOneTimeline required: @@ -39541,12 +37219,8 @@ paths: summary: Get Timeline or Timeline template details tags: - Security Timeline API - - access:securitySolution patch: - description: >- - Update an existing Timeline. You can update the title, description, date - range, pinned events, pinned queries, and/or pinned saved queries of an - existing Timeline. + description: Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. operationId: PatchTimeline requestBody: content: @@ -39573,12 +37247,8 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' + description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '405': content: application/json; Elastic-Api-Version=2023-10-31: @@ -39589,13 +37259,10 @@ paths: type: string statusCode: type: number - description: >- - Indicates that the user does not have the required access to create - a draft Timeline. + description: Indicates that the user does not have the required access to create a draft Timeline. summary: Update a Timeline tags: - Security Timeline API - - access:securitySolution post: description: Create a new Timeline or Timeline template. operationId: CreateTimelines @@ -39627,17 +37294,14 @@ paths: type: string required: - timeline - description: >- - The required Timeline fields used to create a new Timeline, along with - optional fields that will be created if not provided. + description: The required Timeline fields used to create a new Timeline, along with optional fields that will be created if not provided. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates the Timeline was successfully created. '405': content: @@ -39653,7 +37317,6 @@ paths: summary: Create a Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution /api/timeline/_copy: get: description: | @@ -39678,19 +37341,14 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the timeline has been successfully copied. summary: Copies timeline or timeline template tags: - Security Timeline API - - access:securitySolution /api/timeline/_draft: get: - description: >- - Get the details of the draft Timeline or Timeline template for the - current user. If the user doesn't have a draft Timeline, an empty - Timeline is returned. + description: Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. operationId: GetDraftTimelines parameters: - in: query @@ -39703,8 +37361,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully retrieved. '403': content: @@ -39716,10 +37373,7 @@ paths: type: string status_code: type: number - description: >- - If a draft Timeline was not found and we attempted to create one, it - indicates that the user does not have the required permissions to - create a draft Timeline. + description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application:json; Elastic-Api-Version=2023-10-31: @@ -39730,22 +37384,15 @@ paths: type: string status_code: type: number - description: >- - This should never happen, but if a draft Timeline was not found and - we attempted to create one, it indicates that there is already a - draft Timeline with the given `timelineId`. + description: This should never happen, but if a draft Timeline was not found and we attempted to create one, it indicates that there is already a draft Timeline with the given `timelineId`. summary: Get draft Timeline or Timeline template details tags: - Security Timeline API - - access:securitySolution post: - description: > + description: | Create a clean draft Timeline or Timeline template for the current user. - > info - - > If the user already has a draft Timeline, the existing draft Timeline - is cleared and returned. + > If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. operationId: CleanDraftTimelines requestBody: content: @@ -39757,21 +37404,15 @@ paths: $ref: '#/components/schemas/Security_Timeline_API_TimelineType' required: - timelineType - description: >- - The type of Timeline to create. Valid values are `default` and - `template`. + description: The type of Timeline to create. Valid values are `default` and `template`. required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_PersistTimelineResponse - description: >- - Indicates that the draft Timeline was successfully created. In the - event the user already has a draft Timeline, the existing draft - Timeline is cleared and returned. + $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' + description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '403': content: application:json; Elastic-Api-Version=2023-10-31: @@ -39782,9 +37423,7 @@ paths: type: string status_code: type: number - description: >- - Indicates that the user does not have the required permissions to - create a draft Timeline. + description: Indicates that the user does not have the required permissions to create a draft Timeline. '409': content: application:json; Elastic-Api-Version=2023-10-31: @@ -39795,13 +37434,10 @@ paths: type: string status_code: type: number - description: >- - Indicates that there is already a draft Timeline with the given - `timelineId`. + description: Indicates that there is already a draft Timeline with the given `timelineId`. summary: Create a clean draft Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution /api/timeline/_export: post: description: Export Timelines as an NDJSON file. @@ -39848,7 +37484,6 @@ paths: summary: Export Timelines tags: - Security Timeline API - - access:securitySolution /api/timeline/_favorite: patch: description: Favorite a Timeline or Timeline template for the current user. @@ -39889,8 +37524,7 @@ paths: type: object properties: persistFavorite: - $ref: >- - #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' required: - persistFavorite required: @@ -39906,13 +37540,10 @@ paths: type: string statusCode: type: number - description: >- - Indicates the user does not have the required permissions to persist - the favorite status. + description: Indicates the user does not have the required permissions to persist the favorite status. summary: Favorite a Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution /api/timeline/_import: post: description: Import Timelines. @@ -39938,8 +37569,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the import of Timelines was successful. '400': content: @@ -39953,9 +37583,7 @@ paths: type: string statusCode: type: number - description: >- - Indicates the import of Timelines was unsuccessful because of an - invalid file extension. + description: Indicates the import of Timelines was unsuccessful because of an invalid file extension. '404': content: application/json; Elastic-Api-Version=2023-10-31: @@ -39966,9 +37594,7 @@ paths: type: string statusCode: type: number - description: >- - Indicates that we were unable to locate the saved object client - necessary to handle the import. + description: Indicates that we were unable to locate the saved object client necessary to handle the import. '409': content: application/json; Elastic-Api-Version=2023-10-31: @@ -39985,7 +37611,6 @@ paths: summary: Import Timelines tags: - Security Timeline API - - access:securitySolution /api/timeline/_prepackaged: post: description: Install or update prepackaged Timelines. @@ -39998,8 +37623,7 @@ paths: properties: prepackagedTimelines: items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' nullable: true type: array timelinesToInstall: @@ -40023,8 +37647,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Timeline_API_ImportTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the installation of prepackaged Timelines was successful. '500': content: @@ -40036,13 +37659,10 @@ paths: type: string statusCode: type: number - description: >- - Indicates the installation of prepackaged Timelines was - unsuccessful. + description: Indicates the installation of prepackaged Timelines was unsuccessful. summary: Install prepackaged Timelines tags: - Security Timeline API - - access:securitySolution /api/timeline/resolve: get: operationId: ResolveTimeline @@ -40066,8 +37686,7 @@ paths: - type: object properties: data: - $ref: >- - #/components/schemas/Security_Timeline_API_ResolvedTimeline + $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' required: - data - additionalProperties: false @@ -40080,15 +37699,12 @@ paths: summary: Get an existing saved Timeline or Timeline template tags: - Security Timeline API - - access:securitySolution /api/timelines: get: description: Get a list of all saved Timelines or Timeline templates. operationId: GetTimelines parameters: - - description: >- - If true, only timelines that are marked as favorites by the user are - returned. + - description: If true, only timelines that are marked as favorites by the user are returned. in: query name: only_user_favorite schema: @@ -40152,8 +37768,7 @@ paths: type: number timeline: items: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineResponse + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' type: array totalCount: type: number @@ -40175,12 +37790,10 @@ paths: summary: Get Timelines or Timeline templates tags: - Security Timeline API - - access:securitySolution /s/{spaceId}/api/observability/slos: get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: findSlosOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40228,9 +37841,7 @@ paths: - asc - desc type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings + - description: Hide stale SLOs from the list as defined by stale SLO threshold in SLO settings in: query name: hideStale schema: @@ -40270,9 +37881,8 @@ paths: tags: - slo post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: createSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40319,10 +37929,8 @@ paths: - slo /s/{spaceId}/api/observability/slos/_delete_instances: post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + The deletion occurs for the specified list of `sloId` and `instanceId`. You must have `all` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: deleteSloInstancesOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40359,9 +37967,8 @@ paths: - slo /s/{spaceId}/api/observability/slos/{sloId}: delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: deleteSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40398,9 +38005,8 @@ paths: tags: - slo get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `read` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: getSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40447,9 +38053,8 @@ paths: tags: - slo put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: updateSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40497,9 +38102,8 @@ paths: - slo /s/{spaceId}/api/observability/slos/{sloId}/_reset: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: resetSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40541,9 +38145,8 @@ paths: - slo /s/{spaceId}/api/observability/slos/{sloId}/disable: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: disableSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40581,9 +38184,8 @@ paths: - slo /s/{spaceId}/api/observability/slos/{sloId}/enable: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. + description: | + You must have the `write` privileges for the **SLOs** feature in the **Observability** section of the Kibana feature privileges. operationId: enableSloOp parameters: - $ref: '#/components/parameters/SLOs_kbn_xsrf' @@ -40864,9 +38466,7 @@ components: owner: cases type: user Cases_add_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: assignees: [] category: null @@ -40945,9 +38545,7 @@ components: - tag-1 title: Case title 1 Cases_create_case_response: - summary: >- - The create case API returns a JSON object that contains details about - the case. + summary: The create case API returns a JSON object that contains details about the case. value: assignees: [] closed_at: null @@ -41066,9 +38664,7 @@ components: type: assignees version: WzM1ODg4LDFb Cases_find_case_response: - summary: >- - Retrieve the first five cases with the `tag-1` tag, in ascending order - by last update time. + summary: Retrieve the first five cases with the `tag-1` tag, in ascending order by last update time. value: cases: - assignees: [] @@ -41193,9 +38789,7 @@ components: updated_by: null version: WzEyLDNd Cases_get_case_observability_response: - summary: >- - Retrieves information about an Observability case including its alerts - and comments. + summary: Retrieves information about an Observability case including its alerts and comments. value: assignees: - uid: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 @@ -41372,9 +38966,7 @@ components: - tag 1 - tag 2 Cases_push_case_response: - summary: >- - The push case API returns a JSON object with details about the case and - the external service. + summary: The push case API returns a JSON object with details about the case and the external service. value: closed_at: null closed_by: null @@ -41423,9 +39015,7 @@ components: username: elastic version: WzE3NjgsM10= Cases_set_case_configuration_request: - summary: >- - Set the closure type, custom fields, and default connector for Stack - Management cases. + summary: Set the closure type, custom fields, and default connector for Stack Management cases. value: closure_type: close-by-user connector: @@ -41612,9 +39202,7 @@ components: - tag-1 version: WzIzLDFd Cases_update_case_response: - summary: >- - This is an example response when the case description, tags, and - connector were updated. + summary: This is an example response when the case description, tags, and connector were updated. value: - assignees: [] category: null @@ -41682,9 +39270,7 @@ components: type: user version: Wzk1LDFd Cases_update_comment_response: - summary: >- - The add comment to case API returns a JSON object that contains details - about the case and its comments. + summary: The add comment to case API returns a JSON object that contains details about the case and its comments. value: assignees: [] category: null @@ -41769,9 +39355,7 @@ components: source: emit(doc["foo"].value) type: long Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. + summary: The get data view API returns a JSON object that contains information about the data view. value: data_view: allowNoIndex: false @@ -42722,10 +40306,7 @@ components: value: data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + summary: The get runtime field API returns a JSON object that contains information about the runtime field (`hour_of_day`) and the data view (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). value: data_view: allowNoIndex: false @@ -43234,9 +40815,7 @@ components: data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f force: true Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. + summary: Swap references from data view ID "abcd-efg" to "xyz-123" and remove the data view that is no longer referenced. value: delete: true fromId: abcd-efg @@ -43287,25 +40866,12 @@ components: - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 type: map Saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. + summary: The export objects API response contains a JSON record for each exported object. value: attributes: description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + layerListJSON: '[{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total Requests by Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web logs count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total Requests and Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web logs count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}]' + mapStateJSON: '{"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}}' title: '[Logs] Total Requests and Bytes' uiStateJSON: '{"isDarkMode":false}' coreMigrationVersion: 8.8.0 @@ -43330,10 +40896,7 @@ components: value: file: file.ndjson Saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. + summary: The import objects API response indicates a successful import and the objects are created. Since these objects are created as new copies, each entry in the successResults array includes a destinationId attribute. value: success: true successCount: 1 @@ -43389,6 +40952,1614 @@ components: icon: dashboardApp title: Look at my dashboard type: dashboard + get_connector_types_generativeai_response: + summary: A list of connector types for the `generativeAI` feature. + value: + - id: .gen-ai + name: OpenAI + enabled: true + enabled_in_config: true + enabled_in_license: true + minimum_license_required: enterprise + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + is_system_action_type: false + - id: .bedrock + name: AWS Bedrock + enabled: true + enabled_in_config: true + enabled_in_license: true + minimum_license_required: enterprise + supported_feature_ids: + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + is_system_action_type: false + - id: .gemini + name: Google Gemini + enabled: true + enabled_in_config: true + enabled_in_license: true + minimum_license_required: enterprise + supported_feature_ids: + - generativeAIForSecurity + is_system_action_type: false + get_connector_response: + summary: Get connector details. + value: + id: df770e30-8b8b-11ed-a780-3b746c987a81 + name: my_server_log_connector + config: {} + connector_type_id: .server-log + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + update_index_connector_request: + summary: Update an index connector. + value: + name: updated-connector + config: + index: updated-index + create_email_connector_request: + summary: Create an email connector. + value: + name: email-connector-1 + connector_type_id: .email + config: + from: tester@example.com + hasAuth: true + host: https://example.com + port: 1025 + secure: false + service: other + secrets: + user: username + password: password + create_index_connector_request: + summary: Create an index connector. + value: + name: my-connector + connector_type_id: .index + config: + index: test-index + create_webhook_connector_request: + summary: Create a webhook connector with SSL authentication. + value: + name: my-webhook-connector + connector_type_id: .webhook + config: + method: post + url: https://example.com + authType: webhook-authentication-ssl + certType: ssl-crt-key + secrets: + crt: QmFnIEF0dH... + key: LS0tLS1CRUdJ... + password: my-passphrase + create_xmatters_connector_request: + summary: Create an xMatters connector with URL authentication. + value: + name: my-xmatters-connector + connector_type_id: .xmatters + config: + usesBasic: false + secrets: + secretsUrl: https://example.com?apiKey=xxxxx + create_email_connector_response: + summary: A new email connector. + value: + id: 90a82c60-478f-11ee-a343-f98a117c727f + connector_type_id: .email + name: email-connector-1 + config: + from: tester@example.com + service: other + host: https://example.com + port: 1025 + secure: false + hasAuth: true + tenantId: null + clientId: null + oauthTokenUrl: null + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + create_index_connector_response: + summary: A new index connector. + value: + id: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad + connector_type_id: .index + name: my-connector + config: + index: test-index + refresh: false + executionTimeField: null + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + create_webhook_connector_response: + summary: A new webhook connector. + value: + id: 900eb010-3b9d-11ee-a642-8ffbb94e38bd + name: my-webhook-connector + config: + method: post + url: https://example.com + authType: webhook-authentication-ssl + certType: ssl-crt-key + verificationMode: full + headers: null + hasAuth: true + connector_type_id: .webhook + is_preconfigured: false + is_deprecated: false + is_missing_secrets: false + is_system_action: false + run_index_connector_request: + summary: Run an index connector. + value: + params: + documents: + - id: my_doc_id + name: my_doc_name + message: hello, world + run_jira_connector_request: + summary: Run a Jira connector to retrieve the list of issue types. + value: + params: + subAction: issueTypes + run_servicenow_itom_connector_request: + summary: Run a ServiceNow ITOM connector to retrieve the list of choices. + value: + params: + subAction: getChoices + subActionParams: + fields: + - severity + - urgency + run_slack_api_connector_request: + summary: Run a Slack connector that uses the web API method to post a message on a channel. + value: + params: + subAction: postMessage + subActionParams: + channelIds: + - C123ABC456 + text: A test message. + run_swimlane_connector_request: + summary: Run a Swimlane connector to create an incident. + value: + params: + subAction: pushToService + subActionParams: + comments: + - commentId: 1 + comment: A comment about the incident. + incident: + caseId: '1000' + caseName: Case name + description: Description of the incident. + run_index_connector_response: + summary: Response from running an index connector. + value: + connector_id: fd38c600-96a5-11ed-bb79-353b74189cba + data: + errors: false + items: + - create: + _id: 4JtvwYUBrcyxt2NnfW3y + _index: my-index + _primary_term: 1 + _seq_no: 0 + _shards: + failed: 0 + successful: 1 + total: 2 + _version: 1 + result: created + status: 201 + took: 135 + status: ok + run_jira_connector_response: + summary: Response from retrieving the list of issue types for a Jira connector. + value: + connector_id: b3aad810-edbe-11ec-82d1-11348ecbf4a6 + data: + - id: 10024 + name: Improvement + - id: 10006 + name: Task + - id: 10007 + name: Sub-task + - id: 10025 + name: New Feature + - id: 10023 + name: Bug + - id: 10000 + name: Epic + status: ok + run_server_log_connector_response: + summary: Response from running a server log connector. + value: + connector_id: 7fc7b9a0-ecc9-11ec-8736-e7d63118c907 + status: ok + run_servicenow_itom_connector_response: + summary: Response from retrieving the list of choices for a ServiceNow ITOM connector. + value: + connector_id: 9d9be270-2fd2-11ed-b0e0-87533c532698 + data: + - dependent_value: '' + element: severity + label: Critical + value: 1 + - dependent_value: '' + element: severity + label: Major + value: 2 + - dependent_value: '' + element: severity + label: Minor + value: 3 + - dependent_value: '' + element: severity + label: Warning + value: 4 + - dependent_value: '' + element: severity + label: OK + value: 5 + - dependent_value: '' + element: severity + label: Clear + value: 0 + - dependent_value: '' + element: urgency + label: 1 - High + value: 1 + - dependent_value: '' + element: urgency + label: 2 - Medium + value: 2 + - dependent_value: '' + element: urgency + label: 3 - Low + value: 3 + status: ok + run_slack_api_connector_response: + summary: Response from posting a message with a Slack connector. + value: + status: ok + data: + ok: true + channel: C123ABC456 + ts: '1234567890.123456' + message: + bot_id: B12BCDEFGHI + type: message + text: A test message + user: U12A345BC6D + ts: '1234567890.123456' + app_id: A01BC2D34EF + blocks: + - type: rich_text + block_id: /NXe + elements: + - type: rich_text_section + elements: + - type: text + text: A test message. + team: T01ABCDE2F + bot_profile: + id: B12BCDEFGHI + app_id: A01BC2D34EF + name: test + icons: + image_36: https://a.slack-edge.com/80588/img/plugins/app/bot_36.png + deleted: false + updated: 1672169705 + team_id: T01ABCDE2F + connector_id: .slack_api + run_swimlane_connector_response: + summary: Response from creating a Swimlane incident. + value: + connector_id: a4746470-2f94-11ed-b0e0-87533c532698 + data: + id: aKPmBHWzmdRQtx6Mx + title: TEST-457 + url: https://elastic.swimlane.url.us/record/aNcL2xniGHGpa2AHb/aKPmBHWzmdRQtx6Mx + pushedDate: '2022-09-08T16:52:27.866Z' + comments: + - commentId: 1 + pushedDate: '2022-09-08T16:52:27.865Z' + status: ok + get_connectors_response: + summary: A list of connectors + value: + - id: preconfigured-email-connector + name: my-preconfigured-email-notification + connector_type_id: .email + is_preconfigured: true + is_deprecated: false + referenced_by_count: 0 + is_system_action: false + - id: e07d0c80-8b8b-11ed-a780-3b746c987a81 + name: my-index-connector + config: + index: test-index + refresh: false + executionTimeField: null + connector_type_id: .index + is_preconfigured: false + is_deprecated: false + referenced_by_count: 2 + is_missing_secrets: false + is_system_action: false + update_rule_request: + summary: Index threshold rule + description: Update an index threshold rule that uses a server log connector to send notifications when the threshold is met. + value: + actions: + - frequency: + summary: false + notify_when: onActionGroupChange + group: threshold met + id: 96b668d0-a1b6-11ed-afdf-d39a49596974 + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group}}: + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + params: + aggField: sheet.version + aggType: avg + index: + - .updated-index + groupBy: top + termField: name.keyword + termSize: 6 + threshold: + - 1000 + thresholdComparator: '>' + timeField: '@timestamp' + timeWindowSize: 5 + timeWindowUnit: m + name: new name + schedule: + interval: 1m + tags: [] + update_rule_response: + summary: Index threshold rule + description: The response for successfully updating an index threshold rule. + value: + id: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + consumer: alerts + tags: [] + name: new name + enabled: true + throttle: null + revision: 1 + running: false + schedule: + interval: 1m + params: + index: + - .updated-index + timeField: '@timestamp' + groupBy: top + aggType: avg + timeWindowSize: 5 + timeWindowUnit: m + thresholdComparator: '>' + threshold: + - 1000 + aggField: sheet.version + termField: name.keyword + termSize: 6 + api_key_owner: elastic + created_by: elastic + updated_by: elastic + rule_type_id: .index-threshold + scheduled_task_id: 4c5eda00-e74f-11ec-b72f-5b18752ff9ea + created_at: '2024-03-26T23:13:20.985Z' + updated_at: '2024-03-26T23:22:59.949Z' + mute_all: false + muted_alert_ids: [] + execution_status: + status: ok + last_execution_date: '2024-03-26T23:22:51.390Z' + last_duration: 52 + actions: + - group: threshold met + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group}}: + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date} + id: 96b668d0-a1b6-11ed-afdf-d39a49596974 + uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d + connector_type_id: .server-log + frequency: + summary: false + throttle: null + notify_when: onActionGroupChange + last_run: + alerts_count: + new: 0 + ignored: 0 + recovered: 0 + active: 0 + outcome_msg: null + warning: null + outcome: succeeded + next_run: '2024-03-26T23:23:51.316Z' + api_key_created_by_user: false + create_es_query_esql_rule_request: + summary: Elasticsearch query rule (ES|QL) + description: | + Create an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL) to define its query and a server log connector to send notifications. + value: + name: my Elasticsearch query ESQL rule + params: + searchType: esqlQuery + esqlQuery: + esql: FROM kibana_sample_data_logs | KEEP bytes, clientip, host, geo.dest | where geo.dest != "GB" | STATS sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | SORT sumbytes desc | LIMIT 10 + timeField: '@timestamp' + timeWindowSize: 1 + timeWindowUnit: d + size: 0 + thresholdComparator: '>' + threshold: + - 0 + consumer: stackAlerts + rule_type_id: .es-query + schedule: + interval: 1d + actions: + - group: query matched + id: d0db1fe0-78d6-11ee-9177-f7d404c8c945 + params: + level: info + message: |- + Elasticsearch query rule '{{rule.name}}' is active: + - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}} + frequency: + summary: false + notify_when: onActiveAlert + create_es_query_rule_request: + summary: Elasticsearch query rule (DSL) + description: | + Create an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL) to define its query and a server log connector to send notifications. + value: + actions: + - group: query matched + params: + level: info + message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts. + id: fdbece50-406c-11ee-850e-c71febc4ca7f + frequency: + throttle: 1d + summary: true + notify_when: onThrottleInterval + - group: recovered + params: + level: info + message: Recovered + id: fdbece50-406c-11ee-850e-c71febc4ca7f + frequency: + summary: false + notify_when: onActionGroupChange + consumer: alerts + name: my Elasticsearch query rule + params: + esQuery: '"""{"query":{"match_all" : {}}}"""' + index: + - kibana_sample_data_logs + size: 100 + threshold: + - 100 + thresholdComparator: '>' + timeField: '@timestamp' + timeWindowSize: 1 + timeWindowUnit: d + rule_type_id: .es-query + schedule: + interval: 1d + create_es_query_kql_rule_request: + summary: Elasticsearch query rule (KQL) + description: Create an Elasticsearch query rule that uses Kibana query language (KQL). + value: + consumer: alerts + name: my Elasticsearch query KQL rule + params: + aggType: count + excludeHitsFromPreviousRun: true + groupBy: all + searchConfiguration: + query: + query: '""geo.src : "US" ""' + language: kuery + index: 90943e30-9a47-11e8-b64d-95841ca0b247 + searchType: searchSource + size: 100 + threshold: + - 1000 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + rule_type_id: .es-query + schedule: + interval: 1m + create_index_threshold_rule_request: + summary: Index threshold rule + description: | + Create an index threshold rule that uses a server log connector to send notifications when the threshold is met. + value: + actions: + - id: 48de3460-f401-11ed-9f8e-399c75a2deeb + frequency: + notify_when: onActionGroupChange + summary: false + group: threshold met + params: + level: info + message: |- + Rule '{{rule.name}}' is active for group '{{context.group}}': + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + alert_delay: + active: 3 + consumer: alerts + name: my rule + params: + aggType: avg + termSize: 6 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + groupBy: top + threshold: + - 1000 + index: + - .test-index + timeField: '@timestamp' + aggField: sheet.version + termField: name.keyword + rule_type_id: .index-threshold + schedule: + interval: 1m + tags: + - cpu + create_tracking_containment_rule_request: + summary: Tracking containment rule + description: | + Create a tracking containment rule that checks when an entity is contained or no longer contained within a boundary. + value: + consumer: alerts + name: my tracking rule + params: + index: kibana_sample_data_logs + dateField": '@timestamp' + geoField: geo.coordinates + entity: agent.keyword + boundaryType: entireIndex + boundaryIndexTitle: boundary* + boundaryGeoField: location + boundaryNameField: name + indexId: 90943e30-9a47-11e8-b64d-95841ca0b247 + boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc + rule_type_id: .geo-containment + schedule: + interval: 1h + create_es_query_esql_rule_response: + summary: Elasticsearch query rule (ES|QL) + description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch Query Language (ES|QL). + value: + id: e0d62360-78e8-11ee-9177-f7d404c8c945 + enabled: true + name: my Elasticsearch query ESQL rule + tags: [] + rule_type_id: .es-query + consumer: stackAlerts + schedule: + interval: 1d + actions: + - group: query matched + id: d0db1fe0-78d6-11ee-9177-f7d404c8c945 + params: + level: info + message: |- + Elasticsearch query rule '{{rule.name}}' is active: + - Value: {{context.value}} - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} - Timestamp: {{context.date}} - Link: {{context.link}} + connector_type_id: .server-log + frequency: + summary: false + notify_when: onActiveAlert + throttle: null + uuid: bfe370a3-531b-4855-bbe6-ad739f578844 + params: + searchType: esqlQuery + esqlQuery: + esql: FROM kibana_sample_data_logs | keep bytes, clientip, host, geo.dest | WHERE geo.dest != "GB" | stats sumbytes = sum(bytes) by clientip, host | WHERE sumbytes > 5000 | sort sumbytes desc | limit 10 + timeField: '@timestamp' + timeWindowSize: 1 + timeWindowUnit: d + size: 0 + thresholdComparator: '>' + threshold: + - 0 + excludeHitsFromPreviousRun": true, + aggType: count + groupBy: all + scheduled_task_id: e0d62360-78e8-11ee-9177-f7d404c8c945 + created_by: elastic + updated_by: elastic", + created_at: '2023-11-01T19:00:10.453Z' + updated_at: '2023-11-01T19:00:10.453Z' + api_key_owner: elastic + api_key_created_by_user: false + throttle: null + mute_all: false + notify_when: null + muted_alert_ids: [] + execution_status: + status: pending + last_execution_date: '2023-11-01T19:00:10.453Z' + revision: 0 + running: false + create_es_query_rule_response: + summary: Elasticsearch query rule (DSL) + description: The response for successfully creating an Elasticsearch query rule that uses Elasticsearch query domain specific language (DSL). + value: + id: 58148c70-407f-11ee-850e-c71febc4ca7f + enabled: true + name: my Elasticsearch query rule + tags: [] + rule_type_id: .es-query + consumer: alerts + schedule: + interval: 1d + actions: + - group: query matched + id: fdbece50-406c-11ee-850e-c71febc4ca7f + params: + level: info + message: The system has detected {{alerts.new.count}} new, {{alerts.ongoing.count}} ongoing, and {{alerts.recovered.count}} recovered alerts. + connector_type_id: .server-log + frequency: + summary: true + notify_when: onThrottleInterval + throttle: 1d + uuid: 53f3c2a3-e5d0-4cfa-af3b-6f0881385e78 + - group: recovered + id: fdbece50-406c-11ee-850e-c71febc4ca7f + params: + level: info + message: Recovered + connector_type_id: .server-log + frequency: + summary: false + notify_when: onActionGroupChange + throttle: null + uuid: 2324e45b-c0df-45c7-9d70-4993e30be758 + params: + thresholdComparator: '>' + timeWindowSize: 1 + timeWindowUnit: d + threshold: + - 100 + size: 100 + timeField: '@timestamp' + index: + - kibana_sample_data_logs + esQuery: '"""{"query":{"match_all" : {}}}"""' + excludeHitsFromPreviousRun: true + aggType: count + groupBy: all + searchType: esQuery + scheduled_task_id: 58148c70-407f-11ee-850e-c71febc4ca7f + created_by: elastic + updated_by: elastic + created_at: '2023-08-22T00:03:38.263Z' + updated_at: '2023-08-22T00:03:38.263Z' + api_key_owner: elastic + api_key_created_by_user: false + throttle: null + mute_all: false + notify_when: null + muted_alert_ids: [] + execution_status: + status: pending + last_execution_date: '2023-08-22T00:03:38.263Z' + revision: 0 + running: false + create_es_query_kql_rule_response: + summary: Elasticsearch query rule (KQL) + description: The response for successfully creating an Elasticsearch query rule that uses Kibana query language (KQL). + value: + id: 7bd506d0-2284-11ee-8fad-6101956ced88 + enabled: true + name: my Elasticsearch query KQL rule" + tags: [] + rule_type_id: .es-query + consumer: alerts + schedule: + interval: 1m + actions: [] + params: + searchConfiguration: + query: + query: '""geo.src : "US" ""' + language: kuery + index: 90943e30-9a47-11e8-b64d-95841ca0b247 + searchType: searchSource + timeWindowSize: 5 + timeWindowUnit: m + threshold: + - 1000 + thresholdComparator: '>' + size: 100 + aggType: count + groupBy: all + excludeHitsFromPreviousRun: true + created_by: elastic + updated_by: elastic + created_at: '2023-07-14T20:24:50.729Z' + updated_at: '2023-07-14T20:24:50.729Z' + api_key_owner: elastic + api_key_created_by_user: false + throttle: null + notify_when: null + mute_all: false + muted_alert_ids: [] + scheduled_task_id: 7bd506d0-2284-11ee-8fad-6101956ced88 + execution_status: + status: pending + last_execution_date: '2023-07-14T20:24:50.729Z' + revision: 0 + running: false + create_index_threshold_rule_response: + summary: Index threshold rule + description: The response for successfully creating an index threshold rule. + value: + actions: + - group: threshold met + id: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 + uuid: 07aef2a0-9eed-4ef9-94ec-39ba58eb609d + connector_type_id: .server-log + frequency: + notify_when: onActionGroupChange + summary: false + throttle: null + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group} : + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + alert_delay: + active: 3 + api_key_created_by_user: false + api_key_owner: elastic + consumer: alerts + created_at: '2022-06-08T17:20:31.632Z' + created_by: elastic + enabled: true + execution_status: + last_execution_date: '2022-06-08T17:20:31.632Z' + status: pending + id: 41893910-6bca-11eb-9e0d-85d233e3ee35 + muted_alert_ids: [] + mute_all: false + name: my rule + notify_when: null + params: + aggType: avg + termSize: 6 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + groupBy: top + threshold: + - 1000 + index: + - .test-index + timeField: '@timestamp' + aggField: sheet.version + termField: name.keyword + revision: 0 + rule_type_id: .index-threshold + running: false + schedule: + interval: 1m + scheduled_task_id: 425b0800-6bca-11eb-9e0d-85d233e3ee35 + tags: + - cpu + throttle: null + updated_at: '2022-06-08T17:20:31.632Z' + updated_by: elastic + create_tracking_containment_rule_response: + summary: Tracking containment rule + description: The response for successfully creating a tracking containment rule. + value: + id: b6883f9d-5f70-4758-a66e-369d7c26012f + name: my tracking rule + tags: [] + enabled: true + consumer: alerts + throttle: null + revision: 1 + running: false + schedule: + interval: 1h + params: + index: kibana_sample_data_logs + dateField: '@timestamp' + geoField: geo.coordinates + entity: agent.keyword + boundaryType: entireIndex + boundaryIndexTitle: boundary* + boundaryGeoField: location + boundaryNameField: name + indexId: 90943e30-9a47-11e8-b64d-95841ca0b247 + boundaryIndexId: 0cd90abf-abe7-44c7-909a-f621bbbcfefc + rule_type_id: .geo-containment + created_by: elastic + updated_by: elastic + created_at: '2024-02-14T19:52:55.920Z' + updated_at: '2024-02-15T03:24:32.574Z' + api_key_owner: elastic + notify_when: null + mute_all: false + muted_alert_ids: [] + scheduled_task_id: b6883f9d-5f70-4758-a66e-369d7c26012f + execution_status: + status: ok + last_execution_date: '2024-02-15T03:25:38.125Z' + last_duration: 74 + actions: [] + last_run: + alerts_count: + active: 0 + new: 0 + recovered: 0 + ignored: 0 + outcome_msg: null + outcome_order: 0 + outcome: succeeded + warning: null + next_run: '2024-02-15T03:26:38.033Z' + api_key_created_by_user: false + find_rules_response: + summary: Index threshold rule + description: A response that contains information about an index threshold rule. + value: + page: 1 + total: 1 + per_page: 10 + data: + - id: 3583a470-74f6-11ed-9801-35303b735aef + consumer: alerts + tags: + - cpu + name: my alert + enabled: true + throttle: null + schedule: + interval: 1m + params: + aggType: avg + termSize: 6 + thresholdComparator: '>' + timeWindowSize: 5 + timeWindowUnit: m + groupBy: top + threshold: + - 1000 + index: + - test-index + timeField: '@timestamp' + aggField: sheet.version + termField: name.keyword + revision: 1 + rule_type_id: .index-threshold + created_by: elastic + updated_by: elastic + created_at: '2022-12-05T23:40:33.132Z' + updated_at: '2022-12-05T23:40:33.132Z' + api_key_owner: elastic + mute_all: false + muted_alert_ids: [] + scheduled_task_id: 3583a470-74f6-11ed-9801-35303b735aef + execution_status: + status: ok + last_execution_date: '2022-12-06T01:44:23.983Z' + last_duration: 48 + actions: + - id: 9dca3e00-74f5-11ed-9801-35303b735aef + group: threshold met + uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61 + params: + level: info + message: |- + Rule {{rule.name}} is active for group {{context.group}}: + + - Value: {{context.value}} + - Conditions Met: {{context.conditions}} over {{rule.params.timeWindowSize}}{{rule.params.timeWindowUnit}} + - Timestamp: {{context.date}} + connector_type_id: .server-log + frequency: + summary: false + notify_when: onActionGroupChange + throttle: null + last_run: + alerts_count: + new: 0 + ignored: 0 + recovered: 0 + active: 0 + outcome_msg: null + warning: null + outcome: succeeded + next_run: '2022-12-06T01:45:23.912Z' + api_key_created_by_user: false + find_rules_response_conditional_action: + summary: Security rule + description: A response that contains information about a security rule that has conditional actions. + value: + page: 1 + total: 1 + per_page: 10 + data: + - id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb + name: security_rule + consumer: siem + enabled: true + tags: [] + throttle: null + revision: 1 + running: false + schedule: + interval: 1m + params: + author: [] + description: A security threshold rule. + ruleId: an_internal_rule_id + falsePositives: [] + from: now-3660s + immutable: false + license: '' + outputIndex: '' + meta: + from: 1h + kibana_siem_app_url: https://localhost:5601/app/security + maxSignals: 100 + riskScore: 21 + riskScoreMapping: [] + severity: low + severityMapping: [] + threat: [] + to: now + references: [] + version: 1 + exceptionsList: [] + type: threshold + language: kuery + index: + - kibana_sample_data_logs + query: '*' + filters: [] + threshold: + field: + - bytes + value: 1 + cardinality: [] + rule_type_id: siem.thresholdRule + created_by: elastic + updated_by: elastic + created_at: '2023-05-16T15:50:28.358Z' + updated_at: '2023-05-16T20:25:42.559Z' + api_key_owner: elastic + notify_when: null + mute_all: false + muted_alert_ids: [] + scheduled_task_id: 6107a8f0-f401-11ed-9f8e-399c75a2deeb + execution_status: + status: ok + last_execution_date: '2023-05-16T20:26:49.590Z' + last_duration: 166 + actions: + - group: default + id: 49eae970-f401-11ed-9f8e-399c75a2deeb + params: + documents: + - rule_id: + '[object Object]': null + rule_name: + '[object Object]': null + alert_id: + '[object Object]': null + context_message: + '[object Object]': null + connector_type_id: .index + frequency: + summary: true + notify_when: onActiveAlert + throttle: null + uuid: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61 + alerts_filter: + timeframe: + days: + - 7 + timezone: UTC + hours: + start: '08:00' + end: '17:00' + query: + kql: '' + filters: + - meta: + disabled: false + negate: false + alias: null + index: c4bdca79-e69e-4d80-82a1-e5192c621bea + key: client.geo.region_iso_code + field: client.geo.region_iso_code + params: + query: CA-QC + type: phrase + $state: + store: appState + query: + match_phrase: + client.geo.region_iso_code: CA-QC + last_run: + alerts_count: + new: 0 + ignored: 0 + recovered: 0 + active: 0 + outcome_msg: + - Rule execution completed successfully + outcome_order: 0 + warning: null + outcome: succeeded + next_run: '2023-05-16T20:27:49.507Z' + api_key_created_by_user: false + get_roles_response1: + summary: Get all role details + value: + - name: my_kibana_role + description: My kibana role description + metadata: + version: 1 + transient_metadata: + enabled: true + elasticsearch: + indices: [] + cluster: [] + run_as: [] + kibana: + - base: + - all + feature: {} + spaces: + - '*' + - name: my_admin_role + description: My admin role description + metadata: + version: 1 + transient_metadata: + enabled: true + elasticsearch: + cluster: + - all + indices: + - names: + - index1 + - index2 + privileges: + - all + field_security: + grant: + - title + - body + query: '{\"match\": {\"title\": \"foo\"}}' + kibana: [] + get_role_response1: + summary: Get role details + value: + name: my_kibana_role + description: Grants all cluster privileges and full access to index1 and index2. Grants full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grants all Kibana privileges in the default space. + metadata: + version: 1 + transient_metadata: + enabled: true + elasticsearch: + cluster: + - all + remote_cluster: + - privileges: + - monitor_enrich + clusters: + - remote_cluster1 + indices: + - names: + - index1 + - index2 + privileges: + - all + allow_restricted_indices: false + remote_indices: + - names: + - remote_index1 + - remote_index2 + privileges: + - all + allow_restricted_indices: false + clusters: + - remote_cluster1 + run_as: [] + kibana: + - base: + - all + feature: {} + spaces: + - default + _transform_error: [] + _unrecognized_applications: [] + create_role_request1: + summary: Feature privileges in multiple spaces + description: Grant access to various features in some spaces. + value: + description: Grant full access to discover and dashboard features in the default space. Grant read access in the marketing, and sales spaces. + metadata: + version: 1 + elasticsearch: + cluster: [] + indices: [] + kibana: + - base: [] + feature: + discover: + - all + dashboard: + - all + spaces: + - default + - base: + - read + spaces: + - marketing + - sales + create_role_request2: + summary: Dashboard privileges in a space + description: Grant access to dashboard features in a Marketing space. + value: + description: Grant dashboard access in the Marketing space. + metadata: + version: 1 + elasticsearch: + cluster: [] + indices: [] + kibana: + - base: [] + feature: + dashboard: + - read + spaces: + - marketing + create_role_request3: + summary: Feature privileges in a space + description: Grant full access to all features in the default space. + value: + metadata: + version: 1 + elasticsearch: + cluster: [] + indices: [] + kibana: + - base: + - all + feature: {} + spaces: + - default + create_role_request4: + summary: Elasticsearch and Kibana feature privileges + description: Grant Elasticsearch and Kibana feature privileges. + value: + description: Grant all cluster privileges and full access to index1 and index2. Grant full access to remote_index1 and remote_index2, and the monitor_enrich cluster privilege on remote_cluster1. Grant all Kibana privileges in the default space. + metadata: + version: 1 + elasticsearch: + cluster: + - all + indices: + - names: + - index1 + - index2 + privileges: + - all + remote_indices: + - clusters: + - remote_cluster1 + names: + - remote_index1 + - remote_index2 + privileges: + - all + remote_cluster: + - clusters: + - remote_cluster1 + privileges: + - monitor_enrich + kibana: + - base: + - all + feature: {} + spaces: + - default + copy_saved_objects_request1: + summary: Copy with createNewCopies + description: | + Copy a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and that has a reference to a data view. + value: + objects: + - type: dashboard + id: my-dashboard + spaces: + - marketing + includeReferences: true + copy_saved_objects_request2: + summary: Copy without createNewCopies + description: | + Copy a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and that has a reference to a data view. + value: + objects: + - type: dashboard + id: my-dashboard + spaces: + - marketing + includeReferences: true + createNewCopies: false + copy_saved_objects_response1: + summary: Copy with createNewCopies + description: | + The response for successfully copying a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. The result indicates a successful copy and all three objects are created. Since these objects were created as new copies, each entry in the successResults array includes a destinationId attribute. + value: + marketing: + success: true + successCount: 3 + successResults: + - id: my-dashboard + type: dashboard + destinationId: 1e127098-5b80-417f-b0f1-c60c8395358f + meta: + icon: dashboardApp + title: Look at my dashboard + - id: my-vis + type: visualization + destinationId: a610ed80-1c73-4507-9e13-d3af736c8e04 + meta: + icon: visualizeApp + title: Look at my visualization + - id: my-index-pattern + type: index-pattern + destinationId: bc3c9c70-bf6f-4bec-b4ce-f4189aa9e26b + meta: + icon: indexPatternApp + title: my-pattern-* + copy_saved_objects_response2: + summary: Copy without createNewCopies + description: | + The response for successfully copying a dashboard with the my-dashboard ID with createNewCopies turned off. The result indicates a successful copy and all three objects are created. + value: + marketing: + success: true + successCount: 3 + successResults: + - id: my-dashboard + type: dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + - id: my-vis + type: visualization + meta: + icon: visualizeApp + title: Look at my visualization + - id: my-index-pattern + type: index-pattern + meta: + icon: indexPatternApp + title: my-pattern-* + copy_saved_objects_response3: + summary: Failed copy response with conflict errors + description: | + A response for a failed copy of a dashboard with the my-dashboard ID including all references from the default space to the marketing and sales spaces. In this example, the dashboard has a reference to a visualization and a Canvas workpad and the visualization has a reference to an index pattern. The result indicates a successful copy for the marketing space and an unsuccessful copy for the sales space because the data view, visualization, and Canvas workpad each resulted in a conflict error. Objects are created when the error is resolved using the resolve copy conflicts API. + value: + marketing: + success: true + successCount: 4 + successResults: + - id: my-dashboard + type: dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + - id: my-vis + type: visualization + meta: + icon: visualizeApp + title: Look at my visualization + - id: my-canvas + type: canvas-workpad + meta: + icon: canvasApp + title: Look at my canvas + - id: my-index-pattern + type: index-pattern + meta: + icon: indexPatternApp + title: my-pattern-* + sales: + success: false + successCount: 1, + errors: + - id: my-pattern + type: index-pattern + title: my-pattern-* + error: + type: conflict + meta: + icon: indexPatternApp + title: my-pattern-* + - id: my-visualization + type: my-vis + title: Look at my visualization + error: + type: conflict + destinationId: another-vis + meta: + icon: visualizeApp + title: Look at my visualization + - id: my-canvas + type: canvas-workpad + title: Look at my canvas + error: + type: ambiguous_conflict + destinations: + - id: another-canvas + title: Look at another canvas + updatedAt: '2020-07-08T16:36:32.377Z' + - id: yet-another-canvas + title: Look at yet another canvas + updatedAt: '2020-07-05T12:29:54.849Z' + meta: + icon: canvasApp + title: Look at my canvas + successResults": + - id: my-dashboard + type: dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + copy_saved_objects_response4: + summary: Failed copy with missing reference errors + description: | + The response for successfully copying a dashboard with the my-dashboard ID, including all references from the default space to the marketing space. In this example, the dashboard has a reference to a visualization and a Canvas workpad and the visualization has a reference to a data view. The result indicates an unsuccessful copy because the visualization resulted in a missing references error. Objects are created when the errors are resolved using the resolve copy conflicts API. + value: + marketing: + success: false + successCount: 2 + errors: + - id: my-vis + type: visualization + title: Look at my visualization + error: + type: missing_references + references: + - type: index-pattern + id: my-pattern-* + meta: + icon: visualizeApp + title: Look at my visualization + successResults: + - id: my-dashboard + type: dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + - id: my-canvas + type: canvas-workpad + meta: + icon: canvasApp + title: Look at my canvas + disable_legacy_url_request1: + summary: Disable legacy URL aliases + description: | + This request leaves the alias intact but the legacy URL for this alias (http://localhost:5601/s/bills-space/app/dashboards#/view/123) will no longer function. The dashboard still exists and you can access it with the new URL. + value: + aliases: + - targetSpace: bills-space + targetType: dashboard + sourceId: 123 + resolve_copy_saved_objects_request1: + summary: Resolve conflict errors + description: | + Resolve conflict errors for a data view, visualization, and Canvas workpad by overwriting the existing saved objects. NOTE: If a prior copy attempt resulted in resolvable errors, you must include a retry for each object you want to copy, including any that were returned in the successResults array. In this example, we retried copying the dashboard accordingly. + value: + objects: + - type: dashboard + id: my-dashboard + includeReferences: true + createNewCopies: false + retries: + sales: + - type: index-pattern + id: my-pattern + overwrite: true + - type: visualization + id: my-vis + overwrite: true, + destinationId: another-vis + - type: canvas + id: my-canvas + overwrite: true + destinationId: yet-another-canvas + - type: dashboard + id: my-dashboard + resolve_copy_saved_objects_request2: + summary: Resolve missing reference errors + description: | + Resolve missing reference errors for a visualization by ignoring the error. NOTE: If a prior copy attempt resulted in resolvable errors, you must include a retry for each object you want to copy, including any that were returned in the successResults array. In this example, we retried copying the dashboard and canvas accordingly. + value: + objects: + - type: dashboard + id: my-dashboard + includeReferences: true + createNewCopies: false + retries: + marketing: + - type: visualization + id: my-vis + ignoreMissingReferences: true + - type: canvas + id: my-canvas + - type: dashboard + id: my-dashboard + update_saved_objects_spaces_request1: + summary: Update saved object spaces + description: Update the spaces of each saved object and all its references. + value: + objects: + - type: index-pattern + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + spacesToAdd: + - test + spacesToRemove: [] + update_saved_objects_spaces_response1: + summary: Update saved object spaces + description: | + The response from updating the spaces of saved objects. + value: + objects: + - type: index-pattern + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + spaces: + - default + - test + get_spaces_response1: + summary: Get all spaces + description: Get all spaces without specifying any options. + value: + - id: default + name: Default + description: This is the Default Space + disabledFeatures: [] + imageUrl: '' + _reserved: true + - id: marketing + name: Marketing + description: This is the Marketing Space + color: null + disabledFeatures: + - apm + initials: MK + imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU + - id: sales + name: Sales + initials: MK + disabledFeatures: + - discover + imageUr": '' + solution: oblt + get_spaces_response2: + summary: Get all spaces with custom options + description: | + The user has read-only access to the Sales space. Get all spaces with the following query parameters: "purpose=shareSavedObjectsIntoSpace&include_authorized_purposes=true" + value: + - id: default + name: Default + description: This is the Default Space + disabledFeatures: [] + imageUrl: '' + _reserved: true + authorizedPurposes: + any: true + copySavedObjectsIntoSpace: true + findSavedObjects: true + shareSavedObjectsIntoSpace: true + - id: marketing + name: Marketing + description: This is the Marketing Space + color: null + disabledFeatures: + - apm + initials: MK + imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSU + authorizedPurposes: + any: true + copySavedObjectsIntoSpace: true + findSavedObjects: true + shareSavedObjectsIntoSpace: true + - id: sales + name: Sales + initials: MK + disabledFeatures: + - discover + imageUrl: '' + authorizedPurposes: + any: true + copySavedObjectsIntoSpace: false + findSavedObjects: true + shareSavedObjectsIntoSpace: false + create_space_request: + summary: Create a marketing space + value: + id: marketing + name: Marketing + description: This is the Marketing Space + color: null + initials: MK + disabledFeatures: [] + imageUrl: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAD4AAABACAYAAABC6cT1AAAGf0lEQVRoQ+3abYydRRUH8N882xYo0IqagEVjokQJKAiKBjXExC9G/aCkGowCIghCkRcrVSSKIu/FEiqgGL6gBIlAYrAqUTH6hZgQFVEMKlQFfItWoQWhZe8z5uzMLdvbfbkLxb13d+fbvfe588x/zpn/+Z9zJpmnI81T3BaAzzfLL1h8weLzZAcWXH2eGHo7zAWLL1h8nuzAjFw9G1N6Kzq8HnuM36MR8iibF3Fv4q+7cv8yDV6K13bYq2furSP8Ag8ncr/vnSnwRViJT2GfCV7yL1yHGxLb+l3EdM9lluNEnIC9xz+f2ZL4Er6Z2DrdXN3fZwp8CU7OfDHxggle8lTLbQ1nJ/7Z7yKmey5zYGZt4h2IzR8/trRc2PDlxJPTzfVcgJ+CC0wMPOa9F6cm7up3EVM9V9386MxliVdM8GwAv6hh/awCz/w7lY25OtF5ruBz4ZLP42NYNrDAFbC3YPWuILnMAfgq3oaRQQYea/stViV+sgssvjKzLvGySeaaNVfP4d7Btokgvxj/bblgpueuF1hmWcyTCmfE3J3M1lTcv0vMswM88zR+jpw4osu6me8kzkpsfLZWzxyRuabO22buxxOJ12FxnXfWgEe83pB5sOE47BsLymzscOoi7nw2JJfZreUjiUsTyzKPZm5NvBDvSuw268AzNzV8H5/Am+qCnsAXgpgSW2Zq9cyKlksbPlTd+te4quWNieMHBfiNDdciYnwsdI/MaOaWhnMTf54J8CqNj8x8JXFIZltYu+HqlmNT8YSBsHgAPw/vxvlVV4du/s0oaxbxg0TbL/jMni0nNcVjQq7+HZfgtpbzBg342TgQ63AkmsymxBW4IjE6A+D7Vzd/fyWxIM/VuCe+HzTgZ2Jpy/kNJ2FJLmLm24mPJ/42A+Bvrxt4SISwlhsaPodH26LZB8rVA3inwwebsrixJCZzX+KMxI/7AV61eVh3DV6Mx3EOvh4kN6jAg8nfUCXm4d1wE66OyxNPTQc+s3/o/MoXizL3JE5O3F3P/uBZPPF4Zr+Wi5uSO48ZPRdyCwn7YB/A35m5KhWNHox4fcNnIs0ddOCRSBxf8+cQG+Huf0l8NJVYP+nI7NXy2ar4QqIGm69JfKPOE2w/mBavCzwM11R2D+ChsUO7hyUfmwx55qDM1xJvqZ7y08TpifuGBfjeURVJnNIVGpkNiXNS0ds7jcySDitDCCWW56LJ10fRo8sNA+3qXUSZD2CtQlZh9T+1rB7h9oliembflnMbzqgSNZKbKGHdPm7OwXb1CvQ1metSETMpszmzvikCJNh/h5E5PHNl4qga/+/cxqrdeWDYgIe7X5L4cGJPJX2940lOX8pD41FnFnc4riluvQKbK0dcHJFi2IBHNTQSlguru4d2/wPOTNzRA3x5y+U1E1uqWDkETOT026XuUJzx6u7ReLhSYenQ7uHua0fKZmwfmcPqsQjxE5WVONcRxn7X89zgn/EKPMRMxOVQXmP18Mx3q3b/Y/0cQE/IhFtHESMsHFlZ1Ml3CH3DZPHImY+pxcKumNmYirtvqMBfhMuU6s3iqOQkTsMPe1tCQwO8Ajs0lxr7W+vnp1MJc9EgCNd/cy6x+9D4veXmprj5wxMw/3C4egW6zzgZOlYZzfwo3F2J7ael0pJamvlPKgWNKFft1AAcKotXoFEbD7kaoSoQPVKB35+5KHF0lai/rJo+up87jWEE/qqqwY+qrL21LWLm95lPJ16ppKw31XC3PXYPJauPEx7B6BHCgrSizRs18qiaRp8tlN3ueCTYPHH9RNaunjI8Z7wLYpT3jZSCYXQ8e9vTsRE/q+no3XMKeObgGtaintbb/AvXj4JDkNw/5hrwYPfIvlZFUbLn7G5q+eQIN09Vnho6cqvnM/Lt99RixH49wO8K0ZL41WTWHoQzvsNVkOheZqKhEGpsp3SzB+BBtZAYve7uOR9tuTaaB6l0XScdYfEQPpkTUyHEGP+XqyDBzu+NBCITUjNWHynkrbWKOuWFn1xKzqsyx0bdvS78odp0+N503Zao0uCsWuSIDku8/7EO60b41vN5+Ses9BKlTdvd8bhp9EBvJjWJAIn/vxwHe6b3tSk6JFPV4nq85oAOrx555v/x/rh3E6Lo+bnuNS4uB4Cuq0ZfvO8X1rM6q/+vnjLVqZq7v83onttc2oYF4HPJmv1gWbB4P7s0l55ZsPhcsmY/WBYs3s8uzaVn5q3F/wf70mRuBCtbjQAAAABJRU5ErkJggg== + get_space_response: + summary: Get details about a marketing space + value: + id: marketing + name: Marketing + description: This is the Marketing Space + color: null + initials: MK + disabledFeatures: [] + imageUrl: '' + solution: es + update_space_request: + summary: Update a marketing space + description: Update the marketing space to remove the imageUrl. + value: + id: marketing + name: Marketing + description: This is the Marketing Space + color: null + initials: MK + disabledFeatures: [] + imageUrl: '' parameters: Alerting_kbn_xsrf: description: Cross-site request forgery protection @@ -43424,10 +42595,8 @@ components: example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 type: string Cases_assignees_filter: - description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. + description: | + Filters the returned cases by assignees. Valid values are `none` or unique identifiers for the user profiles. These identifiers can be found by using the suggest user profile API. in: query name: assignees schema: @@ -43435,9 +42604,7 @@ components: - $ref: '#/components/schemas/Cases_string' - $ref: '#/components/schemas/Cases_string_array' Cases_case_id: - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. + description: The identifier for the case. To retrieve case IDs, use the find cases API. All non-ASCII characters must be URL encoded. in: path name: caseId required: true @@ -43453,9 +42620,8 @@ components: - $ref: '#/components/schemas/Cases_case_category' - $ref: '#/components/schemas/Cases_case_categories' Cases_comment_id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. + description: | + The identifier for the comment. To retrieve comment IDs, use the get case or find cases APIs. in: path name: commentId required: true @@ -43471,9 +42637,7 @@ components: example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 type: string Cases_connector_id: - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. + description: An identifier for the connector. To retrieve connector IDs, use the find connectors API. in: path name: connectorId required: true @@ -43489,18 +42653,16 @@ components: default: OR type: string Cases_from: - description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. + description: | + Returns only cases that were created after a specific date. The date must be specified as a KQL data range or date match expression. in: query name: from schema: example: now-1d type: string Cases_ids: - description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. + description: | + The cases that you want to removed. All non-ASCII characters must be URL encoded. example: d4e7abb0-b462-11ec-9a8d-698504725a43 in: query name: ids @@ -43513,9 +42675,7 @@ components: type: array Cases_includeComments: deprecated: true - description: >- - Deprecated in 8.1.0. This parameter is deprecated and will be removed in - a future release. It determines whether case comments are returned. + description: Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. in: query name: includeComments schema: @@ -43529,10 +42689,8 @@ components: schema: type: string Cases_owner_filter: - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. + description: | + A filter to limit the response to a specific set of applications. If this parameter is omitted, the response contains information about all the cases that the user has access to read. example: cases in: query name: owner @@ -43567,9 +42725,7 @@ components: - $ref: '#/components/schemas/Cases_string' - $ref: '#/components/schemas/Cases_string_array' Cases_search: - description: >- - An Elasticsearch simple_query_string query that filters the objects in - the response. + description: An Elasticsearch simple_query_string query that filters the objects in the response. in: query name: search schema: @@ -43641,9 +42797,8 @@ components: - $ref: '#/components/schemas/Cases_string' - $ref: '#/components/schemas/Cases_string_array' Cases_to: - description: > - Returns only cases that were created before a specific date. The date - must be specified as a KQL data range or date match expression. + description: | + Returns only cases that were created before a specific date. The date must be specified as a KQL data range or date match expression. example: now+1d in: query name: to @@ -43698,9 +42853,7 @@ components: example: ff959d40-b880-11e8-a6d9-e546fe2bba5f type: string Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. + description: When true, simulates the synchronization by returning only the list of actions that would be performed. example: 'true' in: query name: simulate @@ -43722,9 +42875,7 @@ components: schema: type: string Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. + description: Valid options include `visualization`, `dashboard`, `search`, `index-pattern`, `config`. in: path name: type required: true @@ -43746,9 +42897,7 @@ components: example: 9c235211-6834-11ea-a78c-6feb38a34414 type: string SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. + description: An identifier for the space. If `/s/` and the identifier are omitted from the path, the default space is used. in: path name: spaceId required: true @@ -43866,15 +43015,11 @@ components: description: Indicates whether it is a dynamic field mapping. type: boolean format: - description: > - Indicates the format of the field. For example, if the `type` is - `date_range`, the `format` can be - `epoch_millis||strict_date_optional_time`. + description: | + Indicates the format of the field. For example, if the `type` is `date_range`, the `format` can be `epoch_millis||strict_date_optional_time`. type: string ignore_above: - description: >- - Specifies the maximum length of a string field. Longer strings are - not indexed or stored. + description: Specifies the maximum length of a string field. Longer strings are not indexed or stored. type: integer index: description: Indicates whether field values are indexed. @@ -43889,18 +43034,15 @@ components: type: description: The data type for each object property. type: string - description: > - Details about the object properties. This property is applicable - when `type` is `object`. + description: | + Details about the object properties. This property is applicable when `type` is `object`. type: object required: description: Indicates whether the field is required. type: boolean scaling_factor: - description: > - The scaling factor to use when encoding values. This property is - applicable when `type` is `scaled_float`. Values will be multiplied - by this factor at index time and rounded to the closest long value. + description: | + The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. type: integer type: description: Specifies the data type for the field. @@ -44223,10 +43365,8 @@ components: example: 0bc3b5ebf18fba8163fe4c96f491e3767a358f85 type: string mark_as_applied_by_agent: - description: > - `markAsAppliedByAgent=true` means "force setting it to true - regardless of etag". - + description: | + `markAsAppliedByAgent=true` means "force setting it to true regardless of etag". This is needed for Jaeger agent that doesn't have etags type: boolean service: @@ -44341,9 +43481,7 @@ components: type: object properties: bundle_filepath: - description: >- - The absolute path of the final bundle as used in the web - application. + description: The absolute path of the final bundle as used in the web application. type: string service_name: description: The name of the service that the service map should apply to. @@ -44352,11 +43490,9 @@ components: description: The version of the service that the service map should apply to. type: string sourcemap: - description: > + description: | The source map. String or file upload. It must follow the - - [source map revision 3 - proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k). + [source map revision 3 proposal](https://docs.google.com/document/d/1U1RGAehQwRypUTovF1KRlpiOFze0b-_2gc6fAH0KY0k). format: binary type: string required: @@ -44435,9 +43571,7 @@ components: - type title: Add case comment request properties for alerts Cases_add_case_comment_request: - description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. + description: The add comment to case API request body varies depending on whether you are adding an alert or a comment. discriminator: mapping: alert: '#/components/schemas/Cases_add_alert_comment_request_properties' @@ -44591,16 +43725,8 @@ components: required: - type Cases_alert_identifiers: - description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. + description: | + The alert identifiers. It is required only when `type` is `alert`. You can use an array of strings to add multiple alerts to a case, provided that they all relate to the same rule; `index` must also be an array with the same length or number of elements. Adding multiple alerts in this manner is recommended rather than calling the API multiple times. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 oneOf: - type: string @@ -44611,15 +43737,8 @@ components: title: Alert identifiers x-state: Technical preview Cases_alert_indices: - description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. + description: | + The alert indices. It is required only when `type` is `alert`. If you are adding multiple alerts to a case, use an array of strings; the position of each index name in the array must match the position of the corresponding alert identifier in the `alertId` array. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. oneOf: - type: string - items: @@ -44646,9 +43765,7 @@ components: type: object properties: uid: - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. + description: A unique identifier for the user profile. These identifiers can be found by using the suggest user profile API. example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 type: string required: @@ -44778,25 +43895,19 @@ components: type: object properties: key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. + description: | + The unique identifier for the custom field. The key value must exist in the case configuration settings. type: string type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. + description: | + The custom field type. It must match the type specified in the case configuration settings. enum: - text - toggle type: string value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. + description: | + The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - maxLength: 160 minLength: 1 @@ -44808,11 +43919,8 @@ components: example: A case description. type: string duration: - description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. + description: | + The elapsed time from the creation of the case to its closure (in seconds). If the case has not been closed, the duration is set to null. If the case was closed after less than half a second, the duration is rounded down to zero. example: 120 nullable: true type: integer @@ -44940,9 +44048,8 @@ components: - open type: string Cases_case_tags: - description: > - The words and phrases that help categorize cases. It can be an empty - array. + description: | + The words and phrases that help categorize cases. It can be an empty array. items: maxLength: 256 type: string @@ -44953,10 +44060,7 @@ components: maxLength: 160 type: string Cases_closure_types: - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). + description: Indicates whether a case is automatically closed when it is pushed to external systems (`close-by-pushing`) or not automatically closed (`close-by-user`). enum: - close-by-pushing - close-by-user @@ -44971,9 +44075,7 @@ components: nullable: true type: string id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string name: description: The name of the connector. @@ -44995,9 +44097,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. type: object properties: issueType: @@ -45017,9 +44117,7 @@ components: - parent - priority id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string name: description: The name of the connector. @@ -45041,30 +44139,20 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. + description: An object containing the connector fields. To create a case without a connector, specify null. To update a case to remove the connector, specify null. example: null nullable: true type: string id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. example: none type: string name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. + description: The name of the connector. To create a case without a connector, use `none`. To update a case to remove the connector, specify `none`. example: none type: string type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. + description: The type of connector. To create a case without a connector, use `.none`. To update a case to remove the connector, specify `.none`. enum: - .none example: .none @@ -45080,9 +44168,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. nullable: true type: object properties: @@ -45120,9 +44206,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. type: object properties: category: @@ -45152,9 +44236,7 @@ components: - subcategory - urgency id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string name: description: The name of the connector. @@ -45176,9 +44258,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. type: object properties: category: @@ -45186,21 +44266,15 @@ components: nullable: true type: string destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. + description: Indicates whether cases will send a comma-separated list of destination IPs. nullable: true type: boolean malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. + description: Indicates whether cases will send a comma-separated list of malware hashes. nullable: true type: boolean malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. + description: Indicates whether cases will send a comma-separated list of malware URLs. nullable: true type: boolean priority: @@ -45208,9 +44282,7 @@ components: nullable: true type: string sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. + description: Indicates whether cases will send a comma-separated list of source IPs. nullable: true type: boolean subcategory: @@ -45226,9 +44298,7 @@ components: - sourceIp - subcategory id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string name: description: The name of the connector. @@ -45250,9 +44320,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. If you want to omit any individual field, specify null as its value. type: object properties: caseId: @@ -45262,9 +44330,7 @@ components: required: - caseId id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + description: The identifier for the connector. To retrieve connector IDs, use the find connectors API. type: string name: description: The name of the connector. @@ -45294,9 +44360,7 @@ components: example: .none type: string Cases_create_case_request: - description: >- - The create case API request body varies depending on the type of - connector. + description: The create case API request body varies depending on the type of connector. properties: assignees: $ref: '#/components/schemas/Cases_assignees' @@ -45312,32 +44376,25 @@ components: - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - $ref: '#/components/schemas/Cases_connector_properties_swimlane' customFields: - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. + description: | + Custom field values for a case. Any optional custom fields that are not specified in the request are set to null. items: type: object properties: key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. + description: | + The unique identifier for the custom field. The key value must exist in the case configuration settings. type: string type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. + description: | + The custom field type. It must match the type specified in the case configuration settings. enum: - text - toggle type: string value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. + description: | + The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - maxLength: 160 minLength: 1 @@ -45409,9 +44466,8 @@ components: nullable: true type: string Cases_owner: - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. + description: | + The application that owns the cases: Stack Management, Observability, or Elastic Security. enum: - cases - observability @@ -45471,10 +44527,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. example: null nullable: true type: object @@ -45483,20 +44536,14 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. nullable: true type: boolean impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -45507,61 +44554,41 @@ components: type: string type: array malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. nullable: true type: boolean malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. nullable: true type: boolean parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: string sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. nullable: true type: boolean subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. example: none type: string name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. example: none type: string type: @@ -45575,10 +44602,7 @@ components: type: object properties: fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. + description: An object containing the connector fields. To create a case without a connector, specify null. If you want to omit any individual field, specify null as its value. example: null nullable: true type: object @@ -45587,20 +44611,14 @@ components: description: The case identifier for Swimlane connectors. type: string category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. type: string destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of destination IPs for ServiceNow SecOps connectors. nullable: true type: boolean impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + description: The effect an incident had on business for ServiceNow ITSM connectors. type: string issueType: description: The type of issue for Jira connectors. @@ -45611,61 +44629,41 @@ components: type: string type: array malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of malware hashes for ServiceNow SecOps connectors. nullable: true type: boolean malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of malware URLs for ServiceNow SecOps connectors. nullable: true type: boolean parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + description: The key of the parent issue, when the issue type is sub-task for Jira connectors. type: string priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + description: The priority of the issue for Jira and ServiceNow SecOps connectors. type: string severity: description: The severity of the incident for ServiceNow ITSM connectors. type: string severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + description: The severity code of the incident for IBM Resilient connectors. type: string sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. + description: Indicates whether cases will send a comma-separated list of source IPs for ServiceNow SecOps connectors. nullable: true type: boolean subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + description: The subcategory of the incident for ServiceNow ITSM connectors. type: string urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + description: The extent to which the incident resolution can be delayed for ServiceNow ITSM connectors. type: string id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. + description: The identifier for the connector. To create a case without a connector, use `none`. example: none type: string name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. + description: The name of the connector. To create a case without a connector, use `none`. example: none type: string type: @@ -45689,9 +44687,7 @@ components: title: type: string Cases_payload_delete: - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. + description: If the `action` is `delete` and the `type` is `delete_case`, the payload is nullable. nullable: true type: object Cases_payload_description: @@ -45748,12 +44744,8 @@ components: - user type: string Cases_rule: - description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. + description: | + The rule that is associated with the alerts. It is required only when `type` is `alert`. This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. title: Alerting rule type: object properties: @@ -45777,9 +44769,7 @@ components: $ref: '#/components/schemas/Cases_searchFieldsType' type: array Cases_set_case_configuration_request: - description: >- - External connection details, such as the closure type and default - connector for cases. + description: External connection details, such as the closure type and default connector for cases. properties: closure_type: $ref: '#/components/schemas/Cases_closure_types' @@ -45788,24 +44778,15 @@ components: type: object properties: fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. example: none type: string name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. example: none type: string type: @@ -45821,18 +44802,14 @@ components: type: object properties: defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. oneOf: - type: string - type: boolean key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. maxLength: 36 minLength: 1 type: string @@ -45848,10 +44825,8 @@ components: - toggle type: string required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. type: boolean required: - key @@ -45889,9 +44864,8 @@ components: maxItems: 100 type: array Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. + description: | + The words and phrases that help categorize templates. It can be an empty array. items: maxLength: 256 type: string @@ -45912,24 +44886,15 @@ components: type: object properties: fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. example: none type: string name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. example: none type: string type: @@ -45949,11 +44914,8 @@ components: - toggle type: string value: - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. + description: | + The default value for the custom field when a case uses the template. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. oneOf: - type: string - type: boolean @@ -45973,10 +44935,8 @@ components: description: A description for the template. type: string key: - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. + description: | + A unique key for the template. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific template. type: string name: description: The name of the template. @@ -45992,9 +44952,8 @@ components: alertId: $ref: '#/components/schemas/Cases_alert_identifiers' id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 type: string index: @@ -46010,9 +44969,8 @@ components: example: alert type: string version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. example: Wzk1LDFd type: string required: @@ -46025,9 +44983,7 @@ components: - version title: Update case comment request properties for alerts Cases_update_case_comment_request: - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. + description: The update case comment API request body varies depending on whether you are updating an alert or a comment. discriminator: mapping: alert: '#/components/schemas/Cases_update_alert_comment_request_properties' @@ -46038,9 +44994,8 @@ components: - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' title: Update case comment request Cases_update_case_configuration_request: - description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. + description: | + You can update settings such as the closure type, custom fields, templates, and the default connector for cases. properties: closure_type: $ref: '#/components/schemas/Cases_closure_types' @@ -46049,24 +45004,15 @@ components: type: object properties: fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. + description: The fields specified in the case configuration are not used and are not propagated to individual cases, therefore it is recommended to set it to `null`. nullable: true type: object id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. + description: The identifier for the connector. If you do not want a default connector, use `none`. To retrieve connector IDs, use the find connectors API. example: none type: string name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. + description: The name of the connector. If you do not want a default connector, use `none`. To retrieve connector names, use the find connectors API. example: none type: string type: @@ -46082,18 +45028,14 @@ components: type: object properties: defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. + description: | + A default value for the custom field. If the `type` is `text`, the default value must be a string. If the `type` is `toggle`, the default value must be boolean. oneOf: - type: string - type: boolean key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. + description: | + A unique key for the custom field. Must be lower case and composed only of a-z, 0-9, '_', and '-' characters. It is used in API calls to refer to a specific custom field. maxLength: 36 minLength: 1 type: string @@ -46109,10 +45051,8 @@ components: - toggle type: string required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. + description: | + Indicates whether the field is required. If `false`, the custom field can be set to null or omitted when a case is created or updated. type: boolean required: - key @@ -46123,9 +45063,8 @@ components: templates: $ref: '#/components/schemas/Cases_templates' version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. + description: | + The version of the connector. To retrieve the version value, use the get configuration API. example: WzIwMiwxXQ== type: string required: @@ -46133,9 +45072,7 @@ components: title: Update case configuration request type: object Cases_update_case_request: - description: >- - The update case API request body varies depending on the type of - connector. + description: The update case API request body varies depending on the type of connector. properties: cases: description: An array containing one or more case objects. @@ -46149,42 +45086,32 @@ components: connector: oneOf: - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - $ref: '#/components/schemas/Cases_connector_properties_jira' - $ref: '#/components/schemas/Cases_connector_properties_resilient' - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - $ref: '#/components/schemas/Cases_connector_properties_swimlane' customFields: - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. + description: | + Custom field values for a case. Any optional custom fields that are not specified in the request are set to null. items: type: object properties: key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. + description: | + The unique identifier for the custom field. The key value must exist in the case configuration settings. type: string type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. + description: | + The custom field type. It must match the type specified in the case configuration settings. enum: - text - toggle type: string value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. + description: | + The custom field value. If the custom field is required, it cannot be explicitly set to null. However, for cases that existed when the required custom field was added, the default value stored in Elasticsearch is `undefined`. The value returned in the API and user interface in this case is `null`. oneOf: - maxLength: 160 minLength: 1 @@ -46215,9 +45142,7 @@ components: title: $ref: '#/components/schemas/Cases_case_title' version: - description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. + description: The current version of the case. To determine this value, use the get case or find cases APIs. type: string required: - id @@ -46238,9 +45163,8 @@ components: maxLength: 30000 type: string id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. + description: | + The identifier for the comment. To retrieve comment IDs, use the get comments API. example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 type: string owner: @@ -46252,9 +45176,8 @@ components: example: user type: string version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + description: | + The current comment version. To retrieve version values, use the get comments API. example: Wzk1LDFd type: string required: @@ -46486,9 +45409,7 @@ components: example: Not Found type: string message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found + example: Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] not found type: string statusCode: enum: @@ -46543,9 +45464,7 @@ components: - title override: default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. + description: Override an existing data view if a data view with the provided title already exists. type: boolean required: - data_view @@ -46607,9 +45526,7 @@ components: description: A map of field formats by field name. type: object Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. + description: An array of space identifiers for sharing the data view between multiple spaces. items: default: default type: string @@ -46661,9 +45578,8 @@ components: description: The saved object reference to change. type: string fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + description: | + Specify the type of the saved object reference to alter. The default value is `index-pattern` for data views. type: string toId: description: New saved object reference value to replace the old value. @@ -46675,17 +45591,13 @@ components: description: The timestamp field name, which you use for time-based data views. type: string Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). + description: Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards (`*`). type: string Data_views_type: description: When set to `rollup`, identifies the rollup data views. type: string Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + description: When you use rollup indices, contains the field list for the rollup data view API endpoints. type: object properties: aggs: @@ -46698,9 +45610,7 @@ components: - aggs - params Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + description: When you use rollup indices, contains the field list for the rollup data view API endpoints. nullable: true type: object properties: @@ -46715,10 +45625,8 @@ components: type: object properties: data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. + description: | + The data view properties you want to update. Only the specified properties are updated in the data view. Unspecified fields stay as they are persisted. type: object properties: allowNoIndex: @@ -46778,10 +45686,7 @@ components: - status Kibana_HTTP_APIs_core_status_response: additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. + description: Kibana's operational status as well as a detailed breakdown of plugin statuses indication of various loads (like event loop utilization and network traffic) at time of request. type: object properties: metrics: @@ -46840,9 +45745,7 @@ components: description: A URL to further documentation regarding this service. type: string level: - description: >- - Service status levels as human and machine readable - values. + description: Service status levels as human and machine readable values. enum: - available - degraded @@ -46851,9 +45754,7 @@ components: type: string meta: additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. + description: An unstructured set of extra metadata about this service. type: object summary: description: A human readable summary of the service status. @@ -46873,9 +45774,7 @@ components: description: A URL to further documentation regarding this service. type: string level: - description: >- - Service status levels as human and machine readable - values. + description: Service status levels as human and machine readable values. enum: - available - degraded @@ -46884,9 +45783,7 @@ components: type: string meta: additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. + description: An unstructured set of extra metadata about this service. type: object summary: description: A human readable summary of the service status. @@ -46939,9 +45836,7 @@ components: description: A URL to further documentation regarding this service. type: string level: - description: >- - Service status levels as human and machine readable - values. + description: Service status levels as human and machine readable values. enum: - available - degraded @@ -46966,9 +45861,7 @@ components: - core - plugins uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. + description: Unique, generated Kibana instance UUID. This UUID should persist even if the Kibana process restarts. type: string version: additionalProperties: false @@ -46978,24 +45871,16 @@ components: description: The date and time of this build. type: string build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. + description: The build flavour determines configuration and behavior of Kibana. On premise users will almost always run the "traditional" flavour, while other flavours are reserved for Elastic-specific use cases. enum: - serverless - traditional type: string build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. + description: A unique hash value representing the git commit of this Kibana build. type: string build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. + description: A monotonically increasing number, each subsequent build will have a higher number. type: number build_snapshot: description: Whether this build is a snapshot build. @@ -47021,25 +45906,17 @@ components: datafeedsAdded: additionalProperties: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. + description: If a saved object for an anomaly detection job is missing a datafeed identifier, it is added when you run the sync machine learning saved objects API. type: object datafeedsRemoved: additionalProperties: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. + description: If a saved object for an anomaly detection job references a datafeed that no longer exists, it is deleted when you run the sync machine learning saved objects API. type: object savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated' savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted' title: Successful sync API response type: object Machine_learning_APIs_mlSync4xxResponse: @@ -47055,97 +45932,63 @@ components: title: Unsuccessful sync API response type: object Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. + description: The sync machine learning saved objects API response contains this object when there are anomaly detection jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' title: Sync API response for anomaly detection jobs type: object Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. + description: The sync machine learning saved objects API response contains this object when there are datafeeds affected by the synchronization. There is an object for each relevant datafeed, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' title: Sync API response for datafeeds type: object Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. + description: The sync machine learning saved objects API response contains this object when there are data frame analytics jobs affected by the synchronization. There is an object for each relevant job, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' title: Sync API response for data frame analytics jobs type: object Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. + description: If saved objects are missing for machine learning jobs or trained models, they are created when you run the sync machine learning saved objects API. properties: anomaly-detector: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If saved objects are missing for anomaly detection jobs, they are created. type: object data-frame-analytics: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If saved objects are missing for data frame analytics jobs, they are created. type: object trained-model: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' description: If saved objects are missing for trained models, they are created. type: object title: Sync API response for created saved objects type: object Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. + description: If saved objects exist for machine learning jobs or trained models that no longer exist, they are deleted when you run the sync machine learning saved objects API. properties: anomaly-detector: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors' + description: If there are saved objects exist for nonexistent anomaly detection jobs, they are deleted. type: object data-frame-analytics: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics' + description: If there are saved objects exist for nonexistent data frame analytics jobs, they are deleted. type: object trained-model: additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels' + description: If there are saved objects exist for nonexistent trained models, they are deleted. type: object title: Sync API response for deleted saved objects type: object @@ -47153,11 +45996,7 @@ components: description: The success or failure of the synchronization. type: boolean Machine_learning_APIs_mlSyncResponseTrainedModels: - description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. + description: The sync machine learning saved objects API response contains this object when there are trained models affected by the synchronization. There is an object for each relevant trained model, which contains the synchronization status. properties: success: $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' @@ -47182,32 +46021,16 @@ components: - message - statusCode Saved_objects_attributes: - description: > - The data that you want to create. WARNING: When you create saved - objects, attributes are not validated, which allows you to pass - arbitrary and ill-formed data into the API that can break Kibana. Make - sure any data that you send to the API is properly formed. + description: | + The data that you want to create. WARNING: When you create saved objects, attributes are not validated, which allows you to pass arbitrary and ill-formed data into the API that can break Kibana. Make sure any data that you send to the API is properly formed. type: object Saved_objects_initial_namespaces: - description: > - Identifiers for the spaces in which this object is created. If this is - provided, the object is created only in the explicitly defined spaces. - If this is not provided, the object is created in the current space - (default behavior). For shareable object types (registered with - `namespaceType: 'multiple'`), this option can be used to specify one or - more spaces, including the "All spaces" identifier ('*'). For isolated - object types (registered with `namespaceType: 'single'` or - `namespaceType: 'multiple-isolated'`), this option can only be used to - specify a single space, and the "All spaces" identifier ('*') is not - allowed. For global object types (`registered with `namespaceType: - agnostic`), this option cannot be used. + description: | + Identifiers for the spaces in which this object is created. If this is provided, the object is created only in the explicitly defined spaces. If this is not provided, the object is created in the current space (default behavior). For shareable object types (registered with `namespaceType: 'multiple'`), this option can be used to specify one or more spaces, including the "All spaces" identifier ('*'). For isolated object types (registered with `namespaceType: 'single'` or `namespaceType: 'multiple-isolated'`), this option can only be used to specify a single space, and the "All spaces" identifier ('*') is not allowed. For global object types (`registered with `namespaceType: agnostic`), this option cannot be used. type: array Saved_objects_references: - description: > - Objects with `name`, `id`, and `type` properties that describe the other - saved objects that this object references. Use `name` in attributes to - refer to the other saved object, but never the `id`, which can update - automatically during migrations or import and export. + description: | + Objects with `name`, `id`, and `type` properties that describe the other saved objects that this object references. Use `name` in attributes to refer to the other saved object, but never the `id`, which can update automatically during migrations or import and export. type: array Security_AI_Assistant_API_AnonymizationFieldCreateProps: type: object @@ -47268,8 +46091,7 @@ components: name: type: string skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason' required: - id - skip_reason @@ -47283,15 +46105,12 @@ components: properties: errors: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError' type: array results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults' summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' required: - results - summary @@ -47308,8 +46127,7 @@ components: properties: created: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' type: array deleted: items: @@ -47317,13 +46135,11 @@ components: type: array skipped: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult' type: array updated: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse' type: array required: - updated @@ -47531,11 +46347,8 @@ components: type: object properties: confidence: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_ConversationConfidence - description: >- - How confident you are about this being a correct and useful - learning. + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationConfidence' + description: How confident you are about this being a correct and useful learning. content: description: Summary text of the conversation over time. type: string @@ -47641,8 +46454,7 @@ components: properties: anonymization_fields: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError + $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError' type: array err_code: type: string @@ -47663,8 +46475,7 @@ components: type: string prompts: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptDetailsInError' type: array status_code: type: integer @@ -47763,8 +46574,7 @@ components: name: type: string skip_reason: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason' required: - id - skip_reason @@ -47776,15 +46586,12 @@ components: properties: errors: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError + $ref: '#/components/schemas/Security_AI_Assistant_API_NormalizedPromptError' type: array results: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults' summary: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + $ref: '#/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary' required: - results - summary @@ -47811,8 +46618,7 @@ components: type: array skipped: items: - $ref: >- - #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult' type: array updated: items: @@ -47966,8 +46772,7 @@ components: oneOf: - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - items: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsSortCombinations + $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' type: array Security_Detections_API_AlertsSortCombinations: anyOf: @@ -47985,21 +46790,18 @@ components: type: object properties: duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration' group_by: $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' missing_fields_strategy: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy' required: - group_by Security_Detections_API_AlertSuppressionDuration: type: object properties: unit: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDurationUnit' value: minimum: 1 type: integer @@ -48019,12 +46821,9 @@ components: minItems: 1 type: array Security_Detections_API_AlertSuppressionMissingFieldsStrategy: - description: >- - Describes how alerts will be generated for documents with missing - suppress by fields: - + description: |- + Describes how alerts will be generated for documents with missing suppress by fields: doNotSuppress - per each document a separate alert will be created - suppress - only alert will be created per suppress by bucket enum: - doNotSuppress @@ -48051,26 +46850,16 @@ components: minimum: 0 type: integer Security_Detections_API_BuildingBlockType: - description: >- - Determines if the rule acts as a building block. By default, - building-block alerts are not displayed in the UI. These rules are used - as a foundation for other rules that do generate alerts. Its value must - be default. + description: Determines if the rule acts as a building block. By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts. Its value must be default. type: string Security_Detections_API_BulkActionEditPayload: anyOf: - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions - - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTags' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions' + - $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule' Security_Detections_API_BulkActionEditPayloadIndexPatterns: type: object properties: @@ -48114,12 +46903,10 @@ components: properties: actions: items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleAction + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleAction' type: array throttle: - $ref: >- - #/components/schemas/Security_Detections_API_ThrottleForBulkActions + $ref: '#/components/schemas/Security_Detections_API_ThrottleForBulkActions' required: - actions required: @@ -48136,9 +46923,7 @@ components: type: object properties: interval: - description: >- - Interval in which the rule runs. For example, `"1h"` means the - rule runs every hour. + description: Interval in which the rule runs. For example, `"1h"` means the rule runs every hour. example: 1h pattern: ^[1-9]\d*[smh]$ type: string @@ -48180,8 +46965,7 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' required: - timeline_id - timeline_title @@ -48289,15 +47073,12 @@ components: properties: errors: items: - $ref: >- - #/components/schemas/Security_Detections_API_NormalizedRuleError + $ref: '#/components/schemas/Security_Detections_API_NormalizedRuleError' type: array results: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionResults + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResults' summary: - $ref: >- - #/components/schemas/Security_Detections_API_BulkEditActionSummary + $ref: '#/components/schemas/Security_Detections_API_BulkEditActionSummary' required: - results - summary @@ -48539,11 +47320,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -48557,8 +47336,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -48574,24 +47352,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -48618,13 +47392,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -48667,11 +47439,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -48685,8 +47455,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -48702,24 +47471,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -48748,13 +47513,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -48790,11 +47553,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -48808,8 +47569,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -48827,24 +47587,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -48873,13 +47629,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -48898,11 +47652,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -48916,8 +47668,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -48935,24 +47686,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -48981,13 +47728,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -49038,11 +47783,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49056,8 +47799,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -49073,24 +47815,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -49117,13 +47855,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -49166,11 +47902,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49184,8 +47918,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -49201,24 +47934,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -49247,13 +47976,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -49278,11 +48005,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49296,8 +48021,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -49317,13 +48041,11 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' query: @@ -49332,12 +48054,10 @@ components: references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -49366,13 +48086,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' type: @@ -49413,11 +48131,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49431,8 +48147,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -49450,24 +48165,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -49496,13 +48207,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -49527,14 +48236,11 @@ components: - endpoint_blocklists type: string Security_Detections_API_ExternalRuleSource: - description: >- - Type of rule source for externally sourced rules, i.e. rules that have - an external source, such as the Elastic Prebuilt rules repo. + description: Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo. type: object properties: is_customized: - $ref: >- - #/components/schemas/Security_Detections_API_IsExternalRuleCustomized + $ref: '#/components/schemas/Security_Detections_API_IsExternalRuleCustomized' type: enum: - external @@ -49589,9 +48295,7 @@ components: type: string type: array Security_Detections_API_InternalRuleSource: - description: >- - Type of rule source for internally sourced rules, i.e. created within - the Kibana apps. + description: Type of rule source for internally sourced rules, i.e. created within the Kibana apps. type: object properties: type: @@ -49601,33 +48305,19 @@ components: required: - type Security_Detections_API_InvestigationFields: - description: > - Schema for fields relating to investigation fields. These are user - defined fields we use to highlight - - in various features in the UI such as alert details flyout and - exceptions auto-population from alert. - + description: | + Schema for fields relating to investigation fields. These are user defined fields we use to highlight + in various features in the UI such as alert details flyout and exceptions auto-population from alert. Added in PR #163235 - - Right now we only have a single field but anticipate adding more related - fields to store various - - configuration states such as `override` - where a user might say if they - want only these fields to - - display, or if they want these fields + the fields we select. When - expanding this field, it may look - + Right now we only have a single field but anticipate adding more related fields to store various + configuration states such as `override` - where a user might say if they want only these fields to + display, or if they want these fields + the fields we select. When expanding this field, it may look something like: - ```typescript - const investigationFields = z.object({ field_names: NonEmptyArray(NonEmptyString), override: z.boolean().optional(), }); - ``` type: object properties: @@ -49642,19 +48332,14 @@ components: description: Notes to help investigate alerts produced by the rule. type: string Security_Detections_API_IsExternalRuleCustomized: - description: >- - Determines whether an external/prebuilt rule has been customized by the - user (i.e. any of its fields have been modified and diverged from the - base value). + description: Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value). type: boolean Security_Detections_API_IsRuleEnabled: description: Determines whether the rule is enabled. type: boolean Security_Detections_API_IsRuleImmutable: deprecated: true - description: >- - This field determines whether the rule is a prebuilt Elastic rule. It - will be replaced with the `rule_source` field. + description: This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field. type: boolean Security_Detections_API_ItemsPerSearch: minimum: 1 @@ -49681,11 +48366,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49699,8 +48382,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -49716,24 +48398,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -49760,13 +48438,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -49795,14 +48471,11 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields' Security_Detections_API_MachineLearningRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleCreateProps: allOf: - type: object @@ -49812,11 +48485,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49830,8 +48501,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -49847,24 +48517,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -49893,13 +48559,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -49909,8 +48573,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MachineLearningRuleOptionalFields: type: object properties: @@ -49923,15 +48586,13 @@ components: anomaly_threshold: $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningJobId + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' type: description: Rule type enum: - machine_learning type: string - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRulePatchProps: allOf: - type: object @@ -49941,11 +48602,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -49959,8 +48618,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -49978,24 +48636,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -50024,19 +48678,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchFields' Security_Detections_API_MachineLearningRuleRequiredFields: type: object properties: @@ -50055,10 +48706,8 @@ components: - anomaly_threshold Security_Detections_API_MachineLearningRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields' Security_Detections_API_MachineLearningRuleUpdateProps: allOf: - type: object @@ -50068,11 +48717,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -50086,8 +48733,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -50105,24 +48751,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -50151,13 +48793,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -50167,8 +48807,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields' Security_Detections_API_MaxSignals: minimum: 1 type: integer @@ -50285,11 +48924,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -50303,8 +48940,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -50320,24 +48956,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -50364,13 +48996,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -50399,16 +49029,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleResponseFields' Security_Detections_API_NewTermsRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRuleCreateProps: allOf: - type: object @@ -50418,11 +49044,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -50436,8 +49060,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -50453,24 +49076,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -50499,13 +49118,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -50515,8 +49132,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NewTermsRuleDefaultableFields: type: object properties: @@ -50548,10 +49164,8 @@ components: enum: - new_terms type: string - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields' Security_Detections_API_NewTermsRulePatchProps: allOf: - type: object @@ -50561,11 +49175,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -50579,8 +49191,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -50598,24 +49209,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -50644,13 +49251,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -50677,10 +49282,8 @@ components: - history_window_start Security_Detections_API_NewTermsRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields' - type: object properties: language: @@ -50696,11 +49299,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -50714,8 +49315,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -50733,24 +49333,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -50779,13 +49375,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -50795,8 +49389,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 @@ -50823,8 +49416,7 @@ components: type: object properties: err_code: - $ref: >- - #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode + $ref: '#/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode' message: type: string rules: @@ -50936,11 +49528,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -50954,8 +49544,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -50971,24 +49560,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -51015,13 +49600,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -51055,8 +49638,7 @@ components: allOf: - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRuleCreateProps: allOf: - type: object @@ -51066,11 +49648,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -51084,8 +49664,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -51101,24 +49680,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -51147,13 +49722,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -51194,8 +49767,7 @@ components: - query type: string - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - - $ref: >- - #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleDefaultableFields' Security_Detections_API_QueryRulePatchProps: allOf: - type: object @@ -51205,11 +49777,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -51223,8 +49793,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -51242,24 +49811,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -51288,13 +49853,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -51332,11 +49895,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -51350,8 +49911,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -51369,24 +49929,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -51415,13 +49971,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -51433,58 +49987,32 @@ components: - severity - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' Security_Detections_API_RelatedIntegration: - description: > - Related integration is a potential dependency of a rule. It's assumed - that if the user installs - - one of the related integrations of a rule, the rule might start to work - properly because it will - - have source events (generated by this integration) potentially matching - the rule's query. - - - NOTE: Proper work is not guaranteed, because a related integration, if - installed, can be - - configured differently or generate data that is not necessarily relevant - for this rule. - - - Related integration is a combination of a Fleet package and (optionally) - one of the + description: | + Related integration is a potential dependency of a rule. It's assumed that if the user installs + one of the related integrations of a rule, the rule might start to work properly because it will + have source events (generated by this integration) potentially matching the rule's query. - package's "integrations" that this package contains. It is represented - by 3 properties: + NOTE: Proper work is not guaranteed, because a related integration, if installed, can be + configured differently or generate data that is not necessarily relevant for this rule. + Related integration is a combination of a Fleet package and (optionally) one of the + package's "integrations" that this package contains. It is represented by 3 properties: - `package`: name of the package (required, unique id) - - `version`: version of the package (required, semver-compatible) + - `integration`: name of the integration of this package (optional, id within the package) - - `integration`: name of the integration of this package (optional, id - within the package) - - - There are Fleet packages like `windows` that contain only one - integration; in this case, - - `integration` should be unspecified. There are also packages like `aws` - and `azure` that contain - + There are Fleet packages like `windows` that contain only one integration; in this case, + `integration` should be unspecified. There are also packages like `aws` and `azure` that contain several integrations; in this case, `integration` should be specified. - @example - const x: RelatedIntegration = { package: 'windows', version: '1.5.x', }; - @example - const x: RelatedIntegration = { package: 'azure', version: '~1.1.6', @@ -51506,35 +50034,23 @@ components: $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' type: array Security_Detections_API_RequiredField: - description: > - Describes an Elasticsearch field that is needed for the rule to - function. - - - Almost all types of Security rules check source event documents for a - match to some kind of - - query or filter. If a document has certain field with certain values, - then it's a match and + description: | + Describes an Elasticsearch field that is needed for the rule to function. + Almost all types of Security rules check source event documents for a match to some kind of + query or filter. If a document has certain field with certain values, then it's a match and the rule will generate an alert. - - Required field is an event field that must be present in the source - indices of a given rule. - + Required field is an event field that must be present in the source indices of a given rule. @example - const standardEcsField: RequiredField = { name: 'event.action', type: 'keyword', ecs: true, }; - @example - const nonEcsField: RequiredField = { name: 'winlog.event_data.AttributeLDAPDisplayName', type: 'keyword', @@ -51560,10 +50076,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RequiredField' type: array Security_Detections_API_RequiredFieldInput: - description: >- - Input parameters to create a RequiredField. Does not include the `ecs` - field, because `ecs` is calculated on the backend based on the field - name and type. + description: Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field name and type. type: object properties: name: @@ -51625,9 +50138,7 @@ components: minimum: 0 type: integer Security_Detections_API_RiskScoreMapping: - description: >- - Overrides generated alerts' risk_score with a value from the source - event + description: Overrides generated alerts' risk_score with a value from the source event items: type: object properties: @@ -51672,17 +50183,13 @@ components: additionalProperties: true type: object Security_Detections_API_RuleActionFrequency: - description: >- - The action frequency defines when the action runs (for example, only on - rule execution or at specific time intervals). + description: The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals). type: object properties: notifyWhen: $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' summary: - description: >- - Action summary indicates whether we will send a summary notification - about all the generate alerts or notification per individual alert + description: Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert type: boolean throttle: $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' @@ -51692,17 +50199,13 @@ components: - notifyWhen - throttle Security_Detections_API_RuleActionGroup: - description: >- - Optionally groups actions by use cases. Use `default` for alert - notifications. + description: Optionally groups actions by use cases. Use `default` for alert notifications. type: string Security_Detections_API_RuleActionId: description: The connector ID. type: string Security_Detections_API_RuleActionNotifyWhen: - description: >- - The condition for throttling the notification: `onActionGroupChange`, - `onActiveAlert`, or `onThrottleInterval` + description: 'The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`, or `onThrottleInterval`' enum: - onActiveAlert - onThrottleInterval @@ -51710,9 +50213,7 @@ components: type: string Security_Detections_API_RuleActionParams: additionalProperties: true - description: >- - Object containing the allowed connector fields, which varies according - to the connector type. + description: Object containing the allowed connector fields, which varies according to the connector type. type: object Security_Detections_API_RuleActionThrottle: description: Defines how often rule actions are taken. @@ -51733,14 +50234,10 @@ components: anyOf: - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' discriminator: @@ -51787,50 +50284,25 @@ components: minimum: 0 type: integer total_enrichment_duration_ms: - description: >- - Total time spent enriching documents during current rule execution - cycle + description: Total time spent enriching documents during current rule execution cycle minimum: 0 type: integer total_indexing_duration_ms: - description: >- - Total time spent indexing documents during current rule execution - cycle + description: Total time spent indexing documents during current rule execution cycle minimum: 0 type: integer total_search_duration_ms: - description: >- - Total time spent performing ES searches as measured by Kibana; - includes network latency and time spent serializing/deserializing - request/response + description: Total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response minimum: 0 type: integer Security_Detections_API_RuleExecutionStatus: - description: >- - Custom execution status of Security rules that is different from the - status used in the Alerting Framework. We merge our custom status with - the Framework's status to determine the resulting status of a rule. - - - going to run - @deprecated Replaced by the 'running' status but left - for backwards compatibility with rule execution events already written - to Event Log in the prior versions of Kibana. Don't use when writing - rule status changes. - - - running - Rule execution started but not reached any intermediate or - final status. - - - partial failure - Rule can partially fail for various reasons either - in the middle of an execution (in this case we update its status right - away) or in the end of it. So currently this status can be both - intermediate and final at the same time. A typical reason for a partial - failure: not all the indices that the rule searches over actually exist. - - - failed - Rule failed to execute due to unhandled exception or a reason - defined in the business logic of its executor function. - - - succeeded - Rule executed successfully without any issues. Note: this - status is just an indication of a rule's "health". The rule might or - might not generate any alerts despite of it. + description: |- + Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with the Framework's status to determine the resulting status of a rule. + - going to run - @deprecated Replaced by the 'running' status but left for backwards compatibility with rule execution events already written to Event Log in the prior versions of Kibana. Don't use when writing rule status changes. + - running - Rule execution started but not reached any intermediate or final status. + - partial failure - Rule can partially fail for various reasons either in the middle of an execution (in this case we update its status right away) or in the end of it. So currently this status can be both intermediate and final at the same time. A typical reason for a partial failure: not all the indices that the rule searches over actually exist. + - failed - Rule failed to execute due to unhandled exception or a reason defined in the business logic of its executor function. + - succeeded - Rule executed successfully without any issues. Note: this status is just an indication of a rule's "health". The rule might or might not generate any alerts despite of it. enum: - going to run - running @@ -51853,14 +50325,12 @@ components: message: type: string metrics: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionMetrics + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionMetrics' status: $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' description: Status of the last execution status_order: - $ref: >- - #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatusOrder' required: - date - status @@ -51877,16 +50347,10 @@ components: items: {} type: array Security_Detections_API_RuleInterval: - description: >- - Frequency of rule execution, using a date math range. For example, "1h" - means the rule runs every hour. Defaults to 5m (5 minutes). + description: Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes). type: string Security_Detections_API_RuleIntervalFrom: - description: >- - Time from which data is analyzed each time the rule runs, using a date - math range. For example, now-4200s means the rule analyzes data from 70 - minutes before its start time. Defaults to now-6m (analyzes data from 6 - minutes before the start time). + description: Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). format: date-math type: string Security_Detections_API_RuleIntervalTo: @@ -51909,13 +50373,10 @@ components: anyOf: - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' Security_Detections_API_RulePreviewLoggedRequest: @@ -51941,8 +50402,7 @@ components: type: array requests: items: - $ref: >- - #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest + $ref: '#/components/schemas/Security_Detections_API_RulePreviewLoggedRequest' type: array startedAt: $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' @@ -51987,19 +50447,14 @@ components: description: Could be any string, not necessarily a UUID type: string Security_Detections_API_RuleSource: - description: >- - Discriminated union that determines whether the rule is internally - sourced (created within the Kibana app) or has an external source, such - as the Elastic Prebuilt rules repo. + description: Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such as the Elastic Prebuilt rules repo. discriminator: propertyName: type oneOf: - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' Security_Detections_API_RuleTagArray: - description: >- - String array containing words and phrases to help categorize, filter, - and search rules. Defaults to an empty array. + description: String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array. items: type: string type: array @@ -52007,14 +50462,10 @@ components: anyOf: - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps' - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' discriminator: @@ -52047,11 +50498,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -52065,8 +50514,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -52082,24 +50530,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -52126,13 +50570,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -52161,16 +50603,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields' Security_Detections_API_SavedQueryRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRuleCreateProps: allOf: - type: object @@ -52180,11 +50618,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -52198,8 +50634,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -52215,24 +50650,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -52261,13 +50692,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -52277,8 +50706,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SavedQueryRuleDefaultableFields: type: object properties: @@ -52308,10 +50736,8 @@ components: enum: - saved_query type: string - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields' Security_Detections_API_SavedQueryRulePatchProps: allOf: - type: object @@ -52321,11 +50747,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -52339,8 +50763,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -52358,24 +50781,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -52404,19 +50823,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRulePatchFields' Security_Detections_API_SavedQueryRuleRequiredFields: type: object properties: @@ -52432,10 +50848,8 @@ components: - saved_id Security_Detections_API_SavedQueryRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields' - type: object properties: language: @@ -52451,11 +50865,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -52469,8 +50881,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -52488,24 +50899,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -52534,13 +50941,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -52550,8 +50955,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields' Security_Detections_API_SetAlertsStatusByIds: type: object properties: @@ -52667,18 +51071,14 @@ components: type: array Security_Detections_API_ThreatFilters: items: - description: >- - Query and filter context array used to filter documents from the - Elasticsearch index containing the threat values + description: Query and filter context array used to filter documents from the Elasticsearch index containing the threat values type: array Security_Detections_API_ThreatIndex: items: type: string type: array Security_Detections_API_ThreatIndicatorPath: - description: >- - Defines the path to the threat indicator in the indicator documents - (optional) + description: Defines the path to the threat indicator in the indicator documents (optional) type: string Security_Detections_API_ThreatMapping: items: @@ -52714,11 +51114,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -52732,8 +51130,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -52749,24 +51146,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -52793,13 +51186,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -52828,16 +51219,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields' Security_Detections_API_ThreatMatchRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRuleCreateProps: allOf: - type: object @@ -52847,11 +51234,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -52865,8 +51250,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -52882,24 +51266,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -52928,13 +51308,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -52944,8 +51322,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object properties: @@ -52991,10 +51368,8 @@ components: enum: - threat_match type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields' Security_Detections_API_ThreatMatchRulePatchProps: allOf: - type: object @@ -53004,11 +51379,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -53022,8 +51395,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -53041,24 +51413,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -53087,19 +51455,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields' Security_Detections_API_ThreatMatchRuleRequiredFields: type: object properties: @@ -53124,10 +51489,8 @@ components: - threat_index Security_Detections_API_ThreatMatchRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields' - type: object properties: language: @@ -53143,11 +51506,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -53161,8 +51522,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -53180,24 +51540,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -53226,13 +51582,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -53242,8 +51596,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields' Security_Detections_API_ThreatQuery: description: Query to run type: string @@ -53316,8 +51669,7 @@ components: type: object properties: duration: - $ref: >- - #/components/schemas/Security_Detections_API_AlertSuppressionDuration + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionDuration' required: - duration Security_Detections_API_ThresholdCardinality: @@ -53349,11 +51701,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -53367,8 +51717,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -53384,24 +51733,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -53428,13 +51773,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -53463,16 +51806,12 @@ components: - related_integrations - required_fields - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleResponseFields' Security_Detections_API_ThresholdRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRuleCreateProps: allOf: - type: object @@ -53482,11 +51821,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -53500,8 +51837,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: @@ -53517,24 +51853,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -53563,13 +51895,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -53579,8 +51909,7 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdRuleDefaultableFields: type: object properties: @@ -53590,8 +51919,7 @@ components: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdAlertSuppression + $ref: '#/components/schemas/Security_Detections_API_ThresholdAlertSuppression' data_view_id: $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: @@ -53613,10 +51941,8 @@ components: enum: - threshold type: string - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields' Security_Detections_API_ThresholdRulePatchProps: allOf: - type: object @@ -53626,11 +51952,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -53644,8 +51968,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -53663,24 +51986,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -53709,19 +52028,16 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRulePatchFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchFields' Security_Detections_API_ThresholdRuleRequiredFields: type: object properties: @@ -53740,10 +52056,8 @@ components: - threshold Security_Detections_API_ThresholdRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields' - type: object properties: language: @@ -53759,11 +52073,9 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose' alias_target_id: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId' author: $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: @@ -53777,8 +52089,7 @@ components: $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: - $ref: >- - #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + $ref: '#/components/schemas/Security_Detections_API_RuleFalsePositiveArray' from: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: @@ -53796,24 +52107,20 @@ components: name: $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: - $ref: >- - #/components/schemas/Security_Detections_API_AlertsIndexNamespace + $ref: '#/components/schemas/Security_Detections_API_AlertsIndexNamespace' note: $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: - $ref: >- - #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + $ref: '#/components/schemas/Security_Detections_API_SavedObjectResolveOutcome' output_index: $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: - $ref: >- - #/components/schemas/Security_Detections_API_RelatedIntegrationArray + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegrationArray' required_fields: items: - $ref: >- - #/components/schemas/Security_Detections_API_RequiredFieldInput + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldInput' type: array response_actions: items: @@ -53842,13 +52149,11 @@ components: timeline_id: $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: - $ref: >- - #/components/schemas/Security_Detections_API_TimelineTemplateTitle + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateTitle' timestamp_override: $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: - $ref: >- - #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + $ref: '#/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled' to: $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: @@ -53858,16 +52163,13 @@ components: - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRuleCreateFields' Security_Detections_API_ThresholdValue: description: Threshold value minimum: 1 type: integer Security_Detections_API_ThrottleForBulkActions: - description: >- - The condition for throttling the notification: 'rule', 'no_actions', or - time duration + description: 'The condition for throttling the notification: ''rule'', ''no_actions'', or time duration' enum: - rule - 1h @@ -53929,44 +52231,34 @@ components: created_by: type: string description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId' immutable: type: boolean list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray' tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: format: date-time type: string updated_by: type: string version: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' required: - id - list_id @@ -53994,51 +52286,39 @@ components: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: format: date-time type: string created_by: type: string description: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId' list_id: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray' tags: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: format: date-time type: string @@ -54083,31 +52363,23 @@ components: - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard' discriminator: propertyName: type Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry' type: array Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: type: object @@ -54115,8 +52387,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - exists @@ -54141,8 +52412,7 @@ components: - id - type operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - list @@ -54158,8 +52428,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match @@ -54177,16 +52446,14 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match_any type: string value: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' minItems: 1 type: array required: @@ -54200,8 +52467,7 @@ components: field: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - wildcard @@ -54218,8 +52484,7 @@ components: properties: entries: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem' minItems: 1 type: array field: @@ -54234,12 +52499,9 @@ components: - entries Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists' Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded @@ -54256,8 +52518,7 @@ components: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: @@ -54280,8 +52541,7 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: items: @@ -54301,15 +52561,11 @@ components: minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - + description: | + Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where: - - `single`: Only available in the Kibana space in which it is created. - - `agnostic`: Available in all Kibana spaces. enum: - agnostic @@ -54398,11 +52654,9 @@ components: type: object properties: agent_id: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_AgentId + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' pending_actions: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema' required: - agent_id - pending_actions @@ -54493,8 +52747,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54505,11 +52758,9 @@ components: type: object properties: command: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Command + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' timeout: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_Timeout + $ref: '#/components/schemas/Security_Endpoint_Management_API_Timeout' required: - command required: @@ -54554,8 +52805,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54572,11 +52822,9 @@ components: required: - parameters Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -54590,8 +52838,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54601,8 +52848,7 @@ components: parameters: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId + - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' - type: object properties: process_name: @@ -54678,8 +52924,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54701,32 +52946,23 @@ components: - type: object properties: execute: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' get-file: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' isolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' kill-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' running-processes: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' scan: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' suspend-process: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' unisolate: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' upload: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - additionalProperties: true type: object Security_Endpoint_Management_API_Pid: @@ -54753,8 +52989,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54789,8 +53024,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54800,8 +53034,7 @@ components: parameters: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EntityId + - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' required: - parameters Security_Endpoint_Management_API_Timeout: @@ -54822,8 +53055,7 @@ components: minLength: 1 type: array Security_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -54837,8 +53069,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: - $ref: >- - #/components/schemas/Security_Endpoint_Management_API_EndpointIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' parameters: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: @@ -54910,10 +53141,8 @@ components: type: string Security_Entity_Analytics_API_AssetCriticalityRecord: allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts + - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts' - type: object properties: '@timestamp': @@ -54930,8 +53159,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - asset host: @@ -54941,8 +53169,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality name: @@ -54956,8 +53183,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality name: @@ -55002,13 +53228,11 @@ components: - errors Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts + - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' - type: object properties: criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality_level Security_Entity_Analytics_API_EngineDataviewUpdateResult: @@ -55082,23 +53306,17 @@ components: format: double type: number calculated_score_norm: - description: >- - The normalized numeric value of the given entity's risk score. - Useful for comparing with other entities. + description: The normalized numeric value of the given entity's risk score. Useful for comparing with other entities. format: double maximum: 100 minimum: 0 type: number category_1_count: - description: >- - The number of risk input documents that contributed to the Category - 1 score (`category_1_score`). + description: The number of risk input documents that contributed to the Category 1 score (`category_1_score`). format: integer type: number category_1_score: - description: >- - The contribution of Category 1 to the overall risk score - (`calculated_score`). Category 1 contains Detection Engine Alerts. + description: The contribution of Category 1 to the overall risk score (`calculated_score`). Category 1 contains Detection Engine Alerts. format: double type: number category_2_count: @@ -55108,27 +53326,20 @@ components: format: double type: number criticality_level: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' criticality_modifier: format: double type: number id_field: - description: >- - The identifier field defining this risk score. Coupled with - `id_value`, uniquely identifies the entity being scored. + description: The identifier field defining this risk score. Coupled with `id_value`, uniquely identifies the entity being scored. example: host.name type: string id_value: - description: >- - The identifier value defining this risk score. Coupled with - `id_field`, uniquely identifies the entity being scored. + description: The identifier value defining this risk score. Coupled with `id_field`, uniquely identifies the entity being scored. example: example.host type: string inputs: - description: >- - A list of the highest-risk documents contributing to this risk - score. Useful for investigative purposes. + description: A list of the highest-risk documents contributing to this risk score. Useful for investigative purposes. items: $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput' type: array @@ -55162,8 +53373,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality entity: @@ -55206,8 +53416,7 @@ components: name: type: string risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' type: items: type: string @@ -55314,8 +53523,7 @@ components: type: object properties: criticality: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel' required: - criticality entity: @@ -55354,8 +53562,7 @@ components: name: type: string risk: - $ref: >- - #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord' roles: items: type: string @@ -55375,8 +53582,7 @@ components: - comment Security_Exceptions_API_CreateExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment' type: array Security_Exceptions_API_CreateRuleExceptionListItemComment: type: object @@ -55387,28 +53593,23 @@ components: - comment Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment' type: array Security_Exceptions_API_CreateRuleExceptionListItemProps: type: object properties: comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray' default: [] description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' meta: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: @@ -55417,8 +53618,7 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' default: [] tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' @@ -55441,8 +53641,7 @@ components: created_by: type: string description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' immutable: @@ -55456,8 +53655,7 @@ components: namespace_type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray' tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: @@ -55498,27 +53696,23 @@ components: _version: type: string comments: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: format: date-time type: string created_by: type: string description: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: format: date-time type: string id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: @@ -55528,8 +53722,7 @@ components: namespace_type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray' tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: @@ -55586,18 +53779,12 @@ components: type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard' discriminator: propertyName: type Security_Exceptions_API_ExceptionListItemEntryArray: @@ -55610,8 +53797,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - exists @@ -55636,8 +53822,7 @@ components: - id - type operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - list @@ -55653,8 +53838,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match @@ -55672,8 +53856,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - match_any @@ -55694,8 +53877,7 @@ components: field: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator' type: enum: - wildcard @@ -55712,8 +53894,7 @@ components: properties: entries: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem' minItems: 1 type: array field: @@ -55728,12 +53909,9 @@ components: - entries Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny' + - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists' Security_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded @@ -55791,16 +53969,14 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' item_id: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' required: - error Security_Exceptions_API_ExceptionListsImportBulkErrorArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: items: @@ -55820,15 +53996,11 @@ components: minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: - description: > - Determines whether the exception container is available in all Kibana - spaces or just the space - + description: | + Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where: - - `single`: Only available in the Kibana space in which it is created. - - `agnostic`: Available in all Kibana spaces. enum: - agnostic @@ -55907,8 +54079,7 @@ components: - comment Security_Exceptions_API_UpdateExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment' type: array Security_Exceptions_API_UUID: description: A universally unique identifier @@ -56600,9 +54771,7 @@ components: $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' nullable: true Security_Timeline_API_DataProviderType: - description: >- - The type of data provider to create. Valid values are `default` and - `template`. + description: The type of data provider to create. Valid values are `default` and `template`. enum: - default - template @@ -56796,8 +54965,7 @@ components: oneOf: - allOf: - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - $ref: >- - #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody' - nullable: true type: object Security_Timeline_API_PersistTimelineResponse: @@ -56865,15 +55033,13 @@ components: type: object properties: alias_purpose: - $ref: >- - #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose' alias_target_id: type: string outcome: $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome' timeline: - $ref: >- - #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + $ref: '#/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject' required: - timeline - outcome @@ -57018,8 +55184,7 @@ components: nullable: true type: string kqlQuery: - $ref: >- - #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult + $ref: '#/components/schemas/Security_Timeline_API_SerializedFilterQueryResult' nullable: true savedQueryId: nullable: true @@ -57116,8 +55281,7 @@ components: Security_Timeline_API_TimelineResponse: allOf: - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - - $ref: >- - #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId' - type: object properties: eventIdToNoteIds: @@ -57183,18 +55347,14 @@ components: - savedObjectId - version Security_Timeline_API_TimelineStatus: - description: >- - The status of the timeline. Valid values are `active`, `draft`, and - `immutable`. + description: The status of the timeline. Valid values are `active`, `draft`, and `immutable`. enum: - active - draft - immutable type: string Security_Timeline_API_TimelineType: - description: >- - The type of timeline to create. Valid values are `default` and - `template`. + description: The type of timeline to create. Valid values are `default` and `template`. enum: - default - template @@ -57293,9 +55453,8 @@ components: title: Budgeting method type: string SLOs_create_slo_request: - description: > - The create SLO API request body varies depending on the type of - indicator, time window and budgeting method. + description: | + The create SLO API request body varies depending on the type of indicator, time window and budgeting method. properties: budgetingMethod: $ref: '#/components/schemas/SLOs_budgeting_method' @@ -57305,9 +55464,7 @@ components: groupBy: $ref: '#/components/schemas/SLOs_group_by' id: - description: >- - A optional and unique identifier for the SLO. Must be between 8 and - 36 chars + description: A optional and unique identifier for the SLO. Must be between 8 and 36 chars example: my-super-slo-id type: string indicator: @@ -57351,10 +55508,8 @@ components: required: - id SLOs_delete_slo_instances_request: - description: > - The delete SLO instances request takes a list of SLO id and instance id, - then delete the rollup and summary data. This API can be used to remove - the staled data of an instance SLO that no longer get updated. + description: | + The delete SLO instances request takes a list of SLO id and instance id, then delete the rollup and summary data. This API can be used to remove the staled data of an instance SLO that no longer get updated. properties: list: description: An array of slo id and instance id @@ -57390,9 +55545,7 @@ components: example: 0.02 type: number isEstimated: - description: >- - Only for SLO defined with occurrences budgeting method and calendar - aligned time window. + description: Only for SLO defined with occurrences budgeting method and calendar aligned time window. example: true type: boolean remaining: @@ -57463,9 +55616,7 @@ components: title: Find SLO response type: object SLOs_group_by: - description: >- - optional group by field or fields to use to generate an SLO per distinct - value + description: optional group by field or fields to use to generate an SLO per distinct value example: - - service.name - service.name @@ -57586,11 +55737,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -57631,11 +55778,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -57652,16 +55795,12 @@ components: example: A type: string metrics: - description: >- - List of metrics with their name, aggregation type, and - field. + description: List of metrics with their name, aggregation type, and field. items: type: object properties: aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" + description: The aggregation type of the metric. Only valid option is "sum" enum: - sum example: sum @@ -57706,16 +55845,12 @@ components: example: A type: string metrics: - description: >- - List of metrics with their name, aggregation type, and - field. + description: List of metrics with their name, aggregation type, and field. items: type: object properties: aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" + description: The aggregation type of the metric. Only valid option is "sum" enum: - sum example: sum @@ -57764,11 +55899,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -57796,15 +55927,11 @@ components: example: 'processor.outcome: "success"' type: string from: - description: >- - The starting value of the range. Only required for "range" - aggregations. + description: The starting value of the range. Only required for "range" aggregations. example: 0 type: number to: - description: >- - The ending value of the range. Only required for "range" - aggregations. + description: The ending value of the range. Only required for "range" aggregations. example: 100 type: number required: @@ -57840,15 +55967,11 @@ components: example: 'processor.outcome : *' type: string from: - description: >- - The starting value of the range. Only required for "range" - aggregations. + description: The starting value of the range. Only required for "range" aggregations. example: 0 type: number to: - description: >- - The ending value of the range. Only required for "range" - aggregations. + description: The ending value of the range. Only required for "range" aggregations. example: 100 type: number required: @@ -57877,11 +56000,7 @@ components: type: object properties: dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + description: The kibana data view id to use, primarily used to include data view runtime mappings. Make sure to save SLO again if you add/update run time fields to the data view and if those fields are being used in slo queries. example: 03b80ab3-003d-498b-881c-3beedbaf1162 type: string filter: @@ -57893,15 +56012,12 @@ components: example: my-service-* type: string metric: - description: > - An object defining the metrics, equation, and threshold to - determine if it's a good slice or not + description: | + An object defining the metrics, equation, and threshold to determine if it's a good slice or not type: object properties: comparator: - description: >- - The comparator to use to compare the equation to the - threshold. + description: The comparator to use to compare the equation to the threshold. enum: - GT - GTE @@ -57914,22 +56030,15 @@ components: example: A type: string metrics: - description: >- - List of metrics with their name, aggregation type, and - field. + description: List of metrics with their name, aggregation type, and field. items: anyOf: - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_percentile_metric - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_doc_count_metric + - $ref: '#/components/schemas/SLOs_timeslice_metric_basic_metric_with_field' + - $ref: '#/components/schemas/SLOs_timeslice_metric_percentile_metric' + - $ref: '#/components/schemas/SLOs_timeslice_metric_doc_count_metric' type: array threshold: - description: >- - The threshold used to determine if the metric is a good - slice or not. + description: The threshold used to determine if the metric is a good slice or not. example: 100 type: number required: @@ -58012,17 +56121,13 @@ components: minimum: 0 type: number timesliceTarget: - description: >- - the target objective for each slice when using a timeslices - budgeting method + description: the target objective for each slice when using a timeslices budgeting method example: 0.995 maximum: 100 minimum: 0 type: number timesliceWindow: - description: >- - the duration of each slice when using a timeslices budgeting method, - as {duraton}{unit} + description: the duration of each slice when using a timeslices budgeting method, as {duraton}{unit} example: 5m type: string required: @@ -58254,16 +56359,11 @@ components: type: object properties: duration: - description: >- - the duration formatted as {duration}{unit}. Accepted values for - rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w - (weekly) or 1M (monthly) + description: 'the duration formatted as {duration}{unit}. Accepted values for rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w (weekly) or 1M (monthly)' example: 30d type: string type: - description: >- - Indicates weither the time window is a rolling or a calendar aligned - time window. + description: Indicates weither the time window is a rolling or a calendar aligned time window. enum: - rolling - calendarAligned @@ -58332,9 +56432,7 @@ components: type: object properties: aggregation: - description: >- - The aggregation type of the metric. Only valid option is - "percentile" + description: The aggregation type of the metric. Only valid option is "percentile" enum: - percentile example: percentile @@ -58363,9 +56461,8 @@ components: - percentile title: Timeslice Metric Percentile Metric SLOs_update_slo_request: - description: > - The update SLO API request body varies depending on the type of - indicator, time window and budgeting method. Partial update is handled. + description: | + The update SLO API request body varies depending on the type of indicator, time window and budgeting method. Partial update is handled. properties: budgetingMethod: $ref: '#/components/schemas/SLOs_budgeting_method' @@ -58398,128 +56495,2866 @@ components: $ref: '#/components/schemas/SLOs_time_window' title: Update SLO request type: object - securitySchemes: - apiKeyAuth: - description: > - These APIs use key-based authentication. You must create an API key and - use the encoded value in the request header. For example: - `Authorization: ApiKey base64AccessApiKey` - in: header - name: Authorization - type: apiKey - basicAuth: - scheme: basic - type: http -security: - - apiKeyAuth: [] - - basicAuth: [] -tags: - - name: alerting - - description: | - Adjust APM agent configuration without need to redeploy your application. - name: APM agent configuration - - description: > - Configure APM agent keys to authorize requests from APM agents to the APM - Server. - name: APM agent keys - - description: > - Annotate visualizations in the APM app with significant events. - Annotations enable you to easily see how events are impacting the - performance of your applications. - name: APM annotations - - description: Create APM fleet server schema. - name: APM server schema - - description: Configure APM source maps. - name: APM sourcemaps - - description: Case APIs enable you to open and track issues. - name: cases - - name: connectors - - name: Data streams - - description: >- - Data view APIs enable you to manage data views, formerly known as Kibana - index patterns. - name: data views - - name: Elastic Agent actions - - name: Elastic Agent binary download sources - - name: Elastic Agent policies - - name: Elastic Agent status - - name: Elastic Agents - - name: Elastic Package Manager (EPM) - - name: Fleet enrollment API keys - - name: Fleet internals - - name: Fleet outputs - - name: Fleet package policies - - name: Fleet proxies - - name: Fleet Server hosts - - name: Fleet service tokens - - name: Fleet uninstall tokens - - name: Message Signing Service - - description: Machine learning - name: ml - - name: roles - - description: > - Export sets of saved objects that you want to import into Kibana, resolve - import errors, and rotate an encryption key for encrypted saved objects - with the saved objects APIs. - - - To manage a specific type of saved object, use the corresponding APIs. - - For example, use: - - - * [Data views](../group/endpoint-data-views) - - * [Spaces](https://www.elastic.co/guide/en/kibana/current/spaces-api.html) - - * [Short - URLs](https://www.elastic.co/guide/en/kibana/current/short-urls-api.html) - - - Warning: Do not write documents directly to the `.kibana` index. When you - write directly to the `.kibana` index, the data becomes corrupted and - permanently breaks future Kibana versions. - name: saved objects - x-displayName: Saved objects - - description: Manage and interact with Security Assistant resources. - name: Security AI Assistant API - x-displayName: Security AI assistant - - description: >- - You can create rules that automatically turn events and external alerts - sent to Elastic Security into detection alerts. These alerts are displayed - on the Detections page. - name: Security Detections API - x-displayName: Security detections - - description: >- - Endpoint Exceptions API allows you to manage detection rule endpoint - exceptions to prevent a rule from generating an alert from incoming events - even when the rule's other criteria are met. - name: Security Endpoint Exceptions API - x-displayName: Security endpoint exceptions - - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Endpoint Management API - x-displayName: Security endpoint management - - description: '' - name: Security Entity Analytics API - x-displayName: Security entity analytics - - description: >- - Exceptions API allows you to manage detection rule exceptions to prevent a - rule from generating an alert from incoming events even when the rule's - other criteria are met. - name: Security Exceptions API - x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. - name: Security Lists API - x-displayName: Security lists - - description: Run live queries, manage packs and saved queries. - name: Security Osquery API - x-displayName: Security Osquery - - description: >- - You can create Timelines and Timeline templates via the API, as well as - import new Timelines from an ndjson file. - name: Security Timeline API - x-displayName: Security timeline - - description: SLO APIs enable you to define, manage and track service-level objectives - name: slo - - name: spaces - - name: system + bedrock_config: + title: Connector request properties for an Amazon Bedrock connector + description: Defines properties for connectors when type is `.bedrock`. + type: object + required: + - apiUrl + properties: + apiUrl: + type: string + description: The Amazon Bedrock request URL. + defaultModel: + type: string + description: | + The generative artificial intelligence model for Amazon Bedrock to use. Current support is for the Anthropic Claude models. + default: anthropic.claude-3-5-sonnet-20240620-v1:0 + crowdstrike_config: + title: Connector request config properties for a Crowdstrike connector + required: + - url + description: Defines config properties for connectors when type is `.crowdstrike`. + type: object + properties: + url: + description: | + The CrowdStrike tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + type: string + d3security_config: + title: Connector request properties for a D3 Security connector + description: Defines properties for connectors when type is `.d3security`. + type: object + required: + - url + properties: + url: + type: string + description: | + The D3 Security API request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + email_config: + title: Connector request properties for an email connector + description: Defines properties for connectors when type is `.email`. + required: + - from + type: object + properties: + clientId: + description: | + The client identifier, which is a part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + type: string + nullable: true + from: + description: | + The from address for all emails sent by the connector. It must be specified in `user@host-name` format. + type: string + hasAuth: + description: | + Specifies whether a user and password are required inside the secrets configuration. + default: true + type: boolean + host: + description: | + The host name of the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + type: string + oauthTokenUrl: + type: string + nullable: true + port: + description: | + The port to connect to on the service provider. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: | + Specifies whether the connection to the service provider will use TLS. If the `service` is `elastic_cloud` (for Elastic Cloud notifications) or one of Nodemailer's well-known email service providers, this property is ignored. + type: boolean + service: + description: | + The name of the email service. + type: string + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses + tenantId: + description: | + The tenant identifier, which is part of OAuth 2.0 client credentials authentication, in GUID format. If `service` is `exchange_server`, this property is required. + type: string + nullable: true + gemini_config: + title: Connector request properties for an Google Gemini connector + description: Defines properties for connectors when type is `.gemini`. + type: object + required: + - apiUrl + - gcpRegion + - gcpProjectID + properties: + apiUrl: + type: string + description: The Google Gemini request URL. + defaultModel: + type: string + description: The generative artificial intelligence model for Google Gemini to use. + default: gemini-1.5-pro-002 + gcpRegion: + type: string + description: The GCP region where the Vertex AI endpoint enabled. + gcpProjectID: + type: string + description: The Google ProjectID that has Vertex AI endpoint enabled. + resilient_config: + title: Connector request properties for a IBM Resilient connector + required: + - apiUrl + - orgId + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + apiUrl: + description: The IBM Resilient instance URL. + type: string + orgId: + description: The IBM Resilient organization ID. + type: string + index_config: + title: Connector request properties for an index connector + required: + - index + description: Defines properties for connectors when type is `.index`. + type: object + properties: + executionTimeField: + description: A field that indicates when the document was indexed. + default: null + type: string + nullable: true + index: + description: The Elasticsearch index to be written to. + type: string + refresh: + description: | + The refresh policy for the write request, which affects when changes are made visible to search. Refer to the refresh setting for Elasticsearch document APIs. + default: false + type: boolean + jira_config: + title: Connector request properties for a Jira connector + required: + - apiUrl + - projectKey + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + apiUrl: + description: The Jira instance URL. + type: string + projectKey: + description: The Jira project key. + type: string + genai_azure_config: + title: Connector request properties for an OpenAI connector that uses Azure OpenAI + description: | + Defines properties for connectors when type is `.gen-ai` and the API provider is `Azure OpenAI`. + type: object + required: + - apiProvider + - apiUrl + properties: + apiProvider: + type: string + description: The OpenAI API provider. + enum: + - Azure OpenAI + apiUrl: + type: string + description: The OpenAI API endpoint. + genai_openai_config: + title: Connector request properties for an OpenAI connector + description: | + Defines properties for connectors when type is `.gen-ai` and the API provider is `OpenAI`. + type: object + required: + - apiProvider + - apiUrl + properties: + apiProvider: + type: string + description: The OpenAI API provider. + enum: + - OpenAI + apiUrl: + type: string + description: The OpenAI API endpoint. + defaultModel: + type: string + description: The default model to use for requests. + opsgenie_config: + title: Connector request properties for an Opsgenie connector + required: + - apiUrl + description: Defines properties for connectors when type is `.opsgenie`. + type: object + properties: + apiUrl: + description: | + The Opsgenie URL. For example, `https://api.opsgenie.com` or `https://api.eu.opsgenie.com`. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + type: string + pagerduty_config: + title: Connector request properties for a PagerDuty connector + description: Defines properties for connectors when type is `.pagerduty`. + type: object + properties: + apiUrl: + description: The PagerDuty event URL. + type: string + nullable: true + example: https://events.pagerduty.com/v2/enqueue + sentinelone_config: + title: Connector request properties for a SentinelOne connector + required: + - url + description: Defines properties for connectors when type is `.sentinelone`. + type: object + properties: + url: + description: | + The SentinelOne tenant URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + type: string + servicenow_config: + title: Connector request properties for a ServiceNow ITSM connector + required: + - apiUrl + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + apiUrl: + type: string + description: The ServiceNow instance URL. + clientId: + description: | + The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + type: string + isOAuth: + description: | + The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). + default: false + type: boolean + jwtKeyId: + description: | + The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: | + The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + type: string + usesTableApi: + description: | + Determines whether the connector uses the Table API or the Import Set API. This property is supported only for ServiceNow ITSM and ServiceNow SecOps connectors. NOTE: If this property is set to `false`, the Elastic application should be installed in ServiceNow. + default: true + type: boolean + servicenow_itom_config: + title: Connector request properties for a ServiceNow ITOM connector + required: + - apiUrl + description: Defines properties for connectors when type is `.servicenow-itom`. + type: object + properties: + apiUrl: + type: string + description: The ServiceNow instance URL. + clientId: + description: | + The client ID assigned to your OAuth application. This property is required when `isOAuth` is `true`. + type: string + isOAuth: + description: | + The type of authentication to use. The default value is false, which means basic authentication is used instead of open authorization (OAuth). + default: false + type: boolean + jwtKeyId: + description: | + The key identifier assigned to the JWT verifier map of your OAuth application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: | + The identifier to use for OAuth authentication. This identifier should be the user field you selected when you created an OAuth JWT API endpoint for external clients in your ServiceNow instance. For example, if the selected user field is `Email`, the user identifier should be the user's email address. This property is required when `isOAuth` is `true`. + type: string + slack_api_config: + title: Connector request properties for a Slack connector + description: Defines properties for connectors when type is `.slack_api`. + type: object + properties: + allowedChannels: + type: array + description: A list of valid Slack channels. + items: + type: object + required: + - id + - name + maxItems: 25 + properties: + id: + type: string + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 + name: + type: string + description: The Slack channel name. + minLength: 1 + swimlane_config: + title: Connector request properties for a Swimlane connector + required: + - apiUrl + - appId + - connectorType + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + apiUrl: + description: The Swimlane instance URL. + type: string + appId: + description: The Swimlane application ID. + type: string + connectorType: + description: The type of connector. Valid values are `all`, `alerts`, and `cases`. + type: string + enum: + - all + - alerts + - cases + mappings: + title: Connector mappings properties for a Swimlane connector + description: The field mapping. + type: object + properties: + alertIdConfig: + title: Alert identifier mapping + description: Mapping for the alert ID. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + caseIdConfig: + title: Case identifier mapping + description: Mapping for the case ID. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + caseNameConfig: + title: Case name mapping + description: Mapping for the case name. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + commentsConfig: + title: Case comment mapping + description: Mapping for the case comments. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + descriptionConfig: + title: Case description mapping + description: Mapping for the case description. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + ruleNameConfig: + title: Rule name mapping + description: Mapping for the name of the alert's rule. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + severityConfig: + title: Severity mapping + description: Mapping for the severity. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + thehive_config: + title: Connector request properties for a TheHive connector + description: Defines configuration properties for connectors when type is `.thehive`. + type: object + required: + - url + properties: + organisation: + type: string + description: | + The organisation in TheHive that will contain the alerts or cases. By default, the connector uses the default organisation of the user account that created the API key. + url: + type: string + description: | + The instance URL in TheHive. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + tines_config: + title: Connector request properties for a Tines connector + description: Defines properties for connectors when type is `.tines`. + type: object + required: + - url + properties: + url: + description: | + The Tines tenant URL. If you are using the `xpack.actions.allowedHosts` setting, make sure this hostname is added to the allowed hosts. + type: string + torq_config: + title: Connector request properties for a Torq connector + description: Defines properties for connectors when type is `.torq`. + type: object + required: + - webhookIntegrationUrl + properties: + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. + type: string + auth_type: + title: Authentication type + type: string + nullable: true + enum: + - webhook-authentication-basic + - webhook-authentication-ssl + description: | + The type of authentication to use: basic, SSL, or none. + ca: + title: Certificate authority + type: string + description: | + A base64 encoded version of the certificate authority file that the connector can trust to sign and validate certificates. This option is available for all authentication types. + cert_type: + title: Certificate type + type: string + description: | + If the `authType` is `webhook-authentication-ssl`, specifies whether the certificate authentication data is in a CRT and key file format or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx + has_auth: + title: Has authentication + type: boolean + description: If true, a username and password for login type authentication must be provided. + default: true + verification_mode: + title: Verification mode + type: string + enum: + - certificate + - full + - none + default: full + description: | + Controls the verification of certificates. Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority (CA), and has a hostname or IP address that matches the names within the certificate. Use `certificate` to validate the certificate and verify that it is signed by a trusted authority; this option does not check the certificate hostname. Use `none` to skip certificate validation. + webhook_config: + title: Connector request properties for a Webhook connector + description: Defines properties for connectors when type is `.webhook`. + type: object + properties: + authType: + $ref: '#/components/schemas/auth_type' + ca: + $ref: '#/components/schemas/ca' + certType: + $ref: '#/components/schemas/cert_type' + hasAuth: + $ref: '#/components/schemas/has_auth' + headers: + type: object + nullable: true + description: A set of key-value pairs sent as headers with the request. + method: + type: string + default: post + enum: + - post + - put + description: | + The HTTP request method, either `post` or `put`. + url: + type: string + description: | + The request URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + verificationMode: + $ref: '#/components/schemas/verification_mode' + cases_webhook_config: + title: Connector request properties for Webhook - Case Management connector + required: + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + authType: + $ref: '#/components/schemas/auth_type' + ca: + $ref: '#/components/schemas/ca' + certType: + $ref: '#/components/schemas/cert_type' + createCommentJson: + type: string + description: | + A JSON payload sent to the create comment URL to create a case comment. You can use variables to add Kibana Cases data to the payload. The required variable is `case.comment`. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated once the Mustache variables have been placed when the REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. + example: '{"body": {{{case.comment}}}}' + createCommentMethod: + type: string + description: | + The REST API HTTP request method to create a case comment in the third-party system. Valid values are `patch`, `post`, and `put`. + default: put + enum: + - patch + - post + - put + createCommentUrl: + type: string + description: | + The REST API URL to create a case comment by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts setting`, add the hostname to the allowed hosts. + example: https://example.com/issue/{{{external.system.id}}}/comment + createIncidentJson: + type: string + description: | + A JSON payload sent to the create case URL to create a case. You can use variables to add case data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. + example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' + createIncidentMethod: + type: string + description: | + The REST API HTTP request method to create a case in the third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + default: post + createIncidentResponseKey: + type: string + description: The JSON key in the create external case response that contains the case ID. + createIncidentUrl: + type: string + description: | + The REST API URL to create a case in the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + getIncidentResponseExternalTitleKey: + type: string + description: The JSON key in get external case response that contains the case title. + getIncidentUrl: + type: string + description: | + The REST API URL to get the case by ID from the third-party system. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. You can use a variable to add the external system ID to the URL. Due to Mustache template variables (the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid, disregarding the Mustache variables, so the later validation will pass. + example: https://example.com/issue/{{{external.system.id}}} + hasAuth: + $ref: '#/components/schemas/has_auth' + headers: + type: string + description: | + A set of key-value pairs sent as headers with the request URLs for the create case, update case, get case, and create comment methods. + updateIncidentJson: + type: string + description: | + The JSON payload sent to the update case URL to update the case. You can use variables to add Kibana Cases data to the payload. Required variables are `case.title` and `case.description`. Due to Mustache template variables (which is the text enclosed in triple braces, for example, `{{{case.title}}}`), the JSON is not validated when you create the connector. The JSON is validated after the Mustache variables have been placed when REST method runs. Manually ensure that the JSON is valid to avoid future validation errors; disregard Mustache variables during your review. + example: '{"fields": {"summary": {{{case.title}}},"description": {{{case.description}}},"labels": {{{case.tags}}}}}' + updateIncidentMethod: + type: string + description: | + The REST API HTTP request method to update the case in the third-party system. Valid values are `patch`, `post`, and `put`. + default: put + enum: + - patch + - post + - put + updateIncidentUrl: + type: string + description: | + The REST API URL to update the case by ID in the third-party system. You can use a variable to add the external system ID to the URL. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + example: https://example.com/issue/{{{external.system.ID}}} + verificationMode: + $ref: '#/components/schemas/verification_mode' + viewIncidentUrl: + type: string + description: | + The URL to view the case in the external system. You can use variables to add the external system ID or external system title to the URL. + example: https://testing-jira.atlassian.net/browse/{{{external.system.title}}} + xmatters_config: + title: Connector request properties for an xMatters connector + description: Defines properties for connectors when type is `.xmatters`. + type: object + properties: + configUrl: + description: | + The request URL for the Elastic Alerts trigger in xMatters. It is applicable only when `usesBasic` is `true`. + type: string + nullable: true + usesBasic: + description: Specifies whether the connector uses HTTP basic authentication (`true`) or URL authentication (`false`). + type: boolean + default: true + bedrock_secrets: + title: Connector secrets properties for an Amazon Bedrock connector + description: Defines secrets for connectors when type is `.bedrock`. + type: object + required: + - accessKey + - secret + properties: + accessKey: + type: string + description: The AWS access key for authentication. + secret: + type: string + description: The AWS secret for authentication. + crowdstrike_secrets: + title: Connector secrets properties for a Crowdstrike connector + description: Defines secrets for connectors when type is `.crowdstrike`. + type: object + required: + - clientId + - clientSecret + properties: + clientId: + description: The CrowdStrike API client identifier. + type: string + clientSecret: + description: The CrowdStrike API client secret to authenticate the `clientId`. + type: string + d3security_secrets: + title: Connector secrets properties for a D3 Security connector + description: Defines secrets for connectors when type is `.d3security`. + required: + - token + type: object + properties: + token: + type: string + description: The D3 Security token. + email_secrets: + title: Connector secrets properties for an email connector + description: Defines secrets for connectors when type is `.email`. + type: object + properties: + clientSecret: + type: string + description: | + The Microsoft Exchange Client secret for OAuth 2.0 client credentials authentication. It must be URL-encoded. If `service` is `exchange_server`, this property is required. + password: + type: string + description: | + The password for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. + user: + type: string + description: | + The username for HTTP basic authentication. If `hasAuth` is set to `true`, this property is required. + gemini_secrets: + title: Connector secrets properties for a Google Gemini connector + description: Defines secrets for connectors when type is `.gemini`. + type: object + required: + - credentialsJson + properties: + credentialsJson: + type: string + description: The service account credentials JSON file. The service account should have Vertex AI user IAM role assigned to it. + resilient_secrets: + title: Connector secrets properties for IBM Resilient connector + required: + - apiKeyId + - apiKeySecret + description: Defines secrets for connectors when type is `.resilient`. + type: object + properties: + apiKeyId: + type: string + description: The authentication key ID for HTTP Basic authentication. + apiKeySecret: + type: string + description: The authentication key secret for HTTP Basic authentication. + jira_secrets: + title: Connector secrets properties for a Jira connector + required: + - apiToken + - email + description: Defines secrets for connectors when type is `.jira`. + type: object + properties: + apiToken: + description: The Jira API authentication token for HTTP basic authentication. + type: string + email: + description: The account email for HTTP Basic authentication. + type: string + teams_secrets: + title: Connector secrets properties for a Microsoft Teams connector + description: Defines secrets for connectors when type is `.teams`. + type: object + required: + - webhookUrl + properties: + webhookUrl: + type: string + description: | + The URL of the incoming webhook. If you are using the `xpack.actions.allowedHosts` setting, add the hostname to the allowed hosts. + genai_secrets: + title: Connector secrets properties for an OpenAI connector + description: Defines secrets for connectors when type is `.gen-ai`. + type: object + properties: + apiKey: + type: string + description: The OpenAI API key. + opsgenie_secrets: + title: Connector secrets properties for an Opsgenie connector + required: + - apiKey + description: Defines secrets for connectors when type is `.opsgenie`. + type: object + properties: + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. + type: string + pagerduty_secrets: + title: Connector secrets properties for a PagerDuty connector + description: Defines secrets for connectors when type is `.pagerduty`. + type: object + required: + - routingKey + properties: + routingKey: + description: | + A 32 character PagerDuty Integration Key for an integration on a service. + type: string + sentinelone_secrets: + title: Connector secrets properties for a SentinelOne connector + description: Defines secrets for connectors when type is `.sentinelone`. + type: object + required: + - token + properties: + token: + description: The A SentinelOne API token. + type: string + servicenow_secrets: + title: Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors + description: Defines secrets for connectors when type is `.servicenow`, `.servicenow-sir`, or `.servicenow-itom`. + type: object + properties: + clientSecret: + type: string + description: The client secret assigned to your OAuth application. This property is required when `isOAuth` is `true`. + password: + type: string + description: The password for HTTP basic authentication. This property is required when `isOAuth` is `false`. + privateKey: + type: string + description: The RSA private key that you created for use in ServiceNow. This property is required when `isOAuth` is `true`. + privateKeyPassword: + type: string + description: The password for the RSA private key. This property is required when `isOAuth` is `true` and you set a password on your private key. + username: + type: string + description: The username for HTTP basic authentication. This property is required when `isOAuth` is `false`. + slack_api_secrets: + title: Connector secrets properties for a Web API Slack connector + description: Defines secrets for connectors when type is `.slack`. + required: + - token + type: object + properties: + token: + type: string + description: Slack bot user OAuth token. + swimlane_secrets: + title: Connector secrets properties for a Swimlane connector + description: Defines secrets for connectors when type is `.swimlane`. + type: object + properties: + apiToken: + description: Swimlane API authentication token. + type: string + thehive_secrets: + title: Connector secrets properties for a TheHive connector + description: Defines secrets for connectors when type is `.thehive`. + required: + - apiKey + type: object + properties: + apiKey: + type: string + description: The API key for authentication in TheHive. + tines_secrets: + title: Connector secrets properties for a Tines connector + description: Defines secrets for connectors when type is `.tines`. + type: object + required: + - email + - token + properties: + email: + description: The email used to sign in to Tines. + type: string + token: + description: The Tines API token. + type: string + torq_secrets: + title: Connector secrets properties for a Torq connector + description: Defines secrets for connectors when type is `.torq`. + type: object + required: + - token + properties: + token: + description: The secret of the webhook authentication header. + type: string + crt: + title: Certificate + type: string + description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT file. + key: + title: Certificate key + type: string + description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-crt-key`, it is a base64 encoded version of the KEY file. + pfx: + title: Personal information exchange + type: string + description: If `authType` is `webhook-authentication-ssl` and `certType` is `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + webhook_secrets: + title: Connector secrets properties for a Webhook connector + description: Defines secrets for connectors when type is `.webhook`. + type: object + properties: + crt: + $ref: '#/components/schemas/crt' + key: + $ref: '#/components/schemas/key' + pfx: + $ref: '#/components/schemas/pfx' + password: + type: string + description: | + The password for HTTP basic authentication or the passphrase for the SSL certificate files. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. + user: + type: string + description: | + The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. + cases_webhook_secrets: + title: Connector secrets properties for Webhook - Case Management connector + type: object + properties: + crt: + $ref: '#/components/schemas/crt' + key: + $ref: '#/components/schemas/key' + pfx: + $ref: '#/components/schemas/pfx' + password: + type: string + description: | + The password for HTTP basic authentication. If `hasAuth` is set to `true` and and `authType` is `webhook-authentication-basic`, this property is required. + user: + type: string + description: | + The username for HTTP basic authentication. If `hasAuth` is set to `true` and `authType` is `webhook-authentication-basic`, this property is required. + xmatters_secrets: + title: Connector secrets properties for an xMatters connector + description: Defines secrets for connectors when type is `.xmatters`. + type: object + properties: + password: + description: | + A user name for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. + type: string + secretsUrl: + description: | + The request URL for the Elastic Alerts trigger in xMatters with the API key included in the URL. It is applicable only when `usesBasic` is `false`. + type: string + user: + description: | + A password for HTTP basic authentication. It is applicable only when `usesBasic` is `true`. + type: string + run_acknowledge_resolve_pagerduty: + title: PagerDuty connector parameters + description: Test an action that acknowledges or resolves a PagerDuty alert. + type: object + required: + - dedupKey + - eventAction + properties: + dedupKey: + description: The deduplication key for the PagerDuty alert. + type: string + maxLength: 255 + eventAction: + description: The type of event. + type: string + enum: + - acknowledge + - resolve + run_documents: + title: Index connector parameters + description: Test an action that indexes a document into Elasticsearch. + type: object + required: + - documents + properties: + documents: + type: array + description: The documents in JSON format for index connectors. + items: + type: object + additionalProperties: true + run_message_email: + title: Email connector parameters + description: | + Test an action that sends an email message. There must be at least one recipient in `to`, `cc`, or `bcc`. + type: object + required: + - message + - subject + - anyOf: + - to + - cc + - bcc + properties: + bcc: + type: array + items: + type: string + description: | + A list of "blind carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + cc: + type: array + items: + type: string + description: | + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + message: + type: string + description: The email message text. Markdown format is supported. + subject: + type: string + description: The subject line of the email. + to: + type: array + description: | + A list of email addresses. Addresses can be specified in `user@host-name` format or in name `` format. + items: + type: string + run_message_serverlog: + title: Server log connector parameters + description: Test an action that writes an entry to the Kibana server log. + type: object + required: + - message + properties: + level: + type: string + description: The log level of the message for server log connectors. + enum: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: + type: string + description: The message for server log connectors. + run_message_slack: + title: Slack connector parameters + description: | + Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack`. + type: object + required: + - message + properties: + message: + type: string + description: The Slack message text, which cannot contain Markdown, images, or other advanced formatting. + run_trigger_pagerduty: + title: PagerDuty connector parameters + description: Test an action that triggers a PagerDuty alert. + type: object + required: + - eventAction + properties: + class: + description: The class or type of the event. + type: string + example: cpu load + component: + description: The component of the source machine that is responsible for the event. + type: string + example: eth0 + customDetails: + description: Additional details to add to the event. + type: object + dedupKey: + description: | + All actions sharing this key will be associated with the same PagerDuty alert. This value is used to correlate trigger and resolution. + type: string + maxLength: 255 + eventAction: + description: The type of event. + type: string + enum: + - trigger + group: + description: The logical grouping of components of a service. + type: string + example: app-stack + links: + description: A list of links to add to the event. + type: array + items: + type: object + properties: + href: + description: The URL for the link. + type: string + text: + description: A plain text description of the purpose of the link. + type: string + severity: + description: The severity of the event on the affected system. + type: string + enum: + - critical + - error + - info + - warning + default: info + source: + description: | + The affected system, such as a hostname or fully qualified domain name. Defaults to the Kibana saved object id of the action. + type: string + summary: + description: A summery of the event. + type: string + maxLength: 1024 + timestamp: + description: An ISO-8601 timestamp that indicates when the event was detected or generated. + type: string + format: date-time + run_addevent: + title: The addEvent subaction + type: object + required: + - subAction + description: The `addEvent` subaction for ServiceNow ITOM connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - addEvent + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: All actions sharing this key are associated with the same ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + run_closealert: + title: The closeAlert subaction + type: object + required: + - subAction + - subActionParams + description: The `closeAlert` subaction for Opsgenie connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + run_closeincident: + title: The closeIncident subaction + type: object + required: + - subAction + - subActionParams + description: The `closeIncident` subaction for ServiceNow ITSM connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - closeIncident + subActionParams: + type: object + required: + - incident + properties: + incident: + type: object + anyOf: + - required: + - correlation_id + - required: + - externalId + properties: + correlation_id: + type: string + nullable: true + description: | + An identifier that is assigned to the incident when it is created by the connector. NOTE: If you use the default value and the rule generates multiple alerts that use the same alert IDs, the latest open incident for this correlation ID is closed unless you specify the external ID. + maxLength: 100 + default: '{{rule.id}}:{{alert.id}}' + externalId: + type: string + nullable: true + description: The unique identifier (`incidentId`) for the incident in ServiceNow. + run_createalert: + title: The createAlert subaction + type: object + required: + - subAction + - subActionParams + description: The `createAlert` subaction for Opsgenie and TheHive connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - createAlert + subActionParams: + type: object + properties: + actions: + type: array + description: The custom actions available to the alert in Opsgenie connectors. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: A description that provides detailed information about the alert. + details: + type: object + description: The custom properties of the alert in Opsgenie connectors. + additionalProperties: true + example: + key1: value1 + key2: value2 + entity: + type: string + description: The domain of the alert in Opsgenie connectors. For example, the application or server name. + message: + type: string + description: The alert message in Opsgenie connectors. + note: + type: string + description: Additional information for the alert in Opsgenie connectors. + priority: + type: string + description: The priority level for the alert in Opsgenie connectors. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: | + The entities to receive notifications about the alert in Opsgenie connectors. If `type` is `user`, either `id` or `username` is required. If `type` is `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + severity: + type: integer + minimum: 1 + maximum: 4 + description: | + The severity of the incident for TheHive connectors. The value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). + source: + type: string + description: The display name for the source of the alert in Opsgenie and TheHive connectors. + sourceRef: + type: string + description: A source reference for the alert in TheHive connectors. + tags: + type: array + description: The tags for the alert in Opsgenie and TheHive connectors. + items: + type: string + title: + type: string + description: | + A title for the incident for TheHive connectors. It is used for searching the contents of the knowledge base. + tlp: + type: integer + minimum: 0 + maximum: 4 + default: 2 + description: | + The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). + type: + type: string + description: The type of alert in TheHive connectors. + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: The teams and users that the alert will be visible to without sending a notification. Only one of `id`, `name`, or `username` is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: The user name. This property is required only when the `type` is `user`. + run_fieldsbyissuetype: + title: The fieldsByIssueType subaction + type: object + required: + - subAction + - subActionParams + description: The `fieldsByIssueType` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + run_getchoices: + title: The getChoices subaction + type: object + required: + - subAction + - subActionParams + description: The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and ServiceNow SecOps connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + run_getfields: + title: The getFields subaction + type: object + required: + - subAction + description: The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - getFields + run_getincident: + title: The getIncident subaction + type: object + description: The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow SecOps connectors. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - getIncident + subActionParams: + type: object + required: + - externalId + properties: + externalId: + type: string + description: The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. + example: 71778 + run_issue: + title: The issue subaction + type: object + required: + - subAction + description: The `issue` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 + run_issues: + title: The issues subaction + type: object + required: + - subAction + - subActionParams + description: The `issues` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. + run_issuetypes: + title: The issueTypes subaction + type: object + required: + - subAction + description: The `issueTypes` subaction for Jira connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - issueTypes + run_postmessage: + title: The postMessage subaction + type: object + description: | + Test an action that sends a message to Slack. It is applicable only when the connector type is `.slack_api`. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - postMessage + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + channelIds: + type: array + maxItems: 1 + description: | + The Slack channel identifier, which must be one of the `allowedChannels` in the connector configuration. + items: + type: string + channels: + type: array + deprecated: true + description: | + The name of a channel that your Slack app has access to. + maxItems: 1 + items: + type: string + text: + type: string + description: | + The Slack message text. If it is a Slack webhook connector, the text cannot contain Markdown, images, or other advanced formatting. If it is a Slack web API connector, it can contain either plain text or block kit messages. + minLength: 1 + run_pushtoservice: + title: The pushToService subaction + type: object + required: + - subAction + - subActionParams + description: The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. + properties: + subAction: + type: string + description: The action to test. + enum: + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: Additional information that is sent to Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, or TheHive. + items: + type: object + properties: + comment: + type: string + description: A comment related to the incident. For example, describe how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: Information necessary to create or update a Jira, ServiceNow ITSM, ServiveNow SecOps, Swimlane, or TheHive incident. + properties: + additional_fields: + type: string + nullable: true + maxLength: 20 + description: | + Additional fields for ServiceNow ITSM and ServiveNow SecOps connectors. The fields must exist in the Elastic ServiceNow application and must be specified in JSON format. + alertId: + type: string + description: The alert identifier for Swimlane connectors. + caseId: + type: string + description: The case identifier for the incident for Swimlane connectors. + caseName: + type: string + description: The case name for the incident for Swimlane connectors. + category: + type: string + description: The category of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_display: + type: string + description: A descriptive label of the alert for correlation purposes for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_id: + type: string + description: | + The correlation identifier for the security incident for ServiceNow ITSM and ServiveNow SecOps connectors. Connectors using the same correlation ID are associated with the same ServiceNow incident. This value determines whether a new ServiceNow incident is created or an existing one is updated. Modifying this value is optional; if not modified, the rule ID and alert ID are combined as `{{ruleID}}:{{alert ID}}` to form the correlation ID value in ServiceNow. The maximum character length for this value is 100 characters. NOTE: Using the default configuration of `{{ruleID}}:{{alert ID}}` ensures that ServiceNow creates a separate incident record for every generated alert that uses a unique alert ID. If the rule generates multiple alerts that use the same alert IDs, ServiceNow creates and continually updates a single incident record for the alert. + description: + type: string + description: The description of the incident for Jira, ServiceNow ITSM, ServiceNow SecOps, Swimlane, TheHive, and Webhook - Case Management connectors. + dest_ip: + description: | + A list of destination IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: | + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue identifier. If present, the incident is updated. Otherwise, a new incident is created. + id: + type: string + description: The external case identifier for Webhook - Case Management connectors. + impact: + type: string + description: The impact of the incident for ServiceNow ITSM connectors. + issueType: + type: integer + description: The type of incident for Jira connectors. For example, 10006. To obtain the list of valid values, set `subAction` to `issueTypes`. + labels: + type: array + items: + type: string + description: | + The labels for the incident for Jira connectors. NOTE: Labels cannot contain spaces. + malware_hash: + description: A list of malware hashes related to the security incident for ServiceNow SecOps connectors. The hashes are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: A list of malware URLs related to the security incident for ServiceNow SecOps connectors. The URLs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + otherFields: + type: object + additionalProperties: true + maxProperties: 20 + description: | + Custom field identifiers and their values for Jira connectors. + parent: + type: string + description: The ID or key of the parent issue for Jira connectors. Applies only to `Sub-task` types of issues. + priority: + type: string + description: The priority of the incident in Jira and ServiceNow SecOps connectors. + ruleName: + type: string + description: The rule name for Swimlane connectors. + severity: + type: integer + description: | + The severity of the incident for ServiceNow ITSM, Swimlane, and TheHive connectors. In TheHive connectors, the severity value ranges from 1 (low) to 4 (critical) with a default value of 2 (medium). + short_description: + type: string + description: | + A short description of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. It is used for searching the contents of the knowledge base. + source_ip: + description: A list of source IP addresses related to the security incident for ServiceNow SecOps connectors. The IPs are added as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + status: + type: string + description: The status of the incident for Webhook - Case Management connectors. + subcategory: + type: string + description: The subcategory of the incident for ServiceNow ITSM and ServiceNow SecOps connectors. + summary: + type: string + description: A summary of the incident for Jira connectors. + tags: + type: array + items: + type: string + description: A list of tags for TheHive and Webhook - Case Management connectors. + title: + type: string + description: | + A title for the incident for Jira, TheHive, and Webhook - Case Management connectors. It is used for searching the contents of the knowledge base. + tlp: + type: integer + minimum: 0 + maximum: 4 + default: 2 + description: | + The traffic light protocol designation for the incident in TheHive connectors. Valid values include: 0 (clear), 1 (green), 2 (amber), 3 (amber and strict), and 4 (red). + urgency: + type: string + description: The urgency of the incident for ServiceNow ITSM connectors. + run_validchannelid: + title: The validChannelId subaction + type: object + description: | + Retrieves information about a valid Slack channel identifier. It is applicable only when the connector type is `.slack_api`. + required: + - subAction + - subActionParams + properties: + subAction: + type: string + description: The action to test. + enum: + - validChannelId + subActionParams: + type: object + required: + - channelId + properties: + channelId: + type: string + description: The Slack channel identifier. + example: C123ABC456 + params_property_apm_anomaly: + required: + - windowSize + - windowUnit + - environment + - anomalySeverityType + properties: + serviceName: + type: string + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + windowSize: + type: number + example: 6 + description: The window size + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + anomalySeverityType: + type: string + description: The anomaly threshold value + enum: + - critical + - major + - minor + - warning + params_property_apm_error_count: + required: + - windowSize + - windowUnit + - threshold + - environment + properties: + serviceName: + type: string + description: The service name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + threshold: + type: number + description: The error count threshold value + groupBy: + type: array + default: + - service.name + - service.environment + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.name + - error.grouping_key + errorGroupingKey: + type: string + params_property_apm_transaction_duration: + required: + - windowSize + - windowUnit + - threshold + - environment + - aggregationType + properties: + serviceName: + type: string + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + transactionName: + type: string + description: The transaction name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: ç + enum: + - m + - h + - d + environment: + type: string + threshold: + type: number + description: The latency threshold value + groupBy: + type: array + default: + - service.name + - service.environment + - transaction.type + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.type + - transaction.name + aggregationType: + type: string + enum: + - avg + - 95th + - 99th + params_property_apm_transaction_error_rate: + required: + - windowSize + - windowUnit + - threshold + - environment + properties: + serviceName: + type: string + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + transactionName: + type: string + description: The transaction name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + threshold: + type: number + description: The error rate threshold value + groupBy: + type: array + default: + - service.name + - service.environment + - transaction.type + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.type + - transaction.name + aggfield: + description: | + The name of the numeric field that is used in the aggregation. This property is required when `aggType` is `avg`, `max`, `min` or `sum`. + type: string + aggtype: + description: The type of aggregation to perform. + type: string + enum: + - avg + - count + - max + - min + - sum + default: count + excludehitsfrompreviousrun: + description: | + Indicates whether to exclude matches from previous runs. If `true`, you can avoid alert duplication by excluding documents that have already been detected by the previous rule run. This option is not available when a grouping field is specified. + type: boolean + groupby: + description: | + Indicates whether the aggregation is applied over all documents (`all`) or split into groups (`top`) using a grouping field (`termField`). If grouping is used, an alert will be created for each group when it exceeds the threshold; only the top groups (up to `termSize` number of groups) are checked. + type: string + enum: + - all + - top + default: all + size: + description: | + The number of documents to pass to the configured actions when the threshold condition is met. + type: integer + termfield: + description: | + The names of up to four fields that are used for grouping the aggregation. This property is required when `groupBy` is `top`. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 4 + termsize: + description: | + This property is required when `groupBy` is `top`. It specifies the number of groups to check against the threshold and therefore limits the number of alerts on high cardinality fields. + type: integer + threshold: + description: | + The threshold value that is used with the `thresholdComparator`. If the `thresholdComparator` is `between` or `notBetween`, you must specify the boundary values. + type: array + items: + type: integer + example: 4000 + thresholdcomparator: + description: The comparison function for the threshold. For example, "is above", "is above or equals", "is below", "is below or equals", "is between", and "is not between". + type: string + enum: + - '>' + - '>=' + - < + - <= + - between + - notBetween + example: '>' + timefield: + description: The field that is used to calculate the time window. + type: string + timewindowsize: + description: | + The size of the time window (in `timeWindowUnit` units), which determines how far back to search for documents. Generally it should be a value higher than the rule check interval to avoid gaps in detection. + type: integer + example: 5 + timewindowunit: + description: | + The type of units for the time window: seconds, minutes, hours, or days. + type: string + enum: + - s + - m + - h + - d + example: m + params_es_query_dsl_rule: + title: Elasticsearch DSL query rule params + description: | + An Elasticsearch query rule can run a query defined in Elasticsearch Query DSL and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + type: object + required: + - esQuery + - index + - threshold + - thresholdComparator + - timeField + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + esQuery: + description: The query definition, which uses Elasticsearch Query DSL. + type: string + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/groupby' + index: + description: The indices to query. + oneOf: + - type: array + items: + type: string + - type: string + searchType: + description: The type of query, in this case a query that uses Elasticsearch Query DSL. + type: string + enum: + - esQuery + default: esQuery + example: esQuery + size: + $ref: '#/components/schemas/size' + termField: + $ref: '#/components/schemas/termfield' + termSize: + $ref: '#/components/schemas/termsize' + threshold: + $ref: '#/components/schemas/threshold' + thresholdComparator: + $ref: '#/components/schemas/thresholdcomparator' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + params_es_query_esql_rule: + title: Elasticsearch ES|QL query rule params + description: | + An Elasticsearch query rule can run an ES|QL query and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + type: object + required: + - esqlQuery + - searchType + - size + - threshold + - thresholdComparator + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + esqlQuery: + type: object + required: + - esql + properties: + esql: + description: The query definition, which uses Elasticsearch Query Language. + type: string + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/groupby' + searchType: + description: The type of query, in this case a query that uses Elasticsearch Query Language (ES|QL). + type: string + enum: + - esqlQuery + example: esqlQuery + size: + type: integer + description: | + When `searchType` is `esqlQuery`, this property is required but it does not affect the rule behavior. + example: 0 + termSize: + $ref: '#/components/schemas/termsize' + threshold: + type: array + items: + type: integer + minimum: 0 + maximum: 0 + description: | + The threshold value that is used with the `thresholdComparator`. When `searchType` is `esqlQuery`, this property is required and must be set to zero. + thresholdComparator: + type: string + description: | + The comparison function for the threshold. When `searchType` is `esqlQuery`, this property is required and must be set to ">". Since the `threshold` value must be `0`, the result is that an alert occurs whenever the query returns results. + enum: + - '>' + example: '>' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + filter: + type: object + description: A filter written in Elasticsearch Query Domain Specific Language (DSL) as defined in the `kbn-es-query` package. + properties: + meta: + type: object + properties: + alias: + type: string + nullable: true + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: + type: object + type: + type: string + value: + type: string + query: + type: object + $state: + type: object + params_es_query_kql_rule: + title: Elasticsearch KQL query rule params + description: | + An Elasticsearch query rule can run a query defined in KQL or Lucene and compare the number of matches to a configured threshold. These parameters are appropriate when `rule_type_id` is `.es-query`. + type: object + required: + - searchType + - size + - threshold + - thresholdComparator + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/groupby' + searchConfiguration: + description: The query definition, which uses KQL or Lucene to fetch the documents from Elasticsearch. + type: object + properties: + filter: + type: array + items: + $ref: '#/components/schemas/filter' + index: + description: The indices to query. + oneOf: + - type: string + - type: array + items: + type: string + query: + type: object + properties: + language: + type: string + example: kuery + query: + type: string + searchType: + description: The type of query, in this case a text-based query that uses KQL or Lucene. + type: string + enum: + - searchSource + example: searchSource + size: + $ref: '#/components/schemas/size' + termField: + $ref: '#/components/schemas/termfield' + termSize: + $ref: '#/components/schemas/termsize' + threshold: + $ref: '#/components/schemas/threshold' + thresholdComparator: + $ref: '#/components/schemas/thresholdcomparator' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + params_index_threshold_rule: + title: Index threshold rule params + description: An index threshold rule runs an Elasticsearch query, aggregates field values from documents, compares them to threshold values, and schedules actions to run when the thresholds are met. These parameters are appropriate when `rule_type_id` is `.index-threshold`. + type: object + required: + - index + - threshold + - thresholdComparator + - timeField + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/aggfield' + aggType: + $ref: '#/components/schemas/aggtype' + filterKuery: + description: A KQL expression thats limits the scope of alerts. + type: string + groupBy: + $ref: '#/components/schemas/groupby' + index: + description: The indices to query. + type: array + items: + type: string + termField: + $ref: '#/components/schemas/termfield' + termSize: + $ref: '#/components/schemas/termsize' + threshold: + $ref: '#/components/schemas/threshold' + thresholdComparator: + $ref: '#/components/schemas/thresholdcomparator' + timeField: + $ref: '#/components/schemas/timefield' + timeWindowSize: + $ref: '#/components/schemas/timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/timewindowunit' + params_property_infra_inventory: + properties: + criteria: + type: array + items: + type: object + properties: + metric: + type: string + enum: + - count + - cpu + - diskLatency + - load + - memory + - memoryTotal + - tx + - rx + - logRate + - diskIOReadBytes + - diskIOWriteBytes + - s3TotalRequests + - s3NumberOfObjects + - s3BucketSize + - s3DownloadBytes + - s3UploadBytes + - rdsConnections + - rdsQueriesExecuted + - rdsActiveTransactions + - rdsLatency + - sqsMessagesVisible + - sqsMessagesDelayed + - sqsMessagesSent + - sqsMessagesEmpty + - sqsOldestMessage + - custom + timeSize: + type: number + timeUnit: + type: string + enum: + - s + - m + - h + - d + sourceId: + type: string + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + customMetric: + type: object + properties: + type: + type: string + enum: + - custom + field: + type: string + aggregation: + type: string + enum: + - avg + - max + - min + - rate + id: + type: string + label: + type: string + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + filterQuery: + type: string + filterQueryText: + type: string + nodeType: + type: string + enum: + - host + - pod + - container + - awsEC2 + - awsS3 + - awsSQS + - awsRDS + sourceId: + type: string + alertOnNoData: + type: boolean + params_property_log_threshold: + oneOf: + - title: Count + type: object + required: + - count + - timeSize + - timeUnit + - logView + properties: + criteria: + type: array + items: + type: object + properties: + field: + type: string + example: my.field + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + oneOf: + - type: number + example: 42 + - type: string + example: value + count: + type: object + properties: + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + type: number + example: 100 + timeSize: + type: number + example: 6 + timeUnit: + type: string + enum: + - s + - m + - h + - d + logView: + type: object + properties: + logViewId: + type: string + type: + type: string + enum: + - log-view-reference + example: log-view-reference + groupBy: + type: array + items: + type: string + - title: Ratio + type: object + required: + - count + - timeSize + - timeUnit + - logView + properties: + criteria: + type: array + items: + minItems: 2 + maxItems: 2 + type: array + items: + type: object + properties: + field: + type: string + example: my.field + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + oneOf: + - type: number + example: 42 + - type: string + example: value + count: + type: object + properties: + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + type: number + example: 100 + timeSize: + type: number + example: 6 + timeUnit: + type: string + enum: + - s + - m + - h + - d + logView: + type: object + properties: + logViewId: + type: string + type: + type: string + enum: + - log-view-reference + example: log-view-reference + groupBy: + type: array + items: + type: string + params_property_infra_metric_threshold: + properties: + criteria: + type: array + items: + oneOf: + - title: non count criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + metric: + type: string + aggType: + type: string + enum: + - avg + - max + - min + - cardinality + - rate + - count + - sum + - p95 + - p99 + - custom + - title: count criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + aggType: + type: string + enum: + - count + - title: custom criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + aggType: + type: string + enum: + - custom + customMetric: + type: array + items: + oneOf: + - type: object + properties: + name: + type: string + aggType: + type: string + enum: + - avg + - sum + - max + - min + - cardinality + field: + type: string + - type: object + properties: + name: + type: string + aggType: + type: string + enum: + - count + filter: + type: string + equation: + type: string + label: + type: string + groupBy: + oneOf: + - type: string + - type: array + items: + type: string + filterQuery: + type: string + sourceId: + type: string + alertOnNoData: + type: boolean + alertOnGroupDisappear: + type: boolean + params_property_slo_burn_rate: + properties: + sloId: + description: The SLO identifier used by the rule + type: string + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + burnRateThreshold: + description: The burn rate threshold used to trigger the alert + type: number + example: 14.4 + maxBurnRateThreshold: + description: The maximum burn rate threshold value defined by the SLO error budget + type: number + example: 168 + longWindow: + description: The duration of the long window used to compute the burn rate + type: object + properties: + value: + description: The duration value + type: number + example: 6 + unit: + description: The duration unit + type: string + example: h + shortWindow: + description: The duration of the short window used to compute the burn rate + type: object + properties: + value: + description: The duration value + type: number + example: 30 + unit: + description: The duration unit + type: string + example: m + params_property_synthetics_uptime_tls: + properties: + search: + type: string + certExpirationThreshold: + type: number + certAgeThreshold: + type: number + params_property_synthetics_monitor_status: + required: + - numTimes + - shouldCheckStatus + - shouldCheckAvailability + properties: + availability: + type: object + properties: + range: + type: number + rangeUnit: + type: string + threshold: + type: string + filters: + oneOf: + - type: string + - type: object + deprecated: true + properties: + monitor.type: + type: array + items: + type: string + observer.geo.name: + type: array + items: + type: string + tags: + type: array + items: + type: string + url.port: + type: array + items: + type: string + locations: + deprecated: true + type: array + items: + type: string + numTimes: + type: number + search: + type: string + shouldCheckStatus: + type: boolean + shouldCheckAvailability: + type: boolean + timerangeCount: + type: number + timerangeUnit: + type: string + timerange: + deprecated: true + type: object + properties: + from: + type: string + to: + type: string + version: + type: number + isAutoGenerated: + type: boolean + securitySchemes: + apiKeyAuth: + description: | + These APIs use key-based authentication. You must create an API key and use the encoded value in the request header. For example: `Authorization: ApiKey base64AccessApiKey` + in: header + name: Authorization + type: apiKey + basicAuth: + scheme: basic + type: http +x-topics: + - title: Kibana spaces + content: | + Spaces enable you to organize your dashboards and other saved objects into meaningful categories. + You can use the default space or create your own spaces. + + To run APIs in non-default spaces, you must add `s/{space_id}/` to the path. + For example: + + ``` + curl -X GET "http://localhost:5601/s/marketing/api/data_views" + ``` + + If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier. + + To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html). diff --git a/oas_docs/package-lock.json b/oas_docs/package-lock.json new file mode 100644 index 0000000000000..6527a6ee6a5dd --- /dev/null +++ b/oas_docs/package-lock.json @@ -0,0 +1,4637 @@ +{ + "name": "oas_docs", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "oas_docs", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "@redocly/cli": "^1.25.7", + "bump-cli": "^2.8.4" + } + }, + "node_modules/@apidevtools/json-schema-ref-parser": { + "version": "9.1.2", + "resolved": "https://registry.npmjs.org/@apidevtools/json-schema-ref-parser/-/json-schema-ref-parser-9.1.2.tgz", + "integrity": "sha512-r1w81DpR+KyRWd3f+rk6TNqMgedmAxZP5v5KWlXQWlgMUUtyEJch0DKEci1SorPMiSeM8XPl7MZ3miJ60JIpQg==", + "dependencies": { + "@jsdevtools/ono": "^7.1.3", + "@types/json-schema": "^7.0.6", + "call-me-maybe": "^1.0.1", + "js-yaml": "^4.1.0" + } + }, + "node_modules/@asyncapi/specs": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/@asyncapi/specs/-/specs-5.1.0.tgz", + "integrity": "sha512-yffhETqehkim43luMnPKOwzY0D0YtU4bKpORIXIaid6p5Y5kDLrMGJaEPkNieQp03HMjhjFrnUPtT8kvqe0+aQ==", + "dependencies": { + "@types/json-schema": "^7.0.11" + } + }, + "node_modules/@babel/runtime": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.0.tgz", + "integrity": "sha512-FDSOghenHTiToteC/QRlv2q3DhPZ/oOXTBoirfWNx1Cx3TMVcGWQtMMmQcSvb/JjpNeGzx8Pq/b4fKEJuWm1sw==", + "dependencies": { + "regenerator-runtime": "^0.14.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@cfaester/enzyme-adapter-react-18": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/@cfaester/enzyme-adapter-react-18/-/enzyme-adapter-react-18-0.8.0.tgz", + "integrity": "sha512-3Z3ThTUouHwz8oIyhTYQljEMNRFtlVyc3VOOHCbxs47U6cnXs8K9ygi/c1tv49s7MBlTXeIcuN+Ttd9aPtILFQ==", + "dependencies": { + "enzyme-shallow-equal": "^1.0.0", + "function.prototype.name": "^1.1.6", + "has": "^1.0.4", + "react-is": "^18.2.0", + "react-shallow-renderer": "^16.15.0" + }, + "peerDependencies": { + "enzyme": "^3.11.0", + "react": ">=18", + "react-dom": ">=18" + } + }, + "node_modules/@clack/core": { + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/@clack/core/-/core-0.3.4.tgz", + "integrity": "sha512-H4hxZDXgHtWTwV3RAVenqcC4VbJZNegbBjlPvzOzCouXtS2y3sDvlO3IsbrPNWuLWPPlYVYPghQdSF64683Ldw==", + "dependencies": { + "picocolors": "^1.0.0", + "sisteransi": "^1.0.5" + } + }, + "node_modules/@clack/prompts": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/@clack/prompts/-/prompts-0.6.3.tgz", + "integrity": "sha512-AM+kFmAHawpUQv2q9+mcB6jLKxXGjgu/r2EQjEwujgpCdzrST6BJqYw00GRn56/L/Izw5U7ImoLmy00X/r80Pw==", + "bundleDependencies": [ + "is-unicode-supported" + ], + "dependencies": { + "@clack/core": "^0.3.2", + "is-unicode-supported": "*", + "picocolors": "^1.0.0", + "sisteransi": "^1.0.5" + } + }, + "node_modules/@clack/prompts/node_modules/is-unicode-supported": { + "version": "1.3.0", + "inBundle": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@cspotcode/source-map-support": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", + "integrity": "sha512-IchNf6dN4tHoMFIn/7OE8LWZ19Y6q/67Bmf6vnGREv8RSbBVb9LPJxEcnwrcwX6ixSvaiGoomAUvu4YSxXrVgw==", + "dependencies": { + "@jridgewell/trace-mapping": "0.3.9" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@emotion/is-prop-valid": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/@emotion/is-prop-valid/-/is-prop-valid-1.2.2.tgz", + "integrity": "sha512-uNsoYd37AFmaCdXlg6EYD1KaPOaRWRByMCYzbKUX4+hhMfrxdVSelShywL4JVaAeM/eHUOSprYBQls+/neX3pw==", + "dependencies": { + "@emotion/memoize": "^0.8.1" + } + }, + "node_modules/@emotion/memoize": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@emotion/memoize/-/memoize-0.8.1.tgz", + "integrity": "sha512-W2P2c/VRW1/1tLox0mVUalvnWXxavmv/Oum2aPsRcoDJuob75FC3Y8FbpfLwUegRcxINtGUMPq0tFCvYNTBXNA==" + }, + "node_modules/@emotion/unitless": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/@emotion/unitless/-/unitless-0.8.1.tgz", + "integrity": "sha512-KOEGMu6dmJZtpadb476IsZBclKvILjopjUii3V+7MnXIQCYh8W3NgNcgwo21n9LXZX6EDIKvqfjYxXebDwxKmQ==" + }, + "node_modules/@exodus/schemasafe": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/@exodus/schemasafe/-/schemasafe-1.3.0.tgz", + "integrity": "sha512-5Aap/GaRupgNx/feGBwLLTVv8OQFfv3pq2lPRzPg9R+IOBnDgghTGW7l7EuVXOvg5cc/xSAlRW8rBrjIC3Nvqw==" + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.9", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.9.tgz", + "integrity": "sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==", + "dependencies": { + "@jridgewell/resolve-uri": "^3.0.3", + "@jridgewell/sourcemap-codec": "^1.4.10" + } + }, + "node_modules/@jsdevtools/ono": { + "version": "7.1.3", + "resolved": "https://registry.npmjs.org/@jsdevtools/ono/-/ono-7.1.3.tgz", + "integrity": "sha512-4JQNk+3mVzK3xh2rqd6RB4J46qUR19azEHBneZyTZM+c456qOrbbM/5xcR8huNCCcbVt7+UmizG6GuUvPvKUYg==" + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@oclif/command": { + "version": "1.8.36", + "resolved": "https://registry.npmjs.org/@oclif/command/-/command-1.8.36.tgz", + "integrity": "sha512-/zACSgaYGtAQRzc7HjzrlIs14FuEYAZrMOEwicRoUnZVyRunG4+t5iSEeQu0Xy2bgbCD0U1SP/EdeNZSTXRwjQ==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/config": "^1.18.2", + "@oclif/errors": "^1.3.6", + "@oclif/help": "^1.0.1", + "@oclif/parser": "^3.8.17", + "debug": "^4.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "@oclif/config": "^1" + } + }, + "node_modules/@oclif/config": { + "version": "1.18.17", + "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.17.tgz", + "integrity": "sha512-k77qyeUvjU8qAJ3XK3fr/QVAqsZO8QOBuESnfeM5HHtPNLSyfVcwiMM2zveSW5xRdLSG3MfV8QnLVkuyCL2ENg==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/errors": "^1.3.6", + "@oclif/parser": "^3.8.17", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-wsl": "^2.1.1", + "tslib": "^2.6.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/core": { + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/@oclif/core/-/core-1.20.4.tgz", + "integrity": "sha512-giug32M4YhSYNYKQwE1L57/+k5gp1+Bq3/0vKNQmzAY1tizFGhvBJc6GIRZasHjU+xtZLutQvrVrJo7chX3hxg==", + "dependencies": { + "@oclif/linewrap": "^1.0.0", + "@oclif/screen": "^3.0.3", + "ansi-escapes": "^4.3.2", + "ansi-styles": "^4.3.0", + "cardinal": "^2.1.1", + "chalk": "^4.1.2", + "clean-stack": "^3.0.1", + "cli-progress": "^3.10.0", + "debug": "^4.3.4", + "ejs": "^3.1.6", + "fs-extra": "^9.1.0", + "get-package-type": "^0.1.0", + "globby": "^11.1.0", + "hyperlinker": "^1.0.0", + "indent-string": "^4.0.0", + "is-wsl": "^2.2.0", + "js-yaml": "^3.14.1", + "natural-orderby": "^2.0.3", + "object-treeify": "^1.1.33", + "password-prompt": "^1.1.2", + "semver": "^7.3.7", + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1", + "supports-color": "^8.1.1", + "supports-hyperlinks": "^2.2.0", + "tslib": "^2.4.1", + "widest-line": "^3.1.0", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@oclif/core/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/@oclif/core/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@oclif/core/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@oclif/errors": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/@oclif/errors/-/errors-1.3.6.tgz", + "integrity": "sha512-fYaU4aDceETd89KXP+3cLyg9EHZsLD3RxF2IU9yxahhBpspWjkWi3Dy3bTgcwZ3V47BgxQaGapzJWDM33XIVDQ==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "clean-stack": "^3.0.0", + "fs-extra": "^8.1", + "indent-string": "^4.0.0", + "strip-ansi": "^6.0.1", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/errors/node_modules/fs-extra": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz", + "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==", + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^4.0.0", + "universalify": "^0.1.0" + }, + "engines": { + "node": ">=6 <7 || >=8" + } + }, + "node_modules/@oclif/errors/node_modules/jsonfile": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz", + "integrity": "sha512-m6F1R3z8jjlf2imQHS2Qez5sjKWQzbuuhuJ/FKYFRZvPE3PuHcSMVZzfsLhGVOkfd20obL5SWEBew5ShlquNxg==", + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/@oclif/errors/node_modules/universalify": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz", + "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg==", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/@oclif/help": { + "version": "1.0.15", + "resolved": "https://registry.npmjs.org/@oclif/help/-/help-1.0.15.tgz", + "integrity": "sha512-Yt8UHoetk/XqohYX76DfdrUYLsPKMc5pgkzsZVHDyBSkLiGRzujVaGZdjr32ckVZU9q3a47IjhWxhip7Dz5W/g==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/config": "1.18.16", + "@oclif/errors": "1.3.6", + "chalk": "^4.1.2", + "indent-string": "^4.0.0", + "lodash": "^4.17.21", + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "widest-line": "^3.1.0", + "wrap-ansi": "^6.2.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/help/node_modules/@oclif/config": { + "version": "1.18.16", + "resolved": "https://registry.npmjs.org/@oclif/config/-/config-1.18.16.tgz", + "integrity": "sha512-VskIxVcN22qJzxRUq+raalq6Q3HUde7sokB7/xk5TqRZGEKRVbFeqdQBxDWwQeudiJEgcNiMvIFbMQ43dY37FA==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/errors": "^1.3.6", + "@oclif/parser": "^3.8.16", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-wsl": "^2.1.1", + "tslib": "^2.6.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/help/node_modules/wrap-ansi": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz", + "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/@oclif/linewrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@oclif/linewrap/-/linewrap-1.0.0.tgz", + "integrity": "sha512-Ups2dShK52xXa8w6iBWLgcjPJWjais6KPJQq3gQ/88AY6BXoTX+MIGFPrWQO1KLMiQfoTpcLnUwloN4brrVUHw==" + }, + "node_modules/@oclif/parser": { + "version": "3.8.17", + "resolved": "https://registry.npmjs.org/@oclif/parser/-/parser-3.8.17.tgz", + "integrity": "sha512-l04iSd0xoh/16TGVpXb81Gg3z7tlQGrEup16BrVLsZBK6SEYpYHRJZnM32BwZrHI97ZSFfuSwVlzoo6HdsaK8A==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "dependencies": { + "@oclif/errors": "^1.3.6", + "@oclif/linewrap": "^1.0.0", + "chalk": "^4.1.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/@oclif/plugin-help": { + "version": "5.2.20", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-5.2.20.tgz", + "integrity": "sha512-u+GXX/KAGL9S10LxAwNUaWdzbEBARJ92ogmM7g3gDVud2HioCmvWQCDohNRVZ9GYV9oKwZ/M8xwd6a1d95rEKQ==", + "dependencies": { + "@oclif/core": "^2.15.0" + }, + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/@oclif/plugin-help/node_modules/@oclif/core": { + "version": "2.16.0", + "resolved": "https://registry.npmjs.org/@oclif/core/-/core-2.16.0.tgz", + "integrity": "sha512-dL6atBH0zCZl1A1IXCKJgLPrM/wR7K+Wi401E/IvqsK8m2iCHW+0TEOGrans/cuN3oTW+uxIyJFHJ8Im0k4qBw==", + "dependencies": { + "@types/cli-progress": "^3.11.0", + "ansi-escapes": "^4.3.2", + "ansi-styles": "^4.3.0", + "cardinal": "^2.1.1", + "chalk": "^4.1.2", + "clean-stack": "^3.0.1", + "cli-progress": "^3.12.0", + "debug": "^4.3.4", + "ejs": "^3.1.8", + "get-package-type": "^0.1.0", + "globby": "^11.1.0", + "hyperlinker": "^1.0.0", + "indent-string": "^4.0.0", + "is-wsl": "^2.2.0", + "js-yaml": "^3.14.1", + "natural-orderby": "^2.0.3", + "object-treeify": "^1.1.33", + "password-prompt": "^1.1.2", + "slice-ansi": "^4.0.0", + "string-width": "^4.2.3", + "strip-ansi": "^6.0.1", + "supports-color": "^8.1.1", + "supports-hyperlinks": "^2.2.0", + "ts-node": "^10.9.1", + "tslib": "^2.5.0", + "widest-line": "^3.1.0", + "wordwrap": "^1.0.0", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@oclif/plugin-help/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/@oclif/plugin-help/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@oclif/plugin-help/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/@oclif/screen": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@oclif/screen/-/screen-3.0.8.tgz", + "integrity": "sha512-yx6KAqlt3TAHBduS2fMQtJDL2ufIHnDRArrJEOoTTuizxqmjLT+psGYOHpmMl3gvQpFJ11Hs76guUUktzAF9Bg==", + "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.", + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/@redocly/ajv": { + "version": "8.11.2", + "resolved": "https://registry.npmjs.org/@redocly/ajv/-/ajv-8.11.2.tgz", + "integrity": "sha512-io1JpnwtIcvojV7QKDUSIuMN/ikdOUd1ReEnUnMKGfDVridQZ31J0MmIuqwuRjWDZfmvr+Q0MqCcfHM2gTivOg==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2", + "uri-js-replace": "^1.0.1" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/@redocly/cli": { + "version": "1.25.11", + "resolved": "https://registry.npmjs.org/@redocly/cli/-/cli-1.25.11.tgz", + "integrity": "sha512-dttBsmLnnbTlJCTa+s7Sy+qtXDq692n7Ru3nUUIHp9XdCbhXIHWhpc8uAl+GmR4MGbVe8ohATl3J+zX3aFy82A==", + "dependencies": { + "@redocly/openapi-core": "1.25.11", + "abort-controller": "^3.0.0", + "chokidar": "^3.5.1", + "colorette": "^1.2.0", + "core-js": "^3.32.1", + "form-data": "^4.0.0", + "get-port-please": "^3.0.1", + "glob": "^7.1.6", + "handlebars": "^4.7.6", + "mobx": "^6.0.4", + "node-fetch": "^2.6.1", + "pluralize": "^8.0.0", + "react": "^17.0.0 || ^18.2.0", + "react-dom": "^17.0.0 || ^18.2.0", + "redoc": "~2.2.0", + "semver": "^7.5.2", + "simple-websocket": "^9.0.0", + "styled-components": "^6.0.7", + "yargs": "17.0.1" + }, + "bin": { + "openapi": "bin/cli.js", + "redocly": "bin/cli.js" + }, + "engines": { + "node": ">=14.19.0", + "npm": ">=7.0.0" + } + }, + "node_modules/@redocly/config": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/@redocly/config/-/config-0.16.0.tgz", + "integrity": "sha512-t9jnODbUcuANRSl/K4L9nb12V+U5acIHnVSl26NWrtSdDZVtoqUXk2yGFPZzohYf62cCfEQUT8ouJ3bhPfpnJg==" + }, + "node_modules/@redocly/openapi-core": { + "version": "1.25.11", + "resolved": "https://registry.npmjs.org/@redocly/openapi-core/-/openapi-core-1.25.11.tgz", + "integrity": "sha512-bH+a8izQz4fnKROKoX3bEU8sQ9rjvEIZOqU6qTmxlhOJ0NsKa5e+LmU18SV0oFeg5YhWQhhEDihXkvKJ1wMMNQ==", + "dependencies": { + "@redocly/ajv": "^8.11.2", + "@redocly/config": "^0.16.0", + "colorette": "^1.2.0", + "https-proxy-agent": "^7.0.4", + "js-levenshtein": "^1.1.6", + "js-yaml": "^4.1.0", + "lodash.isequal": "^4.5.0", + "minimatch": "^5.0.1", + "node-fetch": "^2.6.1", + "pluralize": "^8.0.0", + "yaml-ast-parser": "0.0.43" + }, + "engines": { + "node": ">=14.19.0", + "npm": ">=7.0.0" + } + }, + "node_modules/@redocly/openapi-core/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/@redocly/openapi-core/node_modules/minimatch": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/@stoplight/ordered-object-literal": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/@stoplight/ordered-object-literal/-/ordered-object-literal-1.0.5.tgz", + "integrity": "sha512-COTiuCU5bgMUtbIFBuyyh2/yVVzlr5Om0v5utQDgBCuQUOPgU1DwoffkTfg4UBQOvByi5foF4w4T+H9CoRe5wg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/@stoplight/types": { + "version": "14.1.1", + "resolved": "https://registry.npmjs.org/@stoplight/types/-/types-14.1.1.tgz", + "integrity": "sha512-/kjtr+0t0tjKr+heVfviO9FrU/uGLc+QNX3fHJc19xsCNYqU7lVhaXxDmEID9BZTjG+/r9pK9xP/xU02XGg65g==", + "dependencies": { + "@types/json-schema": "^7.0.4", + "utility-types": "^3.10.0" + }, + "engines": { + "node": "^12.20 || >=14.13" + } + }, + "node_modules/@stoplight/yaml": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/@stoplight/yaml/-/yaml-4.3.0.tgz", + "integrity": "sha512-JZlVFE6/dYpP9tQmV0/ADfn32L9uFarHWxfcRhReKUnljz1ZiUM5zpX+PH8h5CJs6lao3TuFqnPm9IJJCEkE2w==", + "dependencies": { + "@stoplight/ordered-object-literal": "^1.0.5", + "@stoplight/types": "^14.1.1", + "@stoplight/yaml-ast-parser": "0.0.50", + "tslib": "^2.2.0" + }, + "engines": { + "node": ">=10.8" + } + }, + "node_modules/@stoplight/yaml-ast-parser": { + "version": "0.0.50", + "resolved": "https://registry.npmjs.org/@stoplight/yaml-ast-parser/-/yaml-ast-parser-0.0.50.tgz", + "integrity": "sha512-Pb6M8TDO9DtSVla9yXSTAxmo9GVEouq5P40DWXdOie69bXogZTkgvopCq+yEvTMA0F6PEvdJmbtTV3ccIp11VQ==" + }, + "node_modules/@tsconfig/node10": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node10/-/node10-1.0.11.tgz", + "integrity": "sha512-DcRjDCujK/kCk/cUe8Xz8ZSpm8mS3mNNpta+jGCA6USEDfktlNvm1+IuZ9eTcDbNk41BHwpHHeW+N1lKCz4zOw==" + }, + "node_modules/@tsconfig/node12": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/@tsconfig/node12/-/node12-1.0.11.tgz", + "integrity": "sha512-cqefuRsh12pWyGsIoBKJA9luFu3mRxCA+ORZvA4ktLSzIuCUtWVxGIuXigEwO5/ywWFMZ2QEGKWvkZG1zDMTag==" + }, + "node_modules/@tsconfig/node14": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@tsconfig/node14/-/node14-1.0.3.tgz", + "integrity": "sha512-ysT8mhdixWK6Hw3i1V2AeRqZ5WfXg1G43mqoYlM2nc6388Fq5jcXyr5mRsqViLx/GJYdoL0bfXD8nmF+Zn/Iow==" + }, + "node_modules/@tsconfig/node16": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@tsconfig/node16/-/node16-1.0.4.tgz", + "integrity": "sha512-vxhUy4J8lyeyinH7Azl1pdd43GJhZH/tP2weN8TntQblOY+A0XbT8DJk1/oCPuOOyg/Ja757rG0CgHcWC8OfMA==" + }, + "node_modules/@types/cli-progress": { + "version": "3.11.6", + "resolved": "https://registry.npmjs.org/@types/cli-progress/-/cli-progress-3.11.6.tgz", + "integrity": "sha512-cE3+jb9WRlu+uOSAugewNpITJDt1VF8dHOopPO4IABFc3SXYL5WE/+PTz/FCdZRRfIujiWW3n3aMbv1eIGVRWA==", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==" + }, + "node_modules/@types/node": { + "version": "22.8.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.8.1.tgz", + "integrity": "sha512-k6Gi8Yyo8EtrNtkHXutUu2corfDf9su95VYVP10aGYMMROM6SAItZi0w1XszA6RtWTHSVp5OeFof37w0IEqCQg==", + "dependencies": { + "undici-types": "~6.19.8" + } + }, + "node_modules/@types/stylis": { + "version": "4.2.5", + "resolved": "https://registry.npmjs.org/@types/stylis/-/stylis-4.2.5.tgz", + "integrity": "sha512-1Xve+NMN7FWjY14vLoY5tL3BVEQ/n42YLwaqJIPYhotZ9uBHt87VceMwWQpzmdEt2TNXIorIFG+YeCUUW7RInw==" + }, + "node_modules/abort-controller": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz", + "integrity": "sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==", + "dependencies": { + "event-target-shim": "^5.0.0" + }, + "engines": { + "node": ">=6.5" + } + }, + "node_modules/acorn": { + "version": "8.14.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", + "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-walk": { + "version": "8.3.4", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz", + "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/agent-base": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", + "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", + "dependencies": { + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/ansi-escapes": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", + "dependencies": { + "type-fest": "^0.21.3" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/ansicolors": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.3.2.tgz", + "integrity": "sha512-QXu7BPrP29VllRxH8GwB7x5iX5qWKAAMLqKQGWTeLWVlNHNOpVMJ91dsxQAIWXpjuW5wqvxu3Jd/nRjrJ+0pqg==" + }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/arg": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/arg/-/arg-4.1.3.tgz", + "integrity": "sha512-58S9QDqG0Xx27YwPSt9fJxivjYl432YCwfDMfZ+71RAqUrZef7LrKQZ3LHLOwCS4FLNBplP533Zx895SeOCHvA==" + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/array-buffer-byte-length": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz", + "integrity": "sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==", + "dependencies": { + "call-bind": "^1.0.5", + "is-array-buffer": "^3.0.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/array.prototype.filter": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/array.prototype.filter/-/array.prototype.filter-1.0.4.tgz", + "integrity": "sha512-r+mCJ7zXgXElgR4IRC+fkvNCeoaavWBs6EdCso5Tbcf+iEMKzBU/His60lt34WEZ9vlb8wDkZvQGcVI5GwkfoQ==", + "peer": true, + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-abstract": "^1.23.2", + "es-array-method-boxes-properly": "^1.0.0", + "es-object-atoms": "^1.0.0", + "is-string": "^1.0.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/array.prototype.flat": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.2.tgz", + "integrity": "sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==", + "peer": true, + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/arraybuffer.prototype.slice": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/arraybuffer.prototype.slice/-/arraybuffer.prototype.slice-1.0.3.tgz", + "integrity": "sha512-bMxMKAjg13EBSVscxTaYA4mRc5t1UAXa2kXiGTNfZ079HIWXEkKmkgFrh/nJqamaLSrXO5H4WFFkPEaLJWbs3A==", + "dependencies": { + "array-buffer-byte-length": "^1.0.1", + "call-bind": "^1.0.5", + "define-properties": "^1.2.1", + "es-abstract": "^1.22.3", + "es-errors": "^1.2.1", + "get-intrinsic": "^1.2.3", + "is-array-buffer": "^3.0.4", + "is-shared-array-buffer": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/astral-regex": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz", + "integrity": "sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/async": { + "version": "3.2.6", + "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz", + "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==" + }, + "node_modules/async-mutex": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/async-mutex/-/async-mutex-0.4.1.tgz", + "integrity": "sha512-WfoBo4E/TbCX1G95XTjbWTE3X2XLG0m1Xbv2cwOtuPdyH9CZvnaA5nCt1ucjaKEgW2A5IF71hxrRhr83Je5xjA==", + "dependencies": { + "tslib": "^2.4.0" + } + }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" + }, + "node_modules/at-least-node": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", + "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/available-typed-arrays": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz", + "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==", + "dependencies": { + "possible-typed-array-names": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/axios": { + "version": "1.7.7", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz", + "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==", + "dependencies": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + }, + "node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/boolbase": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", + "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", + "peer": true + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/bump-cli": { + "version": "2.8.4", + "resolved": "https://registry.npmjs.org/bump-cli/-/bump-cli-2.8.4.tgz", + "integrity": "sha512-FwcsaY1jmCtwXkuIhkPxGLysLrxCJKnl54PHutb7N4FIuO9Hq8Xjn1giEfO3ZK8UGVZ9DiAb11H9ypFP6WNnhQ==", + "dependencies": { + "@apidevtools/json-schema-ref-parser": "^9.0.7", + "@asyncapi/specs": "^5.1.0", + "@clack/prompts": "^0.6.3", + "@oclif/command": "^1.8.36", + "@oclif/config": "^1.18.17", + "@oclif/core": "1.20.4", + "@oclif/plugin-help": "^5.1.10", + "@stoplight/yaml": "^4.2.3", + "async-mutex": "^0.4.0", + "axios": "^1.6.4", + "debug": "^4.3.1", + "jsonpath": "^1.1.1", + "mergician": "^1.0.3", + "oas-schemas": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023", + "tslib": "^2.3.0" + }, + "bin": { + "bump": "bin/run" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/call-bind": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/call-me-maybe": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz", + "integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ==" + }, + "node_modules/camelize": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/camelize/-/camelize-1.0.1.tgz", + "integrity": "sha512-dU+Tx2fsypxTgtLoE36npi3UqcjSSMNYfkqgmoEhtZrraP5VWq0K7FkWVTYa8eMPtnU/G2txVsfdCJTn9uzpuQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/cardinal": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/cardinal/-/cardinal-2.1.1.tgz", + "integrity": "sha512-JSr5eOgoEymtYHBjNWyjrMqet9Am2miJhlfKNdqLp6zoeAh0KN5dRAcxlecj5mAJrmQomgiOBj35xHLrFjqBpw==", + "dependencies": { + "ansicolors": "~0.3.2", + "redeyed": "~2.1.0" + }, + "bin": { + "cdl": "bin/cdl.js" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chalk/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/cheerio": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0.tgz", + "integrity": "sha512-quS9HgjQpdaXOvsZz82Oz7uxtXiy6UIsIQcpBj7HRw2M63Skasm9qlDocAM7jNuaxdhpPU7c4kJN+gA5MCu4ww==", + "peer": true, + "dependencies": { + "cheerio-select": "^2.1.0", + "dom-serializer": "^2.0.0", + "domhandler": "^5.0.3", + "domutils": "^3.1.0", + "encoding-sniffer": "^0.2.0", + "htmlparser2": "^9.1.0", + "parse5": "^7.1.2", + "parse5-htmlparser2-tree-adapter": "^7.0.0", + "parse5-parser-stream": "^7.1.2", + "undici": "^6.19.5", + "whatwg-mimetype": "^4.0.0" + }, + "engines": { + "node": ">=18.17" + }, + "funding": { + "url": "https://github.com/cheeriojs/cheerio?sponsor=1" + } + }, + "node_modules/cheerio-select": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz", + "integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==", + "peer": true, + "dependencies": { + "boolbase": "^1.0.0", + "css-select": "^5.1.0", + "css-what": "^6.1.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/classnames": { + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/classnames/-/classnames-2.5.1.tgz", + "integrity": "sha512-saHYOzhIQs6wy2sVxTM6bUDsQO4F50V9RQ22qBpEdCW+I+/Wmke2HOl6lS6dTpdxVhb88/I6+Hs+438c3lfUow==" + }, + "node_modules/clean-stack": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-3.0.1.tgz", + "integrity": "sha512-lR9wNiMRcVQjSB3a7xXGLuz4cr4wJuuXlaAEbRutGowQTmlp7R72/DOgN21e8jdwblMWl9UOJMJXarX94pzKdg==", + "dependencies": { + "escape-string-regexp": "4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-progress": { + "version": "3.12.0", + "resolved": "https://registry.npmjs.org/cli-progress/-/cli-progress-3.12.0.tgz", + "integrity": "sha512-tRkV3HJ1ASwm19THiiLIXLO7Im7wlTuKnvkYaTkyoAPefqjNg7W7DHKUlGRxy9vxDvbyCYQkQozvptuMkGCg8A==", + "dependencies": { + "string-width": "^4.2.3" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/cliui": { + "version": "7.0.4", + "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz", + "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==", + "dependencies": { + "string-width": "^4.2.0", + "strip-ansi": "^6.0.0", + "wrap-ansi": "^7.0.0" + } + }, + "node_modules/clsx": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", + "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==", + "engines": { + "node": ">=6" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "node_modules/colorette": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz", + "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==" + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "peer": true + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==" + }, + "node_modules/core-js": { + "version": "3.39.0", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.39.0.tgz", + "integrity": "sha512-raM0ew0/jJUqkJ0E6e8UDtl+y/7ktFivgWvqw8dNSQeNWoSDLvQ1H/RN3aPXB9tBd4/FhyR4RDPGhsNIMsAn7g==", + "hasInstallScript": true, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/create-require": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/create-require/-/create-require-1.1.1.tgz", + "integrity": "sha512-dcKFX3jn0MpIaXjisoRvexIJVEKzaq7z2rZKxf+MSr9TkdmHmsU4m2lcLojrj/FHl8mk5VxMmYA+ftRkP/3oKQ==" + }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/css-color-keywords": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/css-color-keywords/-/css-color-keywords-1.0.0.tgz", + "integrity": "sha512-FyyrDHZKEjXDpNJYvVsV960FiqQyXc/LlYmsxl2BcdMb2WPx0OGRVgTg55rPSyLSNMqP52R9r8geSp7apN3Ofg==", + "engines": { + "node": ">=4" + } + }, + "node_modules/css-select": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.1.0.tgz", + "integrity": "sha512-nwoRF1rvRRnnCqqY7updORDsuqKzqYJ28+oSMaJMMgOauh3fvwHqMS7EZpIPqK8GL+g9mKxF1vP/ZjSeNjEVHg==", + "peer": true, + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^6.1.0", + "domhandler": "^5.0.2", + "domutils": "^3.0.1", + "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/css-to-react-native": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/css-to-react-native/-/css-to-react-native-3.2.0.tgz", + "integrity": "sha512-e8RKaLXMOFii+02mOlqwjbD00KSEKqblnpO9e++1aXS1fPQOpS1YoqdVHBqPjHNoxeF2mimzVqawm2KCbEdtHQ==", + "dependencies": { + "camelize": "^1.0.0", + "css-color-keywords": "^1.0.0", + "postcss-value-parser": "^4.0.2" + } + }, + "node_modules/css-what": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz", + "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==", + "peer": true, + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/csstype": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", + "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==" + }, + "node_modules/data-view-buffer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/data-view-buffer/-/data-view-buffer-1.0.1.tgz", + "integrity": "sha512-0lht7OugA5x3iJLOWFhWK/5ehONdprk0ISXqVFn/NFrDu+cuc8iADFrGQz5BnRK7LLU3JmkbXSxaqX+/mXYtUA==", + "dependencies": { + "call-bind": "^1.0.6", + "es-errors": "^1.3.0", + "is-data-view": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/data-view-byte-length": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/data-view-byte-length/-/data-view-byte-length-1.0.1.tgz", + "integrity": "sha512-4J7wRJD3ABAzr8wP+OcIcqq2dlUKp4DVflx++hs5h5ZKydWMI6/D/fAot+yh6g2tHh8fLFTvNOaVN357NvSrOQ==", + "dependencies": { + "call-bind": "^1.0.7", + "es-errors": "^1.3.0", + "is-data-view": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/data-view-byte-offset": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/data-view-byte-offset/-/data-view-byte-offset-1.0.0.tgz", + "integrity": "sha512-t/Ygsytq+R995EJ5PZlD4Cu56sWa8InXySaViRzw9apusqsOO2bQP+SbYzAhR0pFKoB+43lYy8rWban9JSuXnA==", + "dependencies": { + "call-bind": "^1.0.6", + "es-errors": "^1.3.0", + "is-data-view": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/debug": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", + "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/decko": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/decko/-/decko-1.2.0.tgz", + "integrity": "sha512-m8FnyHXV1QX+S1cl+KPFDIl6NMkxtKsy6+U/aYyjrOqWMuwAwYWu7ePqrsUHtDR5Y8Yk2pi/KIDSgF+vT4cPOQ==" + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==" + }, + "node_modules/define-data-property": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/define-properties": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", + "dependencies": { + "define-data-property": "^1.0.1", + "has-property-descriptors": "^1.0.0", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/diff": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", + "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==", + "engines": { + "node": ">=0.3.1" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/discontinuous-range": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/discontinuous-range/-/discontinuous-range-1.0.0.tgz", + "integrity": "sha512-c68LpLbO+7kP/b1Hr1qs8/BJ09F5khZGTxqxZuhzxpmwJKOgRFHJWIb9/KmqnqHhLdO55aOxFH/EGBvUQbL/RQ==", + "peer": true + }, + "node_modules/dom-serializer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", + "peer": true, + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.2", + "entities": "^4.2.0" + }, + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/domelementtype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "peer": true + }, + "node_modules/domhandler": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", + "peer": true, + "dependencies": { + "domelementtype": "^2.3.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" + } + }, + "node_modules/dompurify": { + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz", + "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==" + }, + "node_modules/domutils": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "integrity": "sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==", + "peer": true, + "dependencies": { + "dom-serializer": "^2.0.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" + } + }, + "node_modules/ejs": { + "version": "3.1.10", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", + "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==", + "dependencies": { + "jake": "^10.8.5" + }, + "bin": { + "ejs": "bin/cli.js" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==" + }, + "node_modules/encoding-sniffer": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/encoding-sniffer/-/encoding-sniffer-0.2.0.tgz", + "integrity": "sha512-ju7Wq1kg04I3HtiYIOrUrdfdDvkyO9s5XM8QAj/bN61Yo/Vb4vgJxy5vi4Yxk01gWHbrofpPtpxM8bKger9jhg==", + "peer": true, + "dependencies": { + "iconv-lite": "^0.6.3", + "whatwg-encoding": "^3.1.1" + }, + "funding": { + "url": "https://github.com/fb55/encoding-sniffer?sponsor=1" + } + }, + "node_modules/entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "peer": true, + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/enzyme": { + "version": "3.11.0", + "resolved": "https://registry.npmjs.org/enzyme/-/enzyme-3.11.0.tgz", + "integrity": "sha512-Dw8/Gs4vRjxY6/6i9wU0V+utmQO9kvh9XLnz3LIudviOnVYDEe2ec+0k+NQoMamn1VrjKgCUOWj5jG/5M5M0Qw==", + "peer": true, + "dependencies": { + "array.prototype.flat": "^1.2.3", + "cheerio": "^1.0.0-rc.3", + "enzyme-shallow-equal": "^1.0.1", + "function.prototype.name": "^1.1.2", + "has": "^1.0.3", + "html-element-map": "^1.2.0", + "is-boolean-object": "^1.0.1", + "is-callable": "^1.1.5", + "is-number-object": "^1.0.4", + "is-regex": "^1.0.5", + "is-string": "^1.0.5", + "is-subset": "^0.1.1", + "lodash.escape": "^4.0.1", + "lodash.isequal": "^4.5.0", + "object-inspect": "^1.7.0", + "object-is": "^1.0.2", + "object.assign": "^4.1.0", + "object.entries": "^1.1.1", + "object.values": "^1.1.1", + "raf": "^3.4.1", + "rst-selector-parser": "^2.2.3", + "string.prototype.trim": "^1.2.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/enzyme-shallow-equal": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/enzyme-shallow-equal/-/enzyme-shallow-equal-1.0.7.tgz", + "integrity": "sha512-/um0GFqUXnpM9SvKtje+9Tjoz3f1fpBC3eXRFrNs8kpYn69JljciYP7KZTqM/YQbUY9KUjvKB4jo/q+L6WGGvg==", + "dependencies": { + "hasown": "^2.0.0", + "object-is": "^1.1.5" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/es-abstract": { + "version": "1.23.3", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.23.3.tgz", + "integrity": "sha512-e+HfNH61Bj1X9/jLc5v1owaLYuHdeHHSQlkhCBiTK8rBvKaULl/beGMxwrMXjpYrv4pz22BlY570vVePA2ho4A==", + "dependencies": { + "array-buffer-byte-length": "^1.0.1", + "arraybuffer.prototype.slice": "^1.0.3", + "available-typed-arrays": "^1.0.7", + "call-bind": "^1.0.7", + "data-view-buffer": "^1.0.1", + "data-view-byte-length": "^1.0.1", + "data-view-byte-offset": "^1.0.0", + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.0.0", + "es-set-tostringtag": "^2.0.3", + "es-to-primitive": "^1.2.1", + "function.prototype.name": "^1.1.6", + "get-intrinsic": "^1.2.4", + "get-symbol-description": "^1.0.2", + "globalthis": "^1.0.3", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.2", + "has-proto": "^1.0.3", + "has-symbols": "^1.0.3", + "hasown": "^2.0.2", + "internal-slot": "^1.0.7", + "is-array-buffer": "^3.0.4", + "is-callable": "^1.2.7", + "is-data-view": "^1.0.1", + "is-negative-zero": "^2.0.3", + "is-regex": "^1.1.4", + "is-shared-array-buffer": "^1.0.3", + "is-string": "^1.0.7", + "is-typed-array": "^1.1.13", + "is-weakref": "^1.0.2", + "object-inspect": "^1.13.1", + "object-keys": "^1.1.1", + "object.assign": "^4.1.5", + "regexp.prototype.flags": "^1.5.2", + "safe-array-concat": "^1.1.2", + "safe-regex-test": "^1.0.3", + "string.prototype.trim": "^1.2.9", + "string.prototype.trimend": "^1.0.8", + "string.prototype.trimstart": "^1.0.8", + "typed-array-buffer": "^1.0.2", + "typed-array-byte-length": "^1.0.1", + "typed-array-byte-offset": "^1.0.2", + "typed-array-length": "^1.0.6", + "unbox-primitive": "^1.0.2", + "which-typed-array": "^1.1.15" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/es-array-method-boxes-properly": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-array-method-boxes-properly/-/es-array-method-boxes-properly-1.0.0.tgz", + "integrity": "sha512-wd6JXUmyHmt8T5a2xreUwKcGPq6f1f+WwIJkijUqiGcJz1qqnZgP6XIK+QyIWU5lT7imeNxUll48bziG+TSYcA==", + "peer": true + }, + "node_modules/es-define-property": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==", + "dependencies": { + "get-intrinsic": "^1.2.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.0.0.tgz", + "integrity": "sha512-MZ4iQ6JwHOBQjahnjwaC1ZtIBH+2ohjamzAO3oaHcXYup7qxjF2fixyH+Q71voWHeOkI2q/TnJao/KfXYIZWbw==", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-set-tostringtag": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.0.3.tgz", + "integrity": "sha512-3T8uNMC3OQTHkFUsFq8r/BwAXLHvU/9O9mE0fBc/MY5iq/8H7ncvO947LmYA6ldWw9Uh8Yhf25zu6n7nML5QWQ==", + "dependencies": { + "get-intrinsic": "^1.2.4", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.1" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-shim-unscopables": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.2.tgz", + "integrity": "sha512-J3yBRXCzDu4ULnQwxyToo/OjdMx6akgVC7K6few0a7F/0wLtmKKN7I73AH5T2836UuXRqN7Qg+IIUw/+YJksRw==", + "peer": true, + "dependencies": { + "hasown": "^2.0.0" + } + }, + "node_modules/es-to-primitive": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", + "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dependencies": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/es6-promise": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-3.3.1.tgz", + "integrity": "sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==" + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/escodegen": { + "version": "1.14.3", + "resolved": "https://registry.npmjs.org/escodegen/-/escodegen-1.14.3.tgz", + "integrity": "sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw==", + "dependencies": { + "esprima": "^4.0.1", + "estraverse": "^4.2.0", + "esutils": "^2.0.2", + "optionator": "^0.8.1" + }, + "bin": { + "escodegen": "bin/escodegen.js", + "esgenerate": "bin/esgenerate.js" + }, + "engines": { + "node": ">=4.0" + }, + "optionalDependencies": { + "source-map": "~0.6.1" + } + }, + "node_modules/escodegen/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esprima": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-1.2.2.tgz", + "integrity": "sha512-+JpPZam9w5DuJ3Q67SqsMGtiHKENSMRVoxvArfJZK01/BfLEObtZ6orJa/MtoGNR/rfMgp5837T41PAmTwAv/A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/estraverse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/event-target-shim": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/event-target-shim/-/event-target-shim-5.0.1.tgz", + "integrity": "sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==", + "engines": { + "node": ">=6" + } + }, + "node_modules/eventemitter3": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.1.tgz", + "integrity": "sha512-GWkBvjiSZK87ELrYOSESUYeVIc9mvLLf/nXalMOS5dYrgZq9o5OVkbZAVM06CVxYsCwH9BDZFPlQTlPA1j4ahA==" + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" + }, + "node_modules/fast-glob": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" + }, + "node_modules/fast-safe-stringify": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz", + "integrity": "sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==" + }, + "node_modules/fastq": { + "version": "1.17.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/filelist": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", + "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", + "dependencies": { + "minimatch": "^5.0.1" + } + }, + "node_modules/filelist/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/filelist/node_modules/minimatch": { + "version": "5.1.6", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", + "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/follow-redirects": { + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/for-each": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", + "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==", + "dependencies": { + "is-callable": "^1.1.3" + } + }, + "node_modules/foreach": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.6.tgz", + "integrity": "sha512-k6GAGDyqLe9JaebCsFCoudPPWfihKu8pylYXRlqP1J7ms39iPoTtk2fviNglIeQEwdh0bQeKJ01ZPyuyQvKzwg==" + }, + "node_modules/form-data": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.1.tgz", + "integrity": "sha512-tzN8e4TX8+kkxGPK8D5u0FNmjPUjw3lwC9lSLxxoB/+GtsJG91CO8bSWy73APlgAZzZbXEYZJuxjkHH2w+Ezhw==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/function.prototype.name": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.6.tgz", + "integrity": "sha512-Z5kx79swU5P27WEayXM1tBi5Ze/lbIyiNgU3qyXUOf9b2rgXYyF9Dy9Cx+IQv/Lc8WCG6L82zwUPpSS9hGehIg==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.2.0", + "es-abstract": "^1.22.1", + "functions-have-names": "^1.2.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/functions-have-names": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", + "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-caller-file": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz", + "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==", + "engines": { + "node": "6.* || 8.* || >= 10.*" + } + }, + "node_modules/get-intrinsic": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-package-type": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", + "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/get-port-please": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/get-port-please/-/get-port-please-3.1.2.tgz", + "integrity": "sha512-Gxc29eLs1fbn6LQ4jSU4vXjlwyZhF5HsGuMAa7gqBP4Rw4yxxltyDUuF5MBclFzDTXO+ACchGQoeela4DSfzdQ==" + }, + "node_modules/get-symbol-description": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.2.tgz", + "integrity": "sha512-g0QYk1dZBxGwk+Ngc+ltRH2IBp2f7zBkBMBJZCDerh6EhlhSR6+9irMCuT/09zD6qkarHUSn529sK/yL4S27mg==", + "dependencies": { + "call-bind": "^1.0.5", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "deprecated": "Glob versions prior to v9 are no longer supported", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/globalthis": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/globalthis/-/globalthis-1.0.4.tgz", + "integrity": "sha512-DpLKbNU4WylpxJykQujfCcwYWiV/Jhm50Goo0wrVILAv5jOr9d+H+UR3PhSCD2rCCEIg0uc+G+muBTwD54JhDQ==", + "dependencies": { + "define-properties": "^1.2.1", + "gopd": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==" + }, + "node_modules/handlebars": { + "version": "4.7.8", + "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", + "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", + "dependencies": { + "minimist": "^1.2.5", + "neo-async": "^2.6.2", + "source-map": "^0.6.1", + "wordwrap": "^1.0.0" + }, + "bin": { + "handlebars": "bin/handlebars" + }, + "engines": { + "node": ">=0.4.7" + }, + "optionalDependencies": { + "uglify-js": "^3.1.4" + } + }, + "node_modules/has": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.4.tgz", + "integrity": "sha512-qdSAmqLF6209RFj4VVItywPMbm3vWylknmB3nvNiUIs72xAimcM8nVYxYr7ncvZq5qzk9MKIZR8ijqD/1QuYjQ==", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/has-bigints": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", + "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/has-property-descriptors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", + "dependencies": { + "es-define-property": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-proto": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/html-element-map": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/html-element-map/-/html-element-map-1.3.1.tgz", + "integrity": "sha512-6XMlxrAFX4UEEGxctfFnmrFaaZFNf9i5fNuV5wZ3WWQ4FVaNP1aX1LkX9j2mfEx1NpjeE/rL3nmgEn23GdFmrg==", + "peer": true, + "dependencies": { + "array.prototype.filter": "^1.0.0", + "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/htmlparser2": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-9.1.0.tgz", + "integrity": "sha512-5zfg6mHUoaer/97TxnGpxmbR7zJtPwIYFMZ/H5ucTlPZhKvtum05yiPK3Mgai3a0DyVxv7qYqoweaEd2nrYQzQ==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "peer": true, + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.1.0", + "entities": "^4.5.0" + } + }, + "node_modules/http2-client": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/http2-client/-/http2-client-1.3.5.tgz", + "integrity": "sha512-EC2utToWl4RKfs5zd36Mxq7nzHHBuomZboI0yYL6Y0RmBgT7Sgkq4rQ0ezFTYoIsSs7Tm9SJe+o2FcAg6GBhGA==" + }, + "node_modules/https-proxy-agent": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", + "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", + "dependencies": { + "agent-base": "^7.0.2", + "debug": "4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/hyperlinker": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/hyperlinker/-/hyperlinker-1.0.0.tgz", + "integrity": "sha512-Ty8UblRWFEcfSuIaajM34LdPXIhbs1ajEX/BBPv24J+enSVaEVY63xQ6lTO9VRYS5LAoghIG0IDJ+p+IPzKUQQ==", + "engines": { + "node": ">=4" + } + }, + "node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "peer": true, + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "node_modules/internal-slot": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.7.tgz", + "integrity": "sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g==", + "dependencies": { + "es-errors": "^1.3.0", + "hasown": "^2.0.0", + "side-channel": "^1.0.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/is-array-buffer": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.4.tgz", + "integrity": "sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw==", + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-bigint": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", + "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", + "dependencies": { + "has-bigints": "^1.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-boolean-object": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", + "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-callable": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-data-view": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-data-view/-/is-data-view-1.0.1.tgz", + "integrity": "sha512-AHkaJrsUVW6wq6JS8y3JnM/GJF/9cf+k20+iDzlSaJrinEo5+7vRiteOSwBhHRiAyQATN1AmY4hwzxJKPmYf+w==", + "dependencies": { + "is-typed-array": "^1.1.13" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-date-object": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", + "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-negative-zero": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.3.tgz", + "integrity": "sha512-5KoIu2Ngpyek75jXodFvnafB6DJgr3u8uuK0LEZJjrU19DrMD3EVERaR8sjz8CCGgpZvxPl9SuE1GMVPFHx1mw==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-number-object": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz", + "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-regex": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", + "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-shared-array-buffer": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.3.tgz", + "integrity": "sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg==", + "dependencies": { + "call-bind": "^1.0.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-string": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", + "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-subset": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/is-subset/-/is-subset-0.1.1.tgz", + "integrity": "sha512-6Ybun0IkarhmEqxXCNw/C0bna6Zb/TkfUX9UbwJtK6ObwAVCxmAP308WWTHviM/zAqXk05cdhYsUsZeGQh99iw==", + "peer": true + }, + "node_modules/is-symbol": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "dependencies": { + "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-typed-array": { + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.13.tgz", + "integrity": "sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==", + "dependencies": { + "which-typed-array": "^1.1.14" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-weakref": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", + "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", + "dependencies": { + "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "dependencies": { + "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/isarray": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", + "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==" + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" + }, + "node_modules/jake": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.2.tgz", + "integrity": "sha512-2P4SQ0HrLQ+fw6llpLnOaGAvN2Zu6778SJMrCUwns4fOoG9ayrTiZk3VV8sCPkVZF8ab0zksVpS8FDY5pRCNBA==", + "dependencies": { + "async": "^3.2.3", + "chalk": "^4.0.2", + "filelist": "^1.0.4", + "minimatch": "^3.1.2" + }, + "bin": { + "jake": "bin/cli.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/js-levenshtein": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/js-levenshtein/-/js-levenshtein-1.1.6.tgz", + "integrity": "sha512-X2BB11YZtrRqY4EnQcLX5Rh373zbK4alC1FW7D7MBhL2gtcC17cTnr6DmfHZeS0s2rTHjUTMMHfG7gO8SSdw+g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/json-pointer": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/json-pointer/-/json-pointer-0.6.2.tgz", + "integrity": "sha512-vLWcKbOaXlO+jvRy4qNd+TI1QUPZzfJj1tpJ3vAXDych5XJf93ftpUKe5pKCrzyIIwgBJcOcCVRUfqQP25afBw==", + "dependencies": { + "foreach": "^2.0.4" + } + }, + "node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==" + }, + "node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/jsonpath": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/jsonpath/-/jsonpath-1.1.1.tgz", + "integrity": "sha512-l6Cg7jRpixfbgoWgkrl77dgEj8RPvND0wMH6TwQmi9Qs4TFfS9u5cUFnbeKTwj5ga5Y3BTGGNI28k117LJ009w==", + "dependencies": { + "esprima": "1.2.2", + "static-eval": "2.0.2", + "underscore": "1.12.1" + } + }, + "node_modules/levn": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz", + "integrity": "sha512-0OO4y2iOHix2W6ujICbKIaEQXvFQHue65vUG3pb5EUomzPI90z9hsA1VsO/dbIIpC53J8gxM9Q4Oho0jrCM/yA==", + "dependencies": { + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + }, + "node_modules/lodash.escape": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.escape/-/lodash.escape-4.0.1.tgz", + "integrity": "sha512-nXEOnb/jK9g0DYMr1/Xvq6l5xMD7GDG55+GSYIYmS0G4tBk/hURD4JR9WCavs04t33WmJx9kCyp9vJ+mr4BOUw==", + "peer": true + }, + "node_modules/lodash.flattendeep": { + "version": "4.4.0", + "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz", + "integrity": "sha512-uHaJFihxmJcEX3kT4I23ABqKKalJ/zDrDg0lsFtc1h+3uw49SIJ5beyhx5ExVRti3AvKoOJngIj7xz3oylPdWQ==", + "peer": true + }, + "node_modules/lodash.isequal": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz", + "integrity": "sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==" + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/lunr": { + "version": "2.3.9", + "resolved": "https://registry.npmjs.org/lunr/-/lunr-2.3.9.tgz", + "integrity": "sha512-zTU3DaZaF3Rt9rhN3uBMGQD3dD2/vFQqnvZCDv4dl5iOzq2IZQqTxu90r4E5J+nP70J3ilqVCrbho2eWaeW8Ow==" + }, + "node_modules/make-error": { + "version": "1.3.6", + "resolved": "https://registry.npmjs.org/make-error/-/make-error-1.3.6.tgz", + "integrity": "sha512-s8UhlNe7vPKomQhC1qFelMokr/Sc3AgNbso3n74mVPA5LTZwkB9NlXf4XPamLxJE8h0gh73rM94xvwRT2CVInw==" + }, + "node_modules/mark.js": { + "version": "8.11.1", + "resolved": "https://registry.npmjs.org/mark.js/-/mark.js-8.11.1.tgz", + "integrity": "sha512-1I+1qpDt4idfgLQG+BNWmrqku+7/2bi5nLf4YwF8y8zXvmfiTBY3PV3ZibfrjBueCByROpuBjLLFCajqkgYoLQ==" + }, + "node_modules/marked": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/marked/-/marked-4.3.0.tgz", + "integrity": "sha512-PRsaiG84bK+AMvxziE/lCFss8juXjNaWzVbN5tXAm4XjeaS9NAHhop+PjQxz2A9h8Q4M/xGmzP8vqNwy6JeK0A==", + "bin": { + "marked": "bin/marked.js" + }, + "engines": { + "node": ">= 12" + } + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/mergician": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/mergician/-/mergician-1.1.0.tgz", + "integrity": "sha512-FXbxzU6BBhGkV8XtUr8Sk015ZRaAALviit8Lle6OEgd1udX8wlu6tBeUMLGQGdz1MfHpAVNNQkXowyDnJuhXpA==", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/mobx": { + "version": "6.13.5", + "resolved": "https://registry.npmjs.org/mobx/-/mobx-6.13.5.tgz", + "integrity": "sha512-/HTWzW2s8J1Gqt+WmUj5Y0mddZk+LInejADc79NJadrWla3rHzmRHki/mnEUH1AvOmbNTZ1BRbKxr8DSgfdjMA==", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/mobx" + } + }, + "node_modules/mobx-react": { + "version": "9.1.1", + "resolved": "https://registry.npmjs.org/mobx-react/-/mobx-react-9.1.1.tgz", + "integrity": "sha512-gVV7AdSrAAxqXOJ2bAbGa5TkPqvITSzaPiiEkzpW4rRsMhSec7C2NBCJYILADHKp2tzOAIETGRsIY0UaCV5aEw==", + "dependencies": { + "mobx-react-lite": "^4.0.7" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/mobx" + }, + "peerDependencies": { + "mobx": "^6.9.0", + "react": "^16.8.0 || ^17 || ^18" + }, + "peerDependenciesMeta": { + "react-dom": { + "optional": true + }, + "react-native": { + "optional": true + } + } + }, + "node_modules/mobx-react-lite": { + "version": "4.0.7", + "resolved": "https://registry.npmjs.org/mobx-react-lite/-/mobx-react-lite-4.0.7.tgz", + "integrity": "sha512-RjwdseshK9Mg8On5tyJZHtGD+J78ZnCnRaxeQDSiciKVQDUbfZcXhmld0VMxAwvcTnPEHZySGGewm467Fcpreg==", + "dependencies": { + "use-sync-external-store": "^1.2.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/mobx" + }, + "peerDependencies": { + "mobx": "^6.9.0", + "react": "^16.8.0 || ^17 || ^18" + }, + "peerDependenciesMeta": { + "react-dom": { + "optional": true + }, + "react-native": { + "optional": true + } + } + }, + "node_modules/moo": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.2.tgz", + "integrity": "sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q==", + "peer": true + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, + "node_modules/nanoid": { + "version": "3.3.7", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/natural-orderby": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/natural-orderby/-/natural-orderby-2.0.3.tgz", + "integrity": "sha512-p7KTHxU0CUrcOXe62Zfrb5Z13nLvPhSWR/so3kFulUQU0sgUll2Z0LwpsLN351eOOD+hRGu/F1g+6xDfPeD++Q==", + "engines": { + "node": "*" + } + }, + "node_modules/nearley": { + "version": "2.20.1", + "resolved": "https://registry.npmjs.org/nearley/-/nearley-2.20.1.tgz", + "integrity": "sha512-+Mc8UaAebFzgV+KpI5n7DasuuQCHA89dmwm7JXw3TV43ukfNQ9DnBH3Mdb2g/I4Fdxc26pwimBWvjIw0UAILSQ==", + "peer": true, + "dependencies": { + "commander": "^2.19.0", + "moo": "^0.5.0", + "railroad-diagrams": "^1.0.0", + "randexp": "0.4.6" + }, + "bin": { + "nearley-railroad": "bin/nearley-railroad.js", + "nearley-test": "bin/nearley-test.js", + "nearley-unparse": "bin/nearley-unparse.js", + "nearleyc": "bin/nearleyc.js" + }, + "funding": { + "type": "individual", + "url": "https://nearley.js.org/#give-to-nearley" + } + }, + "node_modules/neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==" + }, + "node_modules/node-fetch": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", + "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", + "dependencies": { + "whatwg-url": "^5.0.0" + }, + "engines": { + "node": "4.x || >=6.0.0" + }, + "peerDependencies": { + "encoding": "^0.1.0" + }, + "peerDependenciesMeta": { + "encoding": { + "optional": true + } + } + }, + "node_modules/node-fetch-h2": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/node-fetch-h2/-/node-fetch-h2-2.3.0.tgz", + "integrity": "sha512-ofRW94Ab0T4AOh5Fk8t0h8OBWrmjb0SSB20xh1H8YnPV9EJ+f5AMoYSUQ2zgJ4Iq2HAK0I2l5/Nequ8YzFS3Hg==", + "dependencies": { + "http2-client": "^1.2.5" + }, + "engines": { + "node": "4.x || >=6.0.0" + } + }, + "node_modules/node-readfiles": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/node-readfiles/-/node-readfiles-0.2.0.tgz", + "integrity": "sha512-SU00ZarexNlE4Rjdm83vglt5Y9yiQ+XI1XpflWlb7q7UTN1JUItm69xMeiQCTxtTfnzt+83T8Cx+vI2ED++VDA==", + "dependencies": { + "es6-promise": "^3.2.1" + } + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/nth-check": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", + "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", + "peer": true, + "dependencies": { + "boolbase": "^1.0.0" + }, + "funding": { + "url": "https://github.com/fb55/nth-check?sponsor=1" + } + }, + "node_modules/oas-kit-common": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/oas-kit-common/-/oas-kit-common-1.0.8.tgz", + "integrity": "sha512-pJTS2+T0oGIwgjGpw7sIRU8RQMcUoKCDWFLdBqKB2BNmGpbBMH2sdqAaOXUg8OzonZHU0L7vfJu1mJFEiYDWOQ==", + "dependencies": { + "fast-safe-stringify": "^2.0.7" + } + }, + "node_modules/oas-linter": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/oas-linter/-/oas-linter-3.2.2.tgz", + "integrity": "sha512-KEGjPDVoU5K6swgo9hJVA/qYGlwfbFx+Kg2QB/kd7rzV5N8N5Mg6PlsoCMohVnQmo+pzJap/F610qTodKzecGQ==", + "dependencies": { + "@exodus/schemasafe": "^1.0.0-rc.2", + "should": "^13.2.1", + "yaml": "^1.10.0" + }, + "funding": { + "url": "https://github.com/Mermade/oas-kit?sponsor=1" + } + }, + "node_modules/oas-resolver": { + "version": "2.5.6", + "resolved": "https://registry.npmjs.org/oas-resolver/-/oas-resolver-2.5.6.tgz", + "integrity": "sha512-Yx5PWQNZomfEhPPOphFbZKi9W93CocQj18NlD2Pa4GWZzdZpSJvYwoiuurRI7m3SpcChrnO08hkuQDL3FGsVFQ==", + "dependencies": { + "node-fetch-h2": "^2.3.0", + "oas-kit-common": "^1.0.8", + "reftools": "^1.1.9", + "yaml": "^1.10.0", + "yargs": "^17.0.1" + }, + "bin": { + "resolve": "resolve.js" + }, + "funding": { + "url": "https://github.com/Mermade/oas-kit?sponsor=1" + } + }, + "node_modules/oas-schema-walker": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/oas-schema-walker/-/oas-schema-walker-1.1.5.tgz", + "integrity": "sha512-2yucenq1a9YPmeNExoUa9Qwrt9RFkjqaMAA1X+U7sbb0AqBeTIdMHky9SQQ6iN94bO5NW0W4TRYXerG+BdAvAQ==", + "funding": { + "url": "https://github.com/Mermade/oas-kit?sponsor=1" + } + }, + "node_modules/oas-schemas": { + "version": "2.0.0", + "resolved": "git+https://git@github.com/OAI/OpenAPI-Specification.git#0f9d3ec7c033fef184ec54e1ffc201b2d61ce023", + "integrity": "sha512-B0izsjJFhgA/KCQExAt7cfLyw42KD+r3NE7hKbkmGSqoe3gb57eMUXTlN4MwEicFR86Gno+h3OSnRcHfUlVubQ==" + }, + "node_modules/oas-validator": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/oas-validator/-/oas-validator-5.0.8.tgz", + "integrity": "sha512-cu20/HE5N5HKqVygs3dt94eYJfBi0TsZvPVXDhbXQHiEityDN+RROTleefoKRKKJ9dFAF2JBkDHgvWj0sjKGmw==", + "dependencies": { + "call-me-maybe": "^1.0.1", + "oas-kit-common": "^1.0.8", + "oas-linter": "^3.2.2", + "oas-resolver": "^2.5.6", + "oas-schema-walker": "^1.1.5", + "reftools": "^1.1.9", + "should": "^13.2.1", + "yaml": "^1.10.0" + }, + "funding": { + "url": "https://github.com/Mermade/oas-kit?sponsor=1" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz", + "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-is": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.6.tgz", + "integrity": "sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q==", + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object-treeify": { + "version": "1.1.33", + "resolved": "https://registry.npmjs.org/object-treeify/-/object-treeify-1.1.33.tgz", + "integrity": "sha512-EFVjAYfzWqWsBMRHPMAXLCDIJnpMhdWAqR7xG6M6a2cs6PMFpl/+Z20w9zDW4vkxOFfddegBKq9Rehd0bxWE7A==", + "engines": { + "node": ">= 10" + } + }, + "node_modules/object.assign": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz", + "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==", + "dependencies": { + "call-bind": "^1.0.5", + "define-properties": "^1.2.1", + "has-symbols": "^1.0.3", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object.entries": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.8.tgz", + "integrity": "sha512-cmopxi8VwRIAw/fkijJohSfpef5PdN0pMQJN6VC/ZKvn0LIknWD8KtgY6KlQdEc4tIjcQ3HxSMmnvtzIscdaYQ==", + "peer": true, + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object.values": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.2.0.tgz", + "integrity": "sha512-yBYjY9QX2hnRmZHAjG/f13MzmBzxzYgQhFrke06TTyKY5zSTEqkOeukBzIdVA3j3ulu8Qa3MbVFShV7T2RmGtQ==", + "peer": true, + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/openapi-sampler": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/openapi-sampler/-/openapi-sampler-1.5.1.tgz", + "integrity": "sha512-tIWIrZUKNAsbqf3bd9U1oH6JEXo8LNYuDlXw26By67EygpjT+ArFnsxxyTMjFWRfbqo5ozkvgSQDK69Gd8CddA==", + "dependencies": { + "@types/json-schema": "^7.0.7", + "json-pointer": "0.6.2" + } + }, + "node_modules/optionator": { + "version": "0.8.3", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.3.tgz", + "integrity": "sha512-+IW9pACdk3XWmmTXG8m3upGUJst5XRGzxMRjXzAuJ1XnIFNvfhjjIuYkDvysnPQ7qzqVzLt78BCruntqRhWQbA==", + "dependencies": { + "deep-is": "~0.1.3", + "fast-levenshtein": "~2.0.6", + "levn": "~0.3.0", + "prelude-ls": "~1.1.2", + "type-check": "~0.3.2", + "word-wrap": "~1.2.3" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/parse5": { + "version": "7.2.1", + "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.2.1.tgz", + "integrity": "sha512-BuBYQYlv1ckiPdQi/ohiivi9Sagc9JG+Ozs0r7b/0iK3sKmrb0b9FdWdBbOdx6hBCM/F9Ir82ofnBhtZOjCRPQ==", + "peer": true, + "dependencies": { + "entities": "^4.5.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5-htmlparser2-tree-adapter": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz", + "integrity": "sha512-ruw5xyKs6lrpo9x9rCZqZZnIUntICjQAd0Wsmp396Ul9lN/h+ifgVV1x1gZHi8euej6wTfpqX8j+BFQxF0NS/g==", + "peer": true, + "dependencies": { + "domhandler": "^5.0.3", + "parse5": "^7.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5-parser-stream": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/parse5-parser-stream/-/parse5-parser-stream-7.1.2.tgz", + "integrity": "sha512-JyeQc9iwFLn5TbvvqACIF/VXG6abODeB3Fwmv/TGdLk2LfbWkaySGY72at4+Ty7EkPZj854u4CrICqNk2qIbow==", + "peer": true, + "dependencies": { + "parse5": "^7.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/password-prompt": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/password-prompt/-/password-prompt-1.1.3.tgz", + "integrity": "sha512-HkrjG2aJlvF0t2BMH0e2LB/EHf3Lcq3fNMzy4GYHcQblAvOl+QQji1Lx7WRBMqpVK8p+KR7bCg7oqAMXtdgqyw==", + "dependencies": { + "ansi-escapes": "^4.3.2", + "cross-spawn": "^7.0.3" + } + }, + "node_modules/path-browserify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-browserify/-/path-browserify-1.0.1.tgz", + "integrity": "sha512-b7uo2UCUOYZcnF/3ID0lulOJi/bafxa1xPe7ZPsammBSpjSWQkjNxlt635YGS2MiR9GjvuXCtz2emr3jbsz98g==" + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/perfect-scrollbar": { + "version": "1.5.6", + "resolved": "https://registry.npmjs.org/perfect-scrollbar/-/perfect-scrollbar-1.5.6.tgz", + "integrity": "sha512-rixgxw3SxyJbCaSpo1n35A/fwI1r2rdwMKOTCg/AcG+xOEyZcE8UHVjpZMFCVImzsFoCZeJTT+M/rdEIQYO2nw==" + }, + "node_modules/performance-now": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz", + "integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow==", + "peer": true + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pluralize": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-8.0.0.tgz", + "integrity": "sha512-Nc3IT5yHzflTfbjgqWcCPpo7DaKy4FnpB0l/zCAW0Tc7jxAiuqSxHasntB3D7887LSrA93kDJ9IXovxJYxyLCA==", + "engines": { + "node": ">=4" + } + }, + "node_modules/polished": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/polished/-/polished-4.3.1.tgz", + "integrity": "sha512-OBatVyC/N7SCW/FaDHrSd+vn0o5cS855TOmYi4OkdWUMSJCET/xip//ch8xGUvtr3i44X9LVyWwQlRMTN3pwSA==", + "dependencies": { + "@babel/runtime": "^7.17.8" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/possible-typed-array-names": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz", + "integrity": "sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/postcss": { + "version": "8.4.38", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", + "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "dependencies": { + "nanoid": "^3.3.7", + "picocolors": "^1.0.0", + "source-map-js": "^1.2.0" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss-value-parser": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==" + }, + "node_modules/prelude-ls": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz", + "integrity": "sha512-ESF23V4SKG6lVSGZgYNpbsiaAkdab6ZgOxe52p7+Kid3W3u3bxR4Vfd/o21dmN7jSt0IwgZ4v5MUd26FEtXE9w==", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/prismjs": { + "version": "1.29.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz", + "integrity": "sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==", + "engines": { + "node": ">=6" + } + }, + "node_modules/prop-types": { + "version": "15.8.1", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + }, + "node_modules/prop-types/node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/raf": { + "version": "3.4.1", + "resolved": "https://registry.npmjs.org/raf/-/raf-3.4.1.tgz", + "integrity": "sha512-Sq4CW4QhwOHE8ucn6J34MqtZCeWFP2aQSmrlroYgqAV1PjStIhJXxYuTgUIfkEk7zTLjmIjLmU5q+fbD1NnOJA==", + "peer": true, + "dependencies": { + "performance-now": "^2.1.0" + } + }, + "node_modules/railroad-diagrams": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/railroad-diagrams/-/railroad-diagrams-1.0.0.tgz", + "integrity": "sha512-cz93DjNeLY0idrCNOH6PviZGRN9GJhsdm9hpn1YCS879fj4W+x5IFJhhkRZcwVgMmFF7R82UA/7Oh+R8lLZg6A==", + "peer": true + }, + "node_modules/randexp": { + "version": "0.4.6", + "resolved": "https://registry.npmjs.org/randexp/-/randexp-0.4.6.tgz", + "integrity": "sha512-80WNmd9DA0tmZrw9qQa62GPPWfuXJknrmVmLcxvq4uZBdYqb1wYoKTmnlGUchvVWe0XiLupYkBoXVOxz3C8DYQ==", + "peer": true, + "dependencies": { + "discontinuous-range": "1.0.0", + "ret": "~0.1.10" + }, + "engines": { + "node": ">=0.12" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/react": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", + "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", + "dependencies": { + "loose-envify": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", + "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.2" + }, + "peerDependencies": { + "react": "^18.3.1" + } + }, + "node_modules/react-is": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", + "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==" + }, + "node_modules/react-shallow-renderer": { + "version": "16.15.0", + "resolved": "https://registry.npmjs.org/react-shallow-renderer/-/react-shallow-renderer-16.15.0.tgz", + "integrity": "sha512-oScf2FqQ9LFVQgA73vr86xl2NaOIX73rh+YFqcOp68CWj56tSfgtGKrEbyhCj0rSijyG9M1CYprTh39fBi5hzA==", + "dependencies": { + "object-assign": "^4.1.1", + "react-is": "^16.12.0 || ^17.0.0 || ^18.0.0" + }, + "peerDependencies": { + "react": "^16.0.0 || ^17.0.0 || ^18.0.0" + } + }, + "node_modules/react-tabs": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/react-tabs/-/react-tabs-6.0.2.tgz", + "integrity": "sha512-aQXTKolnM28k3KguGDBSAbJvcowOQr23A+CUJdzJtOSDOtTwzEaJA+1U4KwhNL9+Obe+jFS7geuvA7ICQPXOnQ==", + "dependencies": { + "clsx": "^2.0.0", + "prop-types": "^15.5.0" + }, + "peerDependencies": { + "react": "^18.0.0" + } + }, + "node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/redeyed": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/redeyed/-/redeyed-2.1.1.tgz", + "integrity": "sha512-FNpGGo1DycYAdnrKFxCMmKYgo/mILAqtRYbkdQD8Ep/Hk2PQ5+aEAEx+IU713RTDmuBaH0c8P5ZozurNu5ObRQ==", + "dependencies": { + "esprima": "~4.0.0" + } + }, + "node_modules/redeyed/node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/redoc": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/redoc/-/redoc-2.2.0.tgz", + "integrity": "sha512-52rz/xJtpUBc3Y/GAkaX03czKhQXTxoU7WnkXNzRLuGwiGb/iEO4OgwcgQqtwHWrYNaZXTyqZ4MAVXpi/e1gAg==", + "dependencies": { + "@cfaester/enzyme-adapter-react-18": "^0.8.0", + "@redocly/openapi-core": "^1.4.0", + "classnames": "^2.3.2", + "decko": "^1.2.0", + "dompurify": "^3.0.6", + "eventemitter3": "^5.0.1", + "json-pointer": "^0.6.2", + "lunr": "^2.3.9", + "mark.js": "^8.11.1", + "marked": "^4.3.0", + "mobx-react": "^9.1.1", + "openapi-sampler": "^1.5.0", + "path-browserify": "^1.0.1", + "perfect-scrollbar": "^1.5.5", + "polished": "^4.2.2", + "prismjs": "^1.29.0", + "prop-types": "^15.8.1", + "react-tabs": "^6.0.2", + "slugify": "~1.4.7", + "stickyfill": "^1.1.1", + "swagger2openapi": "^7.0.8", + "url-template": "^2.0.8" + }, + "engines": { + "node": ">=6.9", + "npm": ">=3.0.0" + }, + "peerDependencies": { + "core-js": "^3.1.4", + "mobx": "^6.0.4", + "react": "^16.8.4 || ^17.0.0 || ^18.0.0", + "react-dom": "^16.8.4 || ^17.0.0 || ^18.0.0", + "styled-components": "^4.1.1 || ^5.1.1 || ^6.0.5" + } + }, + "node_modules/reftools": { + "version": "1.1.9", + "resolved": "https://registry.npmjs.org/reftools/-/reftools-1.1.9.tgz", + "integrity": "sha512-OVede/NQE13xBQ+ob5CKd5KyeJYU2YInb1bmV4nRoOfquZPkAkxuOXicSe1PvqIuZZ4kD13sPKBbR7UFDmli6w==", + "funding": { + "url": "https://github.com/Mermade/oas-kit?sponsor=1" + } + }, + "node_modules/regenerator-runtime": { + "version": "0.14.1", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz", + "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==" + }, + "node_modules/regexp.prototype.flags": { + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.3.tgz", + "integrity": "sha512-vqlC04+RQoFalODCbCumG2xIOvapzVMHwsyIGM/SIE8fRhFFsXeH8/QQ+s0T0kDAhKc4k30s73/0ydkHQz6HlQ==", + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-errors": "^1.3.0", + "set-function-name": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/require-directory": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz", + "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/ret": { + "version": "0.1.15", + "resolved": "https://registry.npmjs.org/ret/-/ret-0.1.15.tgz", + "integrity": "sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg==", + "peer": true, + "engines": { + "node": ">=0.12" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rst-selector-parser": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/rst-selector-parser/-/rst-selector-parser-2.2.3.tgz", + "integrity": "sha512-nDG1rZeP6oFTLN6yNDV/uiAvs1+FS/KlrEwh7+y7dpuApDBy6bI2HTBcc0/V8lv9OTqfyD34eF7au2pm8aBbhA==", + "peer": true, + "dependencies": { + "lodash.flattendeep": "^4.4.0", + "nearley": "^2.7.10" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/safe-array-concat": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.2.tgz", + "integrity": "sha512-vj6RsCsWBCf19jIeHEfkRMw8DPiBb+DMXklQ/1SGDHOMlHdPUkZXFQ2YdplS23zESTijAcurb1aSgJA3AgMu1Q==", + "dependencies": { + "call-bind": "^1.0.7", + "get-intrinsic": "^1.2.4", + "has-symbols": "^1.0.3", + "isarray": "^2.0.5" + }, + "engines": { + "node": ">=0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/safe-regex-test": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.3.tgz", + "integrity": "sha512-CdASjNJPvRa7roO6Ra/gLYBTzYzzPyyBXxIMdGW3USQLyjWEls2RgW5UBTXaQVp+OrpeCK3bLem8smtmheoRuw==", + "dependencies": { + "call-bind": "^1.0.6", + "es-errors": "^1.3.0", + "is-regex": "^1.1.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "peer": true + }, + "node_modules/scheduler": { + "version": "0.23.2", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz", + "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==", + "dependencies": { + "loose-envify": "^1.1.0" + } + }, + "node_modules/semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/set-function-length": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", + "dependencies": { + "define-data-property": "^1.1.4", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/set-function-name": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.2.tgz", + "integrity": "sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==", + "dependencies": { + "define-data-property": "^1.1.4", + "es-errors": "^1.3.0", + "functions-have-names": "^1.2.3", + "has-property-descriptors": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/shallowequal": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/shallowequal/-/shallowequal-1.1.0.tgz", + "integrity": "sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ==" + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "engines": { + "node": ">=8" + } + }, + "node_modules/should": { + "version": "13.2.3", + "resolved": "https://registry.npmjs.org/should/-/should-13.2.3.tgz", + "integrity": "sha512-ggLesLtu2xp+ZxI+ysJTmNjh2U0TsC+rQ/pfED9bUZZ4DKefP27D+7YJVVTvKsmjLpIi9jAa7itwDGkDDmt1GQ==", + "dependencies": { + "should-equal": "^2.0.0", + "should-format": "^3.0.3", + "should-type": "^1.4.0", + "should-type-adaptors": "^1.0.1", + "should-util": "^1.0.0" + } + }, + "node_modules/should-equal": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/should-equal/-/should-equal-2.0.0.tgz", + "integrity": "sha512-ZP36TMrK9euEuWQYBig9W55WPC7uo37qzAEmbjHz4gfyuXrEUgF8cUvQVO+w+d3OMfPvSRQJ22lSm8MQJ43LTA==", + "dependencies": { + "should-type": "^1.4.0" + } + }, + "node_modules/should-format": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/should-format/-/should-format-3.0.3.tgz", + "integrity": "sha512-hZ58adtulAk0gKtua7QxevgUaXTTXxIi8t41L3zo9AHvjXO1/7sdLECuHeIN2SRtYXpNkmhoUP2pdeWgricQ+Q==", + "dependencies": { + "should-type": "^1.3.0", + "should-type-adaptors": "^1.0.1" + } + }, + "node_modules/should-type": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/should-type/-/should-type-1.4.0.tgz", + "integrity": "sha512-MdAsTu3n25yDbIe1NeN69G4n6mUnJGtSJHygX3+oN0ZbO3DTiATnf7XnYJdGT42JCXurTb1JI0qOBR65shvhPQ==" + }, + "node_modules/should-type-adaptors": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/should-type-adaptors/-/should-type-adaptors-1.1.0.tgz", + "integrity": "sha512-JA4hdoLnN+kebEp2Vs8eBe9g7uy0zbRo+RMcU0EsNy+R+k049Ki+N5tT5Jagst2g7EAja+euFuoXFCa8vIklfA==", + "dependencies": { + "should-type": "^1.3.0", + "should-util": "^1.0.0" + } + }, + "node_modules/should-util": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/should-util/-/should-util-1.0.1.tgz", + "integrity": "sha512-oXF8tfxx5cDk8r2kYqlkUJzZpDBqVY/II2WhvU0n9Y3XYvAYRmeaf1PvvIvTgPnv4KJ+ES5M0PyDq5Jp+Ygy2g==" + }, + "node_modules/side-channel": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", + "dependencies": { + "call-bind": "^1.0.7", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.4", + "object-inspect": "^1.13.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/simple-websocket": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/simple-websocket/-/simple-websocket-9.1.0.tgz", + "integrity": "sha512-8MJPnjRN6A8UCp1I+H/dSFyjwJhp6wta4hsVRhjf8w9qBHRzxYt14RaOcjvQnhD1N4yKOddEjflwMnQM4VtXjQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "debug": "^4.3.1", + "queue-microtask": "^1.2.2", + "randombytes": "^2.1.0", + "readable-stream": "^3.6.0", + "ws": "^7.4.2" + } + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==" + }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/slice-ansi": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-4.0.0.tgz", + "integrity": "sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ==", + "dependencies": { + "ansi-styles": "^4.0.0", + "astral-regex": "^2.0.0", + "is-fullwidth-code-point": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/slice-ansi?sponsor=1" + } + }, + "node_modules/slugify": { + "version": "1.4.7", + "resolved": "https://registry.npmjs.org/slugify/-/slugify-1.4.7.tgz", + "integrity": "sha512-tf+h5W1IrjNm/9rKKj0JU2MDMruiopx0jjVA5zCdBtcGjfp0+c5rHw/zADLC3IeKlGHtVbHtpfzvYA0OYT+HKg==", + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==" + }, + "node_modules/static-eval": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/static-eval/-/static-eval-2.0.2.tgz", + "integrity": "sha512-N/D219Hcr2bPjLxPiV+TQE++Tsmrady7TqAJugLy7Xk1EumfDWS/f5dtBbkRCGE7wKKXuYockQoj8Rm2/pVKyg==", + "dependencies": { + "escodegen": "^1.8.1" + } + }, + "node_modules/stickyfill": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/stickyfill/-/stickyfill-1.1.1.tgz", + "integrity": "sha512-GCp7vHAfpao+Qh/3Flh9DXEJ/qSi0KJwJw6zYlZOtRYXWUIpMM6mC2rIep/dK8RQqwW0KxGJIllmjPIBOGN8AA==" + }, + "node_modules/string_decoder": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "dependencies": { + "safe-buffer": "~5.2.0" + } + }, + "node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/string.prototype.trim": { + "version": "1.2.9", + "resolved": "https://registry.npmjs.org/string.prototype.trim/-/string.prototype.trim-1.2.9.tgz", + "integrity": "sha512-klHuCNxiMZ8MlsOihJhJEBJAiMVqU3Z2nEXWfWnIqjN0gEFS9J9+IxKozWWtQGcgoa1WUZzLjKPTr4ZHNFTFxw==", + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-abstract": "^1.23.0", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/string.prototype.trimend": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.8.tgz", + "integrity": "sha512-p73uL5VCHCO2BZZ6krwwQE3kCzM7NKmis8S//xEC6fQonchbum4eP6kR4DLEjQFO3Wnj3Fuo8NM0kOSjVdHjZQ==", + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-object-atoms": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/string.prototype.trimstart": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.8.tgz", + "integrity": "sha512-UXSH262CSZY1tfu3G3Secr6uGLCFVPMhIqHjlgCUtCCcgihYc/xKs9djMTMUOb2j1mVSeU8EU6NWc/iQKU6Gfg==", + "dependencies": { + "call-bind": "^1.0.7", + "define-properties": "^1.2.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/styled-components": { + "version": "6.1.13", + "resolved": "https://registry.npmjs.org/styled-components/-/styled-components-6.1.13.tgz", + "integrity": "sha512-M0+N2xSnAtwcVAQeFEsGWFFxXDftHUD7XrKla06QbpUMmbmtFBMMTcKWvFXtWxuD5qQkB8iU5gk6QASlx2ZRMw==", + "dependencies": { + "@emotion/is-prop-valid": "1.2.2", + "@emotion/unitless": "0.8.1", + "@types/stylis": "4.2.5", + "css-to-react-native": "3.2.0", + "csstype": "3.1.3", + "postcss": "8.4.38", + "shallowequal": "1.1.0", + "stylis": "4.3.2", + "tslib": "2.6.2" + }, + "engines": { + "node": ">= 16" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/styled-components" + }, + "peerDependencies": { + "react": ">= 16.8.0", + "react-dom": ">= 16.8.0" + } + }, + "node_modules/styled-components/node_modules/tslib": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz", + "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==" + }, + "node_modules/stylis": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.3.2.tgz", + "integrity": "sha512-bhtUjWd/z6ltJiQwg0dUfxEJ+W+jdqQd8TbWLWyeIJHlnsqmGLRFFd8e5mA0AZi/zx90smXRlN66YMTcaSFifg==" + }, + "node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/supports-hyperlinks": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/supports-hyperlinks/-/supports-hyperlinks-2.3.0.tgz", + "integrity": "sha512-RpsAZlpWcDwOPQA22aCH4J0t7L8JmAvsCxfOSEwm7cQs3LshN36QaTkwd70DnBOXDWGssw2eUoc8CaRWT0XunA==", + "dependencies": { + "has-flag": "^4.0.0", + "supports-color": "^7.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-hyperlinks/node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/swagger2openapi": { + "version": "7.0.8", + "resolved": "https://registry.npmjs.org/swagger2openapi/-/swagger2openapi-7.0.8.tgz", + "integrity": "sha512-upi/0ZGkYgEcLeGieoz8gT74oWHA0E7JivX7aN9mAf+Tc7BQoRBvnIGHoPDw+f9TXTW4s6kGYCZJtauP6OYp7g==", + "dependencies": { + "call-me-maybe": "^1.0.1", + "node-fetch": "^2.6.1", + "node-fetch-h2": "^2.3.0", + "node-readfiles": "^0.2.0", + "oas-kit-common": "^1.0.8", + "oas-resolver": "^2.5.6", + "oas-schema-walker": "^1.1.5", + "oas-validator": "^5.0.8", + "reftools": "^1.1.9", + "yaml": "^1.10.0", + "yargs": "^17.0.1" + }, + "bin": { + "boast": "boast.js", + "oas-validate": "oas-validate.js", + "swagger2openapi": "swagger2openapi.js" + }, + "funding": { + "url": "https://github.com/Mermade/oas-kit?sponsor=1" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/tr46": { + "version": "0.0.3", + "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", + "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==" + }, + "node_modules/ts-node": { + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", + "dependencies": { + "@cspotcode/source-map-support": "^0.8.0", + "@tsconfig/node10": "^1.0.7", + "@tsconfig/node12": "^1.0.7", + "@tsconfig/node14": "^1.0.0", + "@tsconfig/node16": "^1.0.2", + "acorn": "^8.4.1", + "acorn-walk": "^8.1.1", + "arg": "^4.1.0", + "create-require": "^1.1.0", + "diff": "^4.0.1", + "make-error": "^1.1.1", + "v8-compile-cache-lib": "^3.0.1", + "yn": "3.1.1" + }, + "bin": { + "ts-node": "dist/bin.js", + "ts-node-cwd": "dist/bin-cwd.js", + "ts-node-esm": "dist/bin-esm.js", + "ts-node-script": "dist/bin-script.js", + "ts-node-transpile-only": "dist/bin-transpile.js", + "ts-script": "dist/bin-script-deprecated.js" + }, + "peerDependencies": { + "@swc/core": ">=1.2.50", + "@swc/wasm": ">=1.2.50", + "@types/node": "*", + "typescript": ">=2.7" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "@swc/wasm": { + "optional": true + } + } + }, + "node_modules/tslib": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz", + "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==" + }, + "node_modules/type-check": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz", + "integrity": "sha512-ZCmOJdvOWDBYJlzAoFkC+Q0+bUyEOS1ltgp1MGU03fqHG+dbi9tBFU2Rd9QKiDZFAYrhPh2JUf7rZRIuHRKtOg==", + "dependencies": { + "prelude-ls": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typed-array-buffer": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/typed-array-buffer/-/typed-array-buffer-1.0.2.tgz", + "integrity": "sha512-gEymJYKZtKXzzBzM4jqa9w6Q1Jjm7x2d+sh19AdsD4wqnMPDYyvwpsIc2Q/835kHuo3BEQ7CjelGhfTsoBb2MQ==", + "dependencies": { + "call-bind": "^1.0.7", + "es-errors": "^1.3.0", + "is-typed-array": "^1.1.13" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/typed-array-byte-length": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/typed-array-byte-length/-/typed-array-byte-length-1.0.1.tgz", + "integrity": "sha512-3iMJ9q0ao7WE9tWcaYKIptkNBuOIcZCCT0d4MRvuuH88fEoEH62IuQe0OtraD3ebQEoTRk8XCBoknUNc1Y67pw==", + "dependencies": { + "call-bind": "^1.0.7", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-proto": "^1.0.3", + "is-typed-array": "^1.1.13" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/typed-array-byte-offset": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/typed-array-byte-offset/-/typed-array-byte-offset-1.0.2.tgz", + "integrity": "sha512-Ous0vodHa56FviZucS2E63zkgtgrACj7omjwd/8lTEMEPFFyjfixMZ1ZXenpgCFBBt4EC1J2XsyVS2gkG0eTFA==", + "dependencies": { + "available-typed-arrays": "^1.0.7", + "call-bind": "^1.0.7", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-proto": "^1.0.3", + "is-typed-array": "^1.1.13" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/typed-array-length": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/typed-array-length/-/typed-array-length-1.0.6.tgz", + "integrity": "sha512-/OxDN6OtAk5KBpGb28T+HZc2M+ADtvRxXrKKbUwtsLgdoxgX13hyy7ek6bFRl5+aBs2yZzB0c4CnQfAtVypW/g==", + "dependencies": { + "call-bind": "^1.0.7", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-proto": "^1.0.3", + "is-typed-array": "^1.1.13", + "possible-typed-array-names": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/typescript": { + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz", + "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/uglify-js": { + "version": "3.19.3", + "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.19.3.tgz", + "integrity": "sha512-v3Xu+yuwBXisp6QYTcH4UbH+xYJXqnq2m/LtQVWKWzYc1iehYnLixoQDN9FH6/j9/oybfd6W9Ghwkl8+UMKTKQ==", + "optional": true, + "bin": { + "uglifyjs": "bin/uglifyjs" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/unbox-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", + "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==", + "dependencies": { + "call-bind": "^1.0.2", + "has-bigints": "^1.0.2", + "has-symbols": "^1.0.3", + "which-boxed-primitive": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/underscore": { + "version": "1.12.1", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.12.1.tgz", + "integrity": "sha512-hEQt0+ZLDVUMhebKxL4x1BTtDY7bavVofhZ9KZ4aI26X9SRaE+Y3m83XUL1UP2jn8ynjndwCCpEHdUG+9pP1Tw==" + }, + "node_modules/undici": { + "version": "6.20.1", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.20.1.tgz", + "integrity": "sha512-AjQF1QsmqfJys+LXfGTNum+qw4S88CojRInG/6t31W/1fk6G59s92bnAvGz5Cmur+kQv2SURXEvvudLmbrE8QA==", + "peer": true, + "engines": { + "node": ">=18.17" + } + }, + "node_modules/undici-types": { + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", + "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==" + }, + "node_modules/universalify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/uri-js-replace": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/uri-js-replace/-/uri-js-replace-1.0.1.tgz", + "integrity": "sha512-W+C9NWNLFOoBI2QWDp4UT9pv65r2w5Cx+3sTYFvtMdDBxkKt1syCqsUdSFAChbEe1uK5TfS04wt/nGwmaeIQ0g==" + }, + "node_modules/url-template": { + "version": "2.0.8", + "resolved": "https://registry.npmjs.org/url-template/-/url-template-2.0.8.tgz", + "integrity": "sha512-XdVKMF4SJ0nP/O7XIPB0JwAEuT9lDIYnNsK8yGVe43y0AWoKeJNdv3ZNWh7ksJ6KqQFjOO6ox/VEitLnaVNufw==" + }, + "node_modules/use-sync-external-store": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/use-sync-external-store/-/use-sync-external-store-1.2.2.tgz", + "integrity": "sha512-PElTlVMwpblvbNqQ82d2n6RjStvdSoNe9FG28kNfz3WiXilJm4DdNkEzRhCZuIDwY8U08WVihhGR5iRqAwfDiw==", + "peerDependencies": { + "react": "^16.8.0 || ^17.0.0 || ^18.0.0" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==" + }, + "node_modules/utility-types": { + "version": "3.11.0", + "resolved": "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz", + "integrity": "sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/v8-compile-cache-lib": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz", + "integrity": "sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==" + }, + "node_modules/webidl-conversions": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", + "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==" + }, + "node_modules/whatwg-encoding": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-3.1.1.tgz", + "integrity": "sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==", + "peer": true, + "dependencies": { + "iconv-lite": "0.6.3" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/whatwg-mimetype": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz", + "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==", + "peer": true, + "engines": { + "node": ">=18" + } + }, + "node_modules/whatwg-url": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", + "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", + "dependencies": { + "tr46": "~0.0.3", + "webidl-conversions": "^3.0.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/which-boxed-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", + "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dependencies": { + "is-bigint": "^1.0.1", + "is-boolean-object": "^1.1.0", + "is-number-object": "^1.0.4", + "is-string": "^1.0.5", + "is-symbol": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/which-typed-array": { + "version": "1.1.15", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.15.tgz", + "integrity": "sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==", + "dependencies": { + "available-typed-arrays": "^1.0.7", + "call-bind": "^1.0.7", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-tostringtag": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/widest-line": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-3.1.0.tgz", + "integrity": "sha512-NsmoXalsWVDMGupxZ5R08ka9flZjjiLvHVAWYOKtiKM8ujtZWr9cRffak+uSE48+Ob8ObalXpwyeUiyDD6QFgg==", + "dependencies": { + "string-width": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/wordwrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==" + }, + "node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" + }, + "node_modules/ws": { + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", + "engines": { + "node": ">=8.3.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": "^5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/y18n": { + "version": "5.0.8", + "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz", + "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==", + "engines": { + "node": ">=10" + } + }, + "node_modules/yaml": { + "version": "1.10.2", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", + "engines": { + "node": ">= 6" + } + }, + "node_modules/yaml-ast-parser": { + "version": "0.0.43", + "resolved": "https://registry.npmjs.org/yaml-ast-parser/-/yaml-ast-parser-0.0.43.tgz", + "integrity": "sha512-2PTINUwsRqSd+s8XxKaJWQlUuEMHJQyEuh2edBbW8KNJz0SJPwUSD2zRWqezFEdN7IzAgeuYHFUCF7o8zRdZ0A==" + }, + "node_modules/yargs": { + "version": "17.0.1", + "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.0.1.tgz", + "integrity": "sha512-xBBulfCc8Y6gLFcrPvtqKz9hz8SO0l1Ni8GgDekvBX2ro0HRQImDGnikfc33cgzcYUSncapnNcZDjVFIH3f6KQ==", + "dependencies": { + "cliui": "^7.0.2", + "escalade": "^3.1.1", + "get-caller-file": "^2.0.5", + "require-directory": "^2.1.1", + "string-width": "^4.2.0", + "y18n": "^5.0.5", + "yargs-parser": "^20.2.2" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/yargs-parser": { + "version": "20.2.9", + "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.9.tgz", + "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==", + "engines": { + "node": ">=10" + } + }, + "node_modules/yn": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yn/-/yn-3.1.1.tgz", + "integrity": "sha512-Ux4ygGWsu2c7isFWe8Yu1YluJmqVhxqK2cLXNQA5AcC3QfbGNpM7fu0Y8b/z16pXLnFxZYvWhd3fhBY9DLmC6Q==", + "engines": { + "node": ">=6" + } + } + } +} diff --git a/oas_docs/package.json b/oas_docs/package.json new file mode 100644 index 0000000000000..d007a9881acad --- /dev/null +++ b/oas_docs/package.json @@ -0,0 +1,19 @@ +{ + "name": "oas_docs", + "version": "1.0.0", + "description": "Documentation about our OpenAPI bundling workflow and configuration. See Kibana's hosted [stateful](https://www.elastic.co/docs/api/doc/kibana) and [serverless](https://www.elastic.co/docs/api/doc/serverless) docs.", + "main": "index.js", + "directories": { + "example": "examples" + }, + "dependencies": { + "bump-cli": "^2.8.4", + "@redocly/cli": "^1.25.7" + }, + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC" +}