From 444b8d010e5b3d82e1545d63adcb60e4476e5c43 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Thu, 15 Aug 2024 10:49:58 -0700 Subject: [PATCH] [DOCS][OAS] Add Fleet APIs (#190571) --- oas_docs/.spectral.yaml | 4 +- oas_docs/output/kibana.serverless.yaml | 14082 ++++++--- oas_docs/output/kibana.yaml | 25205 ++++++++++------ .../overlays/kibana.overlays.serverless.yaml | 2 +- oas_docs/scripts/merge_ess_oas.js | 1 + oas_docs/scripts/merge_ess_oas_staging.js | 1 + oas_docs/scripts/merge_serverless_oas.js | 1 + .../scripts/merge_serverless_oas_staging.js | 1 + .../plugins/fleet/common/openapi/bundled.json | 203 +- .../plugins/fleet/common/openapi/bundled.yaml | 170 +- .../components/schemas/agent_status.yaml | 2 +- .../fleet/common/openapi/entrypoint.yaml | 19 +- .../openapi/paths/agent_download_sources.yaml | 4 +- .../agent_download_sources@{source_id}.yaml | 6 +- .../common/openapi/paths/agent_policies.yaml | 4 +- .../paths/agent_policies@_bulk_get.yaml | 2 +- .../openapi/paths/agent_policies@delete.yaml | 2 +- .../agent_policies@{agent_policy_id}.yaml | 4 +- ...agent_policies@{agent_policy_id}@copy.yaml | 2 +- ...t_policies@{agent_policy_id}@download.yaml | 2 +- ...agent_policies@{agent_policy_id}@full.yaml | 2 +- .../common/openapi/paths/agent_status.yaml | 2 +- .../openapi/paths/agent_status@data.yaml | 2 +- .../paths/agent_status_deprecated.yaml | 2 +- .../common/openapi/paths/agent_tags.yaml | 2 +- .../fleet/common/openapi/paths/agents.yaml | 4 +- .../openapi/paths/agents@action_status.yaml | 2 +- .../openapi/paths/agents@bulk_reassign.yaml | 2 +- .../agents@bulk_request_diagnostics.yaml | 2 +- .../openapi/paths/agents@bulk_unenroll.yaml | 2 +- .../paths/agents@bulk_update_tags.yaml | 2 +- .../openapi/paths/agents@bulk_upgrade.yaml | 2 +- .../paths/agents@current_upgrades.yaml | 2 +- .../openapi/paths/agents@files@{file_id}.yaml | 2 +- .../agents@files@{file_id}@{file_name}.yaml | 2 +- .../common/openapi/paths/agents@setup.yaml | 4 +- .../openapi/paths/agents@{agent_id}.yaml | 6 +- .../paths/agents@{agent_id}@actions.yaml | 2 +- ...{agent_id}@actions@{action_id}@cancel.yaml | 2 +- .../paths/agents@{agent_id}@reassign.yaml | 4 +- ...agents@{agent_id}@request_diagnostics.yaml | 2 +- .../paths/agents@{agent_id}@unenroll.yaml | 2 +- .../paths/agents@{agent_id}@upgrade.yaml | 2 +- .../paths/agents@{agent_id}@uploads.yaml | 2 +- .../openapi/paths/enrollment_api_keys.yaml | 4 +- .../paths/enrollment_api_keys@{key_id}.yaml | 4 +- ...rollment_api_keys@{key_id}_deprecated.yaml | 4 +- .../paths/enrollment_api_keys_deprecated.yaml | 4 +- .../common/openapi/paths/kubernetes.yaml | 2 +- .../openapi/paths/logstash_api_keys.yaml | 2 +- .../paths/output_health@{output_id}.yaml | 2 +- .../fleet/common/openapi/paths/outputs.yaml | 4 +- .../openapi/paths/outputs@{output_id}.yaml | 6 +- .../openapi/paths/package_policies.yaml | 4 +- .../paths/package_policies@_bulk_get.yaml | 2 +- .../paths/package_policies@delete.yaml | 2 +- .../paths/package_policies@upgrade.yaml | 2 +- .../package_policies@upgrade_dryrun.yaml | 2 +- .../package_policies@{package_policy_id}.yaml | 6 +- .../fleet/common/openapi/paths/proxies.yaml | 4 +- .../openapi/paths/proxies@{item_id}.yaml | 6 +- .../common/openapi/paths/service_tokens.yaml | 2 +- .../paths/service_tokens_deprecated.yaml | 2 +- .../openapi/paths/uninstall_tokens.yaml | 2 +- ...uninstall_tokens@{uninstall_token_id}.yaml | 2 +- 65 files changed, 26089 insertions(+), 13754 deletions(-) diff --git a/oas_docs/.spectral.yaml b/oas_docs/.spectral.yaml index b2968ad80eb47..2bea043e02446 100644 --- a/oas_docs/.spectral.yaml +++ b/oas_docs/.spectral.yaml @@ -72,13 +72,13 @@ rules: message: 'Each operation should have a summary' severity: error recommended: true - given: $.paths[*][*] + given: $.paths[*][get,put,post,delete,options,head,patch,trace] then: field: summary function: defined operation-summary-length: description: Operation summary should be between 5 and 45 characters - given: '$.paths[*][*]' + given: '$.paths[*][get,put,post,delete,options,head,patch,trace]' then: field: summary function: length diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index e516603dfe240..371d1b25b4c40 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -69,279 +69,412 @@ servers: kibana_url: default: 'localhost:5601' - url: / + - description: Public and supported Fleet API + url: 'http://KIBANA_HOST:5601/api/fleet' - description: local url: 'http://localhost:5601' paths: - /api/actions/connector: + /agent_download_sources: + get: + operationId: get-download-sources + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_download_sources' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources + tags: + - Elastic Agent binary download sources post: - description: The connector identifier is randomly generated. - operationId: createConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + operationId: post-download-sources requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_email_connector_request - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - createWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_request - createXmattersConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_request schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true + type: object + properties: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - host + - is_default responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_email_connector_response - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - createWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_response - createXmattersConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_response schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector with a random ID + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent binary download source tags: - - connectors - /api/actions/connector_types: - get: - operationId: getConnectorTypes + - Elastic Agent binary download sources + '/agent_download_sources/{sourceId}': + delete: + operationId: delete-download-source parameters: - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - schema: - $ref: '#/components/schemas/Connectors_features' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorTypesServerlessResponse: - $ref: >- - #/components/examples/Connectors_get_connector_types_generativeai_response schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - example: true - type: boolean - enabled_in_config: - description: >- - Indicates whether the connector type is enabled in the - Kibana configuration file. - example: true - type: boolean - enabled_in_license: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - $ref: '#/components/schemas/Connectors_connector_types' - is_system_action_type: - example: false - type: boolean - minimum_license_required: - description: The license that is required to use the connector type. - example: basic - type: string - name: - description: The name of the connector type. - example: Index - type: string - supported_feature_ids: - description: The features that are supported by the connector type. - example: - - alerting - - cases - - siem - items: - $ref: '#/components/schemas/Connectors_features' - type: array - title: Get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connector types - tags: - - connectors - '/api/actions/connector/{connectorId}': - delete: - operationId: deleteConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - responses: - '204': - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Delete a connector + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent binary download source by ID tags: - - connectors + - Elastic Agent binary download sources get: - operationId: getConnector - parameters: - - $ref: '#/components/parameters/Connectors_connector_id' + operationId: get-one-download-source responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorResponse: - $ref: '#/components/examples/Connectors_get_connector_response' schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Get a connector information + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent binary download source by ID tags: - - connectors - post: - operationId: createConnectorId + - Elastic Agent binary download sources + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + put: + operationId: update-download-source parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - description: > - A UUID v1 or v4 identifier for the connector. If you omit this - parameter, an identifier is randomly generated. - in: path - name: connectorId - required: true - schema: - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true + type: object + properties: + host: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - is_default + - host responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent binary download source by ID tags: - - connectors - put: - operationId: updateConnector + - Elastic Agent binary download sources + /agent_policies: + get: + description: '' + operationId: agent-policy-list parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. + in: query + name: full + schema: + type: boolean + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. + in: query + name: noAgentCount + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent policies + tags: + - Elastic Agent policies + post: + operationId: create-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_update_index_connector_request schema: - $ref: '#/components/schemas/Connectors_update_connector_request' - required: true + $ref: '#/components/schemas/Fleet_agent_policy_create_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK '400': - $ref: '#/components/responses/Connectors_401' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Update a connector + $ref: '#/components/responses/Fleet_error' + security: [] + summary: Create agent policy tags: - - connectors - /api/actions/connectors: + - Elastic Agent policies + /agent_policies/_bulk_get: + post: + operationId: bulk-get-agent-policies + parameters: [] + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of agent policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: [] + summary: Bulk get agent policies + tags: + - Elastic Agent policies + '/agent_policies/{agentPolicyId}': get: - operationId: getConnectors + description: Get one agent policy + operationId: agent-policy-info + parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorsResponse: - $ref: '#/components/examples/Connectors_get_connectors_response' schema: - items: - $ref: >- - #/components/schemas/Connectors_connector_response_properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connectors + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent policy by ID tags: - - connectors - /api/apm/agent_keys: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + put: + operationId: update-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent policy by ID + tags: + - Elastic Agent policies + '/agent_policies/{agentPolicyId}/copy': + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string post: - description: Create a new agent key for APM. - operationId: createAgentKey + operationId: agent-policy-copy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: + description: + type: string name: type: string - privileges: - items: - enum: - - 'event:write' - - 'config_agent:read' + required: + - name + description: '' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Copy agent policy by ID + tags: + - Elastic Agent policies + '/agent_policies/{agentPolicyId}/download': + get: + operationId: agent-policy-download + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: type: string - type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + '/agent_policies/{agentPolicyId}/full': + get: + operationId: agent-policy-full responses: '200': content: @@ -349,54 +482,58 @@ paths: schema: type: object properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: - type: string - description: Agent key created successfully - summary: Create an APM agent key + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID tags: - - APM agent keys - '/api/apm/services/{serviceName}/annotation': + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /agent_policies/delete: + parameters: [] post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + operationId: delete-agent-policy parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - '@timestamp': - type: string - message: + agentPolicyId: type: string - service: - type: object - properties: - environment: - type: string - version: - type: string - tags: - items: - type: string - type: array - required: true + force: + description: >- + bypass validation checks that can prevent agent policy + deletion + type: boolean + required: + - agentPolicyId responses: '200': content: @@ -404,67 +541,31 @@ paths: schema: type: object properties: - _id: - type: string - _index: + id: type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation + success: + type: boolean + required: + - id + - success + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID tags: - - APM annotations - '/api/apm/services/{serviceName}/annotation/search': + - Elastic Agent policies + /agent_status: get: - description: Search for annotations related to a specific service. - operationId: getAnnotation + operationId: get-agent-status parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start + - in: query + name: policyId required: false schema: type: string - - description: The end date for the search + - deprecated: true in: query - name: end + name: kuery required: false schema: type: string @@ -475,191 +576,291 @@ paths: schema: type: object properties: - annotations: - items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string - type: array - description: Successful response - summary: Search for annotations + active: + type: integer + all: + type: integer + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + deprecated: true + type: integer + unenrolled: + type: integer + updating: + type: integer + required: + - active + - all + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - APM annotations - /api/data_views: + - Elastic Agent status + /agent_status/data: get: - operationId: getAllDataViewsDefault + operationId: get-agent-data + parameters: + - in: query + name: agentsIds + required: true + schema: + items: + type: string + type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' schema: type: object properties: - data_view: + items: items: + additionalProperties: + type: object + properties: + data: + type: boolean type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object type: array - description: Indicates a successful call. + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get incoming agent data + tags: + - Elastic Agent status + /agent-status: + get: + deprecated: true + operationId: get-agent-status-deprecated + parameters: + - in: query + name: policyId + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - data views - /api/data_views/data_view: + - Elastic Agent status + /agents: + get: + operationId: get-agents + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + summary: List agents + tags: + - Elastic Agents post: - operationId: createDataViewDefaultw + operationId: get-agents-by-actions parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' + type: object + properties: + actionIds: + items: + type: string + type: array + required: + - policy_id required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids tags: - - data views - '/api/data_views/data_view/{viewId}': + - Elastic Agents + '/agents/{agentId}': delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault + operationId: delete-agent parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: - '204': - description: Indicates a successful call. - '404': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID tags: - - data views + - Elastic Agents get: - operationId: getDataViewDefault + operationId: get-agent parameters: - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_with_metrics' responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID tags: - - data views - post: - operationId: updateDataViewDefault + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' + type: object + properties: + tags: + items: + type: string + type: array + user_provided_metadata: + type: object required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID tags: - - data views - '/api/data_views/data_view/{viewId}/fields': + - Elastic Agents + '/agents/{agentId}/actions': + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault + operationId: new-agent-action parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' schema: type: object properties: - fields: - description: The field object. - type: object - required: - - fields + action: + $ref: '#/components/schemas/Fleet_agent_action' required: true responses: '200': @@ -668,44 +869,72 @@ paths: schema: type: object properties: - acknowledged: - type: boolean - description: Indicates a successful call. + body: + items: + type: number + type: array + headers: + type: string + statusCode: + type: number + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action + tags: + - Elastic Agent actions + '/agents/{agentId}/actions/{actionId}/cancel': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + - in: path + name: actionId + required: true + schema: + type: string + post: + operationId: agent-action-cancel + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field': + - Elastic Agent actions + '/agents/{agentId}/reassign': + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - operationId: createRuntimeFieldDefault + operationId: reassign-agent parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: type: object properties: - name: - description: | - The name for a runtime field. + policy_id: type: string - runtimeField: - description: | - The runtime field definition object. - type: object required: - - name - - runtimeField + - policy_id required: true responses: '200': @@ -713,41 +942,27 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - summary: Create a runtime field + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent tags: - - data views + - Elastic Agents put: - operationId: createUpdateRuntimeFieldDefault + deprecated: true + operationId: reassign-agent-deprecated parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' schema: type: object properties: - name: - description: | - The name for a runtime field. + policy_id: type: string - runtimeField: - description: | - The runtime field definition object. - type: object required: - - name - - runtimeField + - policy_id required: true responses: '200': @@ -755,163 +970,298 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + '/agents/{agentId}/request_diagnostics': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: request-diagnostics-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': - delete: - operationId: deleteRuntimeFieldDefault + - Elastic Agents + '/agents/{agentId}/unenroll': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: unenroll-agent parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + revoke: + type: boolean responses: '200': - description: Indicates a successful call. - '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view - tags: - - data views - get: - operationId: getRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': + type: object + description: OK + '400': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: type: object properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: number + description: BAD REQUEST + summary: Unenroll agent tags: - - data views + - Elastic Agents + '/agents/{agentId}/upgrade': + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - operationId: updateRuntimeFieldDefault + operationId: upgrade-agent parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField + $ref: '#/components/schemas/Fleet_upgrade_agent' required: true responses: '200': - description: Indicates a successful call. - '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent tags: - - data views - /api/data_views/default: + - Elastic Agents + '/agents/{agentId}/uploads': get: - operationId: getDefaultDataViewDefault + operationId: list-agent-uploads responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response schema: type: object properties: - data_view_id: - type: string - description: Indicates a successful call. + body: + type: object + properties: + item: + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + type: array + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /agents/action_status: + get: + operationId: agents-action-status + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - in: query + name: errorSize + schema: + default: 5 + type: integer + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view + type: object + properties: + items: + items: + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + latestErrors: + description: >- + latest errors that happened when the agents executed + the action + items: + type: object + properties: + agentId: + type: string + error: + type: string + timestamp: + type: string + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: string + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status tags: - - data views + - Elastic Agent actions + /agents/bulk_reassign: post: - operationId: setDefaultDatailViewDefault + operationId: bulk-reassign-agents parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: type: object properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + policy_id: + description: new agent policy id type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean required: - - data_view_id - required: true + - policy_id + - agents responses: '200': content: @@ -919,36 +1269,46 @@ paths: schema: type: object properties: - acknowledged: - type: boolean - description: Indicates a successful call. + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents tags: - - data views - /api/data_views/swap_references: + - Elastic Agents + /agents/bulk_request_diagnostics: post: - description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault + operationId: bulk-request-diagnostics parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + required: + - agents responses: '200': content: @@ -956,46 +1316,52 @@ paths: schema: type: object properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Swap saved object references + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents tags: - - data views - /api/data_views/swap_references/_preview: + - Elastic Agents + /agents/bulk_unenroll: post: - description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault + operationId: bulk-unenroll-agents parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request + example: + agents: + - agent1 + - agent2 + force: false + revoke: true schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents responses: '200': content: @@ -1003,754 +1369,4113 @@ paths: schema: type: object properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array - description: Indicates a successful call. - summary: Preview a saved object reference swap - tags: - - data views - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents tags: - - ml - /api/saved_objects/_export: + - Elastic Agents + /agents/bulk_update_agent_tags: post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault + operationId: bulk-update-agent-tags parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag schema: type: object properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. + agents: oneOf: - - type: string - - items: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: type: string type: array - required: true + batchSize: + type: number + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true type: object - description: Indicates a successful call. + properties: + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags tags: - - saved objects - /api/saved_objects/_import: + - Elastic Agents + /agents/bulk_upgrade: post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault + operationId: bulk-upgrade-agents parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response schema: type: object properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. + actionId: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents + tags: + - Elastic Agents + '/agents/files/{fileId}': + delete: + operationId: delete-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects + type: object + properties: + body: + type: object + properties: + deleted: + type: boolean + id: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent tags: - - saved objects - /api/status: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + '/agents/files/{fileId}/{fileName}': get: - operationId: /api/status#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean + operationId: get-agent-upload-file responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status + type: object + properties: + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent tags: - - system - '/s/{spaceId}/api/observability/slos': + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /agents/setup: get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean + operationId: get-agents-setup-status responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + summary: Get agent setup info tags: - - slo + - Elastic Agents post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp + operationId: setup-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true + type: object + properties: + admin_password: + type: string + admin_username: + type: string + required: + - admin_username + - admin_password responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup + tags: + - Elastic Agents + /agents/tags: + get: + operationId: get-agent-tags + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - servers: - - url: 'https://localhost:5601' - summary: Create an SLO + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': + - Elastic Agents + /api/actions/connector: post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp + description: The connector identifier is randomly generated. + operationId: createConnector parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createEmailConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_email_connector_request + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request + createWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_request + createXmattersConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_request schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + $ref: '#/components/schemas/Connectors_create_connector_request' required: true responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_email_connector_response + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response + createWebhookConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_response + createXmattersConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_response schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - servers: - - url: 'https://localhost:5601' - summary: Batch delete rollup and summary data + $ref: '#/components/responses/Connectors_401' + summary: Create a connector with a random ID tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp + - connectors + /api/actions/connector_types: + get: + operationId: getConnectorTypes parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - description: >- + A filter to limit the retrieved connector types to those that + support a specific feature (such as alerting or cases). + in: query + name: feature_id + schema: + $ref: '#/components/schemas/Connectors_features' responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorTypesServerlessResponse: + $ref: >- + #/components/examples/Connectors_get_connector_types_generativeai_response schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + description: The properties vary for each connector type. + items: + type: object + properties: + enabled: + description: >- + Indicates whether the connector type is enabled in + Kibana. + example: true + type: boolean + enabled_in_config: + description: >- + Indicates whether the connector type is enabled in the + Kibana configuration file. + example: true + type: boolean + enabled_in_license: + description: >- + Indicates whether the connector is enabled in the + license. + example: true + type: boolean + id: + $ref: '#/components/schemas/Connectors_connector_types' + is_system_action_type: + example: false + type: boolean + minimum_license_required: + description: The license that is required to use the connector type. + example: basic + type: string + name: + description: The name of the connector type. + example: Index + type: string + supported_feature_ids: + description: The features that are supported by the connector type. + example: + - alerting + - cases + - siem + items: + $ref: '#/components/schemas/Connectors_features' + type: array + title: Get connector types response body properties + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connector types + tags: + - connectors + '/api/actions/connector/{connectorId}': + delete: + operationId: deleteConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + responses: + '204': + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO + $ref: '#/components/responses/Connectors_404' + summary: Delete a connector tags: - - slo + - connectors get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp + operationId: getConnector parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string + - $ref: '#/components/parameters/Connectors_connector_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorResponse: + $ref: '#/components/examples/Connectors_get_connector_response' schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + $ref: '#/components/responses/Connectors_401' '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO + $ref: '#/components/responses/Connectors_404' + summary: Get a connector information tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp + - connectors + post: + operationId: createConnectorId parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - description: > + A UUID v1 or v4 identifier for the connector. If you omit this + parameter, an identifier is randomly generated. + in: path + name: connectorId + required: true + schema: + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request schema: - $ref: '#/components/schemas/SLOs_update_slo_request' + $ref: '#/components/schemas/Connectors_create_connector_request' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO + $ref: '#/components/responses/Connectors_401' + summary: Create a connector tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp + - connectors + put: + operationId: updateConnector parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_update_index_connector_request + schema: + $ref: '#/components/schemas/Connectors_update_connector_request' + required: true responses: - '204': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request + $ref: '#/components/responses/Connectors_401' '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + $ref: '#/components/responses/Connectors_401' '404': + $ref: '#/components/responses/Connectors_404' + summary: Update a connector + tags: + - connectors + /api/actions/connectors: + get: + operationId: getConnectors + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorsResponse: + $ref: '#/components/examples/Connectors_get_connectors_response' schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO + items: + $ref: >- + #/components/schemas/Connectors_connector_response_properties + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connectors tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': + - connectors + /api/apm/agent_keys: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + description: Create a new agent key for APM. + operationId: createAgentKey + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + privileges: + items: + enum: + - 'event:write' + - 'config_agent:read' + type: string + type: array + required: true responses: '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + description: Agent key created successfully + summary: Create an APM agent key tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': + - APM agent keys + '/api/apm/services/{serviceName}/annotation': post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp + description: Create a new annotation for a specific service. + operationId: createAnnotation parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + '@timestamp': + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + version: + type: string + tags: + items: + type: string + type: array + required: true responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': + type: object + properties: + _id: + type: string + _index: + type: string + _source: + type: object + properties: + '@timestamp': + type: string + annotation: + type: string + event: + type: object + properties: + created: + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + tags: + items: + type: string + type: array + description: Annotation created successfully + summary: Create a service annotation + tags: + - APM annotations + '/api/apm/services/{serviceName}/annotation/search': + get: + description: Search for annotations related to a specific service. + operationId: getAnnotation + parameters: + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + - description: The environment to filter annotations by + in: query + name: environment + required: false + schema: + type: string + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + type: object + properties: + annotations: + items: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + type: array + description: Successful response + summary: Search for annotations + tags: + - APM annotations + /api/data_views: + get: + operationId: getAllDataViewsDefault + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + type: object + properties: + data_view: + items: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + type: object + type: array + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views + tags: + - data views + /api/data_views/data_view: + post: + operationId: createDataViewDefaultw + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create a data view + tags: + - data views + '/api/data_views/data_view/{viewId}': + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '204': + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view + tags: + - data views + get: + operationId: getDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view + tags: + - data views + post: + operationId: updateDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_update_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a data view + tags: + - data views + '/api/data_views/data_view/{viewId}/fields': + post: + description: > + Update fields presentation metadata such as count, customLabel, + customDescription, and format. + operationId: updateFieldsMetadataDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' + schema: + type: object + properties: + fields: + description: The field object. + type: object + required: + - fields + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update data view fields metadata + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field': + post: + operationId: createRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + summary: Create a runtime field + tags: + - data views + put: + operationId: createUpdateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. + in: path + name: viewId + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create or update a runtime field + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': + delete: + operationId: deleteRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view + tags: + - data views + get: + operationId: getRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field + tags: + - data views + post: + operationId: updateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' + schema: + type: object + properties: + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField + required: true + responses: + '200': + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a runtime field + tags: + - data views + /api/data_views/default: + get: + operationId: getDefaultDataViewDefault + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response + schema: + type: object + properties: + data_view_id: + type: string + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get the default data view + tags: + - data views + post: + operationId: setDefaultDatailViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' + schema: + type: object + properties: + data_view_id: + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Set the default data view + tags: + - data views + /api/data_views/swap_references: + post: + description: > + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. + operationId: swapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + deleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Swap saved object references + tags: + - data views + /api/data_views/swap_references/_preview: + post: + description: > + Preview the impact of swapping saved object references from one data + view identifier to another. + operationId: previewSwapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + previewSwapDataViewRequest: + $ref: >- + #/components/examples/Data_views_preview_swap_data_view_request + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Preview a saved object reference swap + tags: + - data views + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models. This API runs automatically when you start Kibana and + periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync machine learning saved objects + tags: + - ml + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_request + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_response + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_request + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_response + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + /api/status: + get: + operationId: /api/status#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /data_streams: + get: + operationId: data-streams-list + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + operationId: create-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/enrollment_api_keys/{keyId}': + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + operationId: get-enrollment-api-key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + deprecated: true + operationId: create-enrollment-api-keys-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/enrollment-api-keys/{keyId}': + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + deprecated: true + operationId: get-enrollment-api-key-deprecated + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /epm/bulk_assets: + post: + operationId: bulk-get-assets + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array + required: + - assetIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /epm/categories: + get: + operationId: get-package-categories + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories + tags: + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /epm/packages: + get: + operationId: list-all-packages + parameters: + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus + schema: + default: false + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: category + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List packages + tags: + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgkey}': + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + get: + deprecated: true + operationId: get-package-deprecated + parameters: + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + summary: Get package + tags: + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/{pkgVersion}': + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package + tags: + - Elastic Package Manager (EPM) + get: + operationId: get-package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + summary: Get package + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + get: + operationId: packages-get-file + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + '/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + post: + description: '' + operationId: reauthorize-transforms + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + transforms: + items: + type: object + properties: + transformId: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/stats': + get: + operationId: get-package-stats + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + /epm/packages/limited: + get: + operationId: list-limited-packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + parameters: [] + '/epm/templates/{pkgName}/{pkgVersion}/inputs': + get: + operationId: get-inputs-template + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /epm/verification_key_id: + get: + operationId: packages-get-verification-key-id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + parameters: [] + /fleet_server_hosts: + get: + operationId: get-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + post: + operationId: post-fleet-server-hosts + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + '/fleet_server_hosts/{itemId}': + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID + tags: + - Fleet Server hosts + /health_check: + post: + operationId: fleet-server-health-check + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + type: string + required: + - id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + description: Fleet Server host id + type: string + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check + tags: + - Fleet internals + /kubernetes: + get: + operationId: get-full-k8s-manifest + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + /logstash_api_keys: + post: + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + '/outputs/{outputId}': + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID + tags: + - Fleet outputs + get: + operationId: get-output + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + put: + operationId: update-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID + tags: + - Fleet outputs + '/outputs/{outputId}/health': + get: + operationId: get-output-health + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: 'state of output, HEALTHY or DEGRADED' + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /package_policies: + get: + operationId: get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: [] + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy + tags: + - Fleet package policies + /package_policies/_bulk_get: + post: + operationId: bulk-get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + security: [] + summary: Bulk get package policies + tags: + - Fleet package policies + '/package_policies/{packagePolicyId}': + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID + tags: + - Fleet package policies + get: + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + sucess: + type: boolean + required: + - item + - sucess + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID + tags: + - Fleet package policies + /package_policies/delete: + post: + operationId: post-delete-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy + tags: + - Fleet package policies + /package_policies/upgrade: + post: + operationId: upgrade-package-policy + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade + tags: + - Fleet package policies + /proxies: + get: + operationId: get-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List proxies + tags: + - Fleet proxies + post: + operationId: post-fleet-proxies + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create proxy + tags: + - Fleet proxies + '/proxies/{itemId}': + delete: + operationId: delete-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID + tags: + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + '/s/{spaceId}/api/observability/slos': + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: 'The page to use for pagination, must be greater or equal than 1' + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + servers: + - url: 'https://localhost:5601' + summary: Create an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/_delete_instances': + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + servers: + - url: 'https://localhost:5601' + summary: Batch delete rollup and summary data + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}': + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/disable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/enable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO tags: - slo + /service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /settings: + get: + operationId: get-settings + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings + tags: + - Fleet internals + /settings/enrollment: + get: + operationId: get-enrollment-settings + parameters: + - description: >- + An agent policy ID to scope the enrollment settings to. For example, + that policy's Fleet Server host, its proxy, download location, etc. + If not provided, the default Fleet Server policy is used (if any). + in: query + name: agentPolicyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_enrollment_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment settings + tags: + - Fleet internals + servers: + - description: Used for Fleet internals and not supported + url: 'http://KIBANA_HOST:5601/internal/fleet' + /setup: + post: + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + description: Internal Server Error + summary: Initiate Fleet setup + tags: + - Fleet internals + /uninstall_tokens: + get: + operationId: get-uninstall-tokens + parameters: + - description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + '/uninstall_tokens/{uninstallTokenId}': + get: + operationId: get-uninstall-token + parameters: + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID + tags: + - Fleet uninstall tokens components: examples: Connectors_create_email_connector_request: @@ -3571,6 +7296,79 @@ components: schema: example: ff959d40-b880-11e8-a6d9-e546fe2bba5f type: string + Fleet_format: + description: Simplified or legacy format for package inputs + in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf + required: true + schema: + type: string + Fleet_kuery: + in: query + name: kuery + required: false + schema: + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: 'Return agent metrics, false by default' + in: query + name: withMetrics + required: false + schema: + type: boolean Machine_learning_APIs_simulateParam: description: >- When true, simulates the synchronization by returning only the list of @@ -3633,3369 +7431,5689 @@ components: type: integer title: Unauthorized response type: object - description: Authorization information is missing or invalid. - Connectors_404: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + description: Authorization information is missing or invalid. + Connectors_404: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not + found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + title: Not found response + type: object + description: Object is not found. + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: + Connectors_config_properties_bedrock: + description: Defines properties for connectors when type is `.bedrock`. + properties: + apiUrl: + description: The Amazon Bedrock request URL. + type: string + defaultModel: + default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' + description: > + The generative artificial intelligence model for Amazon Bedrock to + use. Current support is for the Anthropic Claude models. + type: string + required: + - apiUrl + title: Connector request properties for an Amazon Bedrock connector + type: object + Connectors_config_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + createCommentJson: + description: > + A JSON payload sent to the create comment URL to create a case + comment. You can use variables to add Kibana Cases data to the + payload. The required variable is `case.comment`. Due to Mustache + template variables (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated once the Mustache variables have + been placed when the REST method runs. Manually ensure that the JSON + is valid, disregarding the Mustache variables, so the later + validation will pass. + example: '{"body": {{{case.comment}}}}' + type: string + createCommentMethod: + default: put + description: > + The REST API HTTP request method to create a case comment in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + type: string + createCommentUrl: + description: > + The REST API URL to create a case comment by ID in the third-party + system. You can use a variable to add the external system ID to the + URL. If you are using the `xpack.actions.allowedHosts setting`, add + the hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.id}}}/comment' + type: string + createIncidentJson: + description: > + A JSON payload sent to the create case URL to create a case. You can + use variables to add case data to the payload. Required variables + are `case.title` and `case.description`. Due to Mustache template + variables (which is the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid to avoid future validation errors; disregard Mustache + variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} + type: string + createIncidentMethod: + default: post + description: > + The REST API HTTP request method to create a case in the third-party + system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + type: string + createIncidentResponseKey: + description: >- + The JSON key in the create external case response that contains the + case ID. + type: string + createIncidentUrl: + description: > + The REST API URL to create a case in the third-party system. If you + are using the `xpack.actions.allowedHosts` setting, add the hostname + to the allowed hosts. + type: string + getIncidentResponseExternalTitleKey: + description: >- + The JSON key in get external case response that contains the case + title. + type: string + getIncidentUrl: + description: > + The REST API URL to get the case by ID from the third-party system. + If you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. You can use a variable to add the + external system ID to the URL. Due to Mustache template variables + (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid, disregarding the Mustache variables, so the later validation + will pass. + example: 'https://example.com/issue/{{{external.system.id}}}' + type: string + hasAuth: + default: true + description: >- + If true, a username and password for login type authentication must + be provided. + type: boolean + headers: + description: > + A set of key-value pairs sent as headers with the request URLs for + the create case, update case, get case, and create comment methods. + type: string + updateIncidentJson: + description: > + The JSON payload sent to the update case URL to update the case. You + can use variables to add Kibana Cases data to the payload. Required + variables are `case.title` and `case.description`. Due to Mustache + template variables (which is the text enclosed in triple braces, for + example, `{{{case.title}}}`), the JSON is not validated when you + create the connector. The JSON is validated after the Mustache + variables have been placed when REST method runs. Manually ensure + that the JSON is valid to avoid future validation errors; disregard + Mustache variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} + type: string + updateIncidentMethod: + default: put + description: > + The REST API HTTP request method to update the case in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + type: string + updateIncidentUrl: + description: > + The REST API URL to update the case by ID in the third-party system. + You can use a variable to add the external system ID to the URL. If + you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.ID}}}' + type: string + viewIncidentUrl: + description: > + The URL to view the case in the external system. You can use + variables to add the external system ID or external system title to + the URL. + example: >- + https://testing-jira.atlassian.net/browse/{{{external.system.title}}} + type: string + required: + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + title: Connector request properties for Webhook - Case Management connector + Connectors_config_properties_d3security: + description: Defines properties for connectors when type is `.d3security`. + properties: + url: + description: > + The D3 Security API request URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string + required: + - url + title: Connector request properties for a D3 Security connector + type: object + Connectors_config_properties_email: + description: Defines properties for connectors when type is `.email`. + type: object + properties: + clientId: + description: > + The client identifier, which is a part of OAuth 2.0 client + credentials authentication, in GUID format. If `service` is + `exchange_server`, this property is required. + nullable: true + type: string + from: + description: > + The from address for all emails sent by the connector. It must be + specified in `user@host-name` format. + type: string + hasAuth: + default: true + description: > + Specifies whether a user and password are required inside the + secrets configuration. + type: boolean + host: + description: > + The host name of the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: string + oauthTokenUrl: + nullable: true + type: string + port: + description: > + The port to connect to on the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: > + Specifies whether the connection to the service provider will use + TLS. If the `service` is `elastic_cloud` (for Elastic Cloud + notifications) or one of Nodemailer's well-known email service + providers, this property is ignored. + type: boolean + service: + description: | + The name of the email service. + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses + type: string + tenantId: + description: > + The tenant identifier, which is part of OAuth 2.0 client credentials + authentication, in GUID format. If `service` is `exchange_server`, + this property is required. + nullable: true + type: string + required: + - from + title: Connector request properties for an email connector + Connectors_config_properties_gemini: + description: Defines properties for connectors when type is `.gemini`. + properties: + apiUrl: + description: The Google Gemini request URL. + type: string + defaultModel: + default: gemini-1.5-pro-001 + description: >- + The generative artificial intelligence model for Google Gemini to + use. + type: string + gcpProjectID: + description: The Google ProjectID that has Vertex AI endpoint enabled. + type: string + gcpRegion: + description: The GCP region where the Vertex AI endpoint enabled. + type: string + required: + - apiUrl + - gcpRegion + - gcpProjectID + title: Connector request properties for an Google Gemini connector + type: object + Connectors_config_properties_genai: + description: Defines properties for connectors when type is `.gen-ai`. + discriminator: + mapping: + Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' + OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' + propertyName: apiProvider + oneOf: + - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' + - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' + title: Connector request properties for an OpenAI connector + Connectors_config_properties_genai_azure: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `Azure OpenAI'. + properties: + apiProvider: + description: The OpenAI API provider. + enum: + - Azure OpenAI + type: string + apiUrl: + description: The OpenAI API endpoint. + type: string + required: + - apiProvider + - apiUrl + title: >- + Connector request properties for an OpenAI connector that uses Azure + OpenAI + type: object + Connectors_config_properties_genai_openai: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `OpenAI'. + properties: + apiProvider: + description: The OpenAI API provider. + enum: + - OpenAI + type: string + apiUrl: + description: The OpenAI API endpoint. + type: string + defaultModel: + description: The default model to use for requests. + type: string + required: + - apiProvider + - apiUrl + title: Connector request properties for an OpenAI connector + type: object + Connectors_config_properties_index: + description: Defines properties for connectors when type is `.index`. + type: object + properties: + executionTimeField: + default: null + description: A field that indicates when the document was indexed. + nullable: true + type: string + index: + description: The Elasticsearch index to be written to. + type: string + refresh: + default: false + description: > + The refresh policy for the write request, which affects when changes + are made visible to search. Refer to the refresh setting for + Elasticsearch document APIs. + type: boolean + required: + - index + title: Connector request properties for an index connector + Connectors_config_properties_jira: + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + apiUrl: + description: The Jira instance URL. + type: string + projectKey: + description: The Jira project key. + type: string + required: + - apiUrl + - projectKey + title: Connector request properties for a Jira connector + Connectors_config_properties_opsgenie: + description: Defines properties for connectors when type is `.opsgenie`. + type: object + properties: + apiUrl: + description: > + The Opsgenie URL. For example, `https://api.opsgenie.com` or + `https://api.eu.opsgenie.com`. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string + required: + - apiUrl + title: Connector request properties for an Opsgenie connector + Connectors_config_properties_pagerduty: + description: Defines properties for connectors when type is `.pagerduty`. + properties: + apiUrl: + description: The PagerDuty event URL. + example: 'https://events.pagerduty.com/v2/enqueue' + nullable: true + type: string + title: Connector request properties for a PagerDuty connector + type: object + Connectors_config_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + apiUrl: + description: The IBM Resilient instance URL. + type: string + orgId: + description: The IBM Resilient organization ID. + type: string + required: + - apiUrl + - orgId + title: Connector request properties for a IBM Resilient connector + Connectors_config_properties_sentinelone: + description: Defines properties for connectors when type is `.sentinelone`. + type: object + properties: + url: + description: > + The SentinelOne tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string + required: + - url + title: Connector request properties for a SentinelOne connector + Connectors_config_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + apiUrl: + description: The ServiceNow instance URL. + type: string + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. + type: string + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. + type: string + usesTableApi: + default: true + description: > + Determines whether the connector uses the Table API or the Import + Set API. This property is supported only for ServiceNow ITSM and + ServiceNow SecOps connectors. NOTE: If this property is set to + `false`, the Elastic application should be installed in ServiceNow. + type: boolean + required: + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_servicenow_itom: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + apiUrl: + description: The ServiceNow instance URL. + type: string + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. + type: string + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. + type: string + required: + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_slack_api: + description: Defines properties for connectors when type is `.slack_api`. + properties: + allowedChannels: + description: A list of valid Slack channels. + items: + maxItems: 25 + type: object properties: - error: - enum: - - Not Found - example: Not Found + id: + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 type: string - message: - example: >- - Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not - found + name: + description: The Slack channel name. + minLength: 1 type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - title: Not found response - type: object - description: Object is not found. - schemas: - Connectors_config_properties_bedrock: - description: Defines properties for connectors when type is `.bedrock`. + required: + - id + - name + type: array + title: Connector request properties for a Slack connector + type: object + Connectors_config_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + apiUrl: + description: The Swimlane instance URL. + type: string + appId: + description: The Swimlane application ID. + type: string + connectorType: + description: >- + The type of connector. Valid values are `all`, `alerts`, and + `cases`. + enum: + - all + - alerts + - cases + type: string + mappings: + description: The field mapping. + properties: + alertIdConfig: + description: Mapping for the alert ID. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Alert identifier mapping + type: object + caseIdConfig: + description: Mapping for the case ID. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case identifier mapping + type: object + caseNameConfig: + description: Mapping for the case name. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case name mapping + type: object + commentsConfig: + description: Mapping for the case comments. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case comment mapping + type: object + descriptionConfig: + description: Mapping for the case description. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case description mapping + type: object + ruleNameConfig: + description: Mapping for the name of the alert's rule. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Rule name mapping + type: object + severityConfig: + description: Mapping for the severity. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Severity mapping + type: object + title: Connector mappings properties for a Swimlane connector + type: object + required: + - apiUrl + - appId + - connectorType + title: Connector request properties for a Swimlane connector + Connectors_config_properties_tines: + description: Defines properties for connectors when type is `.tines`. + properties: + url: + description: > + The Tines tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, make sure this hostname is + added to the allowed hosts. + type: string + required: + - url + title: Connector request properties for a Tines connector + type: object + Connectors_config_properties_torq: + description: Defines properties for connectors when type is `.torq`. + properties: + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. + type: string + required: + - webhookIntegrationUrl + title: Connector request properties for a Torq connector + type: object + Connectors_config_properties_webhook: + description: Defines properties for connectors when type is `.webhook`. + properties: + authType: + description: | + The type of authentication to use: basic, SSL, or none. + enum: + - webhook-authentication-basic + - webhook-authentication-ssl + nullable: true + type: string + ca: + description: > + A base64 encoded version of the certificate authority file that the + connector can trust to sign and validate certificates. This option + is available for all authentication types. + type: string + certType: + description: > + If the `authType` is `webhook-authentication-ssl`, specifies whether + the certificate authentication data is in a CRT and key file format + or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx + type: string + hasAuth: + description: > + If `true`, a user name and password must be provided for login type + authentication. + type: boolean + headers: + description: A set of key-value pairs sent as headers with the request. + nullable: true + type: object + method: + default: post + description: | + The HTTP request method, either `post` or `put`. + enum: + - post + - put + type: string + url: + description: > + The request URL. If you are using the `xpack.actions.allowedHosts` + setting, add the hostname to the allowed hosts. + type: string + verificationMode: + default: full + description: > + Controls the verification of certificates. Use `full` to validate + that the certificate has an issue date within the `not_before` and + `not_after` dates, chains to a trusted certificate authority (CA), + and has a hostname or IP address that matches the names within the + certificate. Use `certificate` to validate the certificate and + verify that it is signed by a trusted authority; this option does + not check the certificate hostname. Use `none` to skip certificate + validation. + enum: + - certificate + - full + - none + type: string + title: Connector request properties for a Webhook connector + type: object + Connectors_config_properties_xmatters: + description: Defines properties for connectors when type is `.xmatters`. + properties: + configUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters. It is + applicable only when `usesBasic` is `true`. + nullable: true + type: string + usesBasic: + default: true + description: >- + Specifies whether the connector uses HTTP basic authentication + (`true`) or URL authentication (`false`). + type: boolean + title: Connector request properties for an xMatters connector + type: object + Connectors_connector_response_properties: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + .cases-webhook: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + .d3security: >- + #/components/schemas/Connectors_connector_response_properties_d3security + .email: '#/components/schemas/Connectors_connector_response_properties_email' + .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' + .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' + .index: '#/components/schemas/Connectors_connector_response_properties_index' + .jira: '#/components/schemas/Connectors_connector_response_properties_jira' + .opsgenie: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + .pagerduty: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + .resilient: >- + #/components/schemas/Connectors_connector_response_properties_resilient + .sentinelone: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + .server-log: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + .servicenow: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + .servicenow-itom: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + .slack: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + .slack_api: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + .swimlane: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + .teams: '#/components/schemas/Connectors_connector_response_properties_teams' + .tines: '#/components/schemas/Connectors_connector_response_properties_tines' + .torq: '#/components/schemas/Connectors_connector_response_properties_torq' + .webhook: >- + #/components/schemas/Connectors_connector_response_properties_webhook + .xmatters: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + propertyName: connector_type_id + oneOf: + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_d3security + - $ref: '#/components/schemas/Connectors_connector_response_properties_email' + - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' + - $ref: '#/components/schemas/Connectors_connector_response_properties_index' + - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_resilient + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' + - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' + - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + title: Connector response properties + Connectors_connector_response_properties_bedrock: + title: Connector response properties for an Amazon Bedrock connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. + enum: + - .bedrock + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + required: + - config + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_cases_webhook: + title: Connector request properties for a Webhook - Case Management connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. + enum: + - .cases-webhook + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_d3security: + title: Connector response properties for a D3 Security connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. + enum: + - .d3security + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_email: + title: Connector response properties for an email connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. + enum: + - .email + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_gemini: + title: Connector response properties for a Google Gemini connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. + enum: + - .gemini + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_genai: + title: Connector response properties for an OpenAI connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. + enum: + - .gen-ai + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_index: + title: Connector response properties for an index connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. + enum: + - .index + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_jira: + title: Connector response properties for a Jira connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. + enum: + - .jira + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_opsgenie: + title: Connector response properties for an Opsgenie connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. + enum: + - .opsgenie + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_pagerduty: + title: Connector response properties for a PagerDuty connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. + enum: + - .pagerduty + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_resilient: + title: Connector response properties for a IBM Resilient connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_sentinelone: + title: Connector response properties for a SentinelOne connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. + enum: + - .sentinelone + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_serverlog: + title: Connector response properties for a server log connector + type: object + properties: + config: + nullable: true + type: object + connector_type_id: + description: The type of connector. + enum: + - .server-log + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow: + title: Connector response properties for a ServiceNow ITSM connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_itom: + title: Connector response properties for a ServiceNow ITOM connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-itom + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_sir: + title: Connector response properties for a ServiceNow SecOps connector + type: object properties: - apiUrl: - description: The Amazon Bedrock request URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-sir type: string - defaultModel: - default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - apiUrl - title: Connector request properties for an Amazon Bedrock connector + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_api: + title: Connector response properties for a Slack connector type: object - Connectors_config_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. + enum: + - .slack_api + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_webhook: + title: Connector response properties for a Slack connector type: object properties: - createCommentJson: - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' + connector_type_id: + description: The type of connector. + enum: + - .slack type: string - createCommentMethod: - default: put - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_swimlane: + title: Connector response properties for a Swimlane connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. enum: - - patch - - post - - put + - .swimlane type: string - createCommentUrl: - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.id}}}/comment' + id: + description: The identifier for the connector. type: string - createIncidentJson: - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - createIncidentMethod: - default: post - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_teams: + title: Connector response properties for a Microsoft Teams connector + type: object + properties: + config: + type: object + connector_type_id: + description: The type of connector. enum: - - patch - - post - - put + - .teams type: string - createIncidentResponseKey: - description: >- - The JSON key in the create external case response that contains the - case ID. + id: + description: The identifier for the connector. type: string - createIncidentUrl: - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_tines: + title: Connector response properties for a Tines connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. + enum: + - .tines + type: string + id: + description: The identifier for the connector. type: string - getIncidentResponseExternalTitleKey: - description: >- - The JSON key in get external case response that contains the case - title. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - getIncidentUrl: - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: 'https://example.com/issue/{{{external.system.id}}}' + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_torq: + title: Connector response properties for a Torq connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + description: The type of connector. + enum: + - .torq type: string - hasAuth: - default: true - description: >- - If true, a username and password for login type authentication must - be provided. - type: boolean - headers: - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. + id: + description: The identifier for the connector. type: string - updateIncidentJson: - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - updateIncidentMethod: - default: put - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_webhook: + title: Connector response properties for a Webhook connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. enum: - - patch - - post - - put + - .webhook type: string - updateIncidentUrl: - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.ID}}}' + id: + description: The identifier for the connector. type: string - viewIncidentUrl: - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - title: Connector request properties for Webhook - Case Management connector - Connectors_config_properties_d3security: - description: Defines properties for connectors when type is `.d3security`. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_xmatters: + title: Connector response properties for an xMatters connector + type: object properties: - url: - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. + enum: + - .xmatters + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - url - title: Connector request properties for a D3 Security connector - type: object - Connectors_config_properties_email: - description: Defines properties for connectors when type is `.email`. - type: object + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_types: + description: >- + The type of connector. For example, `.email`, `.index`, `.jira`, + `.opsgenie`, or `.server-log`. + enum: + - .bedrock + - .gemini + - .cases-webhook + - .d3security + - .email + - .gen-ai + - .index + - .jira + - .opsgenie + - .pagerduty + - .resilient + - .sentinelone + - .servicenow + - .servicenow-itom + - .servicenow-sir + - .server-log + - .slack + - .slack_api + - .swimlane + - .teams + - .tines + - .torq + - .webhook + - .xmatters + example: .server-log + title: Connector types + type: string + Connectors_create_connector_request: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' + .cases-webhook: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' + .email: '#/components/schemas/Connectors_create_connector_request_email' + .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' + .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' + .index: '#/components/schemas/Connectors_create_connector_request_index' + .jira: '#/components/schemas/Connectors_create_connector_request_jira' + .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' + .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' + .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' + .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' + .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' + .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' + .servicenow-itom: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + .slack: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' + .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' + .teams: '#/components/schemas/Connectors_create_connector_request_teams' + .tines: '#/components/schemas/Connectors_create_connector_request_tines' + .torq: '#/components/schemas/Connectors_create_connector_request_torq' + .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' + .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' + propertyName: connector_type_id + oneOf: + - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_create_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_create_connector_request_index' + - $ref: '#/components/schemas/Connectors_create_connector_request_jira' + - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_create_connector_request_teams' + - $ref: '#/components/schemas/Connectors_create_connector_request_tines' + - $ref: '#/components/schemas/Connectors_create_connector_request_torq' + - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' + title: Create connector request body properties + Connectors_create_connector_request_bedrock: + description: >- + The Amazon Bedrock connector uses axios to send a POST request to Amazon + Bedrock. properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - nullable: true - type: string - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. - type: string - hasAuth: - default: true - description: > - Specifies whether a user and password are required inside the - secrets configuration. - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - nullable: true - type: string - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - type: string - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. - nullable: true - type: string - required: - - from - title: Connector request properties for an email connector - Connectors_config_properties_gemini: - description: Defines properties for connectors when type is `.gemini`. - properties: - apiUrl: - description: The Google Gemini request URL. - type: string - defaultModel: - default: gemini-1.5-pro-001 - description: >- - The generative artificial intelligence model for Google Gemini to - use. - type: string - gcpProjectID: - description: The Google ProjectID that has Vertex AI endpoint enabled. + - .bedrock + example: .bedrock type: string - gcpRegion: - description: The GCP region where the Vertex AI endpoint enabled. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - - apiUrl - - gcpRegion - - gcpProjectID - title: Connector request properties for an Google Gemini connector + - config + - connector_type_id + - name + - secrets + title: Create Amazon Bedrock connector request type: object - Connectors_config_properties_genai: - description: Defines properties for connectors when type is `.gen-ai`. - discriminator: - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - propertyName: apiProvider - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - title: Connector request properties for an OpenAI connector - Connectors_config_properties_genai_azure: + Connectors_create_connector_request_cases_webhook: description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. + The Webhook - Case Management connector uses axios to send POST, PUT, + and GET requests to a case management RESTful API web service. properties: - apiProvider: - description: The OpenAI API provider. + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. enum: - - Azure OpenAI + - .cases-webhook + example: .cases-webhook type: string - apiUrl: - description: The OpenAI API endpoint. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - - apiProvider - - apiUrl - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI + - config + - connector_type_id + - name + title: Create Webhook - Case Managment connector request type: object - Connectors_config_properties_genai_openai: + Connectors_create_connector_request_d3security: description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. + The connector uses axios to send a POST request to a D3 Security + endpoint. properties: - apiProvider: - description: The OpenAI API provider. + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. enum: - - OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. + - .d3security + example: .d3security type: string - defaultModel: - description: The default model to use for requests. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - apiProvider - - apiUrl - title: Connector request properties for an OpenAI connector - type: object - Connectors_config_properties_index: - description: Defines properties for connectors when type is `.index`. + - config + - connector_type_id + - name + - secrets + title: Create D3 Security connector request type: object + Connectors_create_connector_request_email: + description: > + The email connector uses the SMTP protocol to send mail messages, using + an integration of Nodemailer. An exception is Microsoft Exchange, which + uses HTTP protocol for sending emails, Send mail. Email message text is + sent as both plain text and html text. properties: - executionTimeField: - default: null - description: A field that indicates when the document was indexed. - nullable: true + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. + enum: + - .email + example: .email type: string - index: - description: The Elasticsearch index to be written to. + name: + description: The display name for the connector. + example: my-connector type: string - refresh: - default: false - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - type: boolean + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - index - title: Connector request properties for an index connector - Connectors_config_properties_jira: - description: Defines properties for connectors when type is `.jira`. + - config + - connector_type_id + - name + - secrets + title: Create email connector request type: object + Connectors_create_connector_request_gemini: + description: >- + The Google Gemini connector uses axios to send a POST request to Google + Gemini. properties: - apiUrl: - description: The Jira instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. + enum: + - .gemini + example: .gemini type: string - projectKey: - description: The Jira project key. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - apiUrl - - projectKey - title: Connector request properties for a Jira connector - Connectors_config_properties_opsgenie: - description: Defines properties for connectors when type is `.opsgenie`. + - config + - connector_type_id + - name + - secrets + title: Create Google Gemini connector request type: object + Connectors_create_connector_request_genai: + description: > + The OpenAI connector uses axios to send a POST request to either OpenAI + or Azure OpenAPI. properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. + enum: + - .gen-ai + example: .gen-ai type: string - required: - - apiUrl - title: Connector request properties for an Opsgenie connector - Connectors_config_properties_pagerduty: - description: Defines properties for connectors when type is `.pagerduty`. - properties: - apiUrl: - description: The PagerDuty event URL. - example: 'https://events.pagerduty.com/v2/enqueue' - nullable: true + name: + description: The display name for the connector. + example: my-connector type: string - title: Connector request properties for a PagerDuty connector - type: object - Connectors_config_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_genai' + required: + - config + - connector_type_id + - name + - secrets + title: Create OpenAI connector request type: object + Connectors_create_connector_request_index: + description: The index connector indexes a document into Elasticsearch. properties: - apiUrl: - description: The IBM Resilient instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. + enum: + - .index + example: .index type: string - orgId: - description: The IBM Resilient organization ID. + name: + description: The display name for the connector. + example: my-connector type: string required: - - apiUrl - - orgId - title: Connector request properties for a IBM Resilient connector - Connectors_config_properties_sentinelone: - description: Defines properties for connectors when type is `.sentinelone`. + - config + - connector_type_id + - name + title: Create index connector request type: object + Connectors_create_connector_request_jira: + description: The Jira connector uses the REST API v2 to create Jira issues. properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. + enum: + - .jira + example: .jira + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - url - title: Connector request properties for a SentinelOne connector - Connectors_config_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. + - config + - connector_type_id + - name + - secrets + title: Create Jira connector request type: object + Connectors_create_connector_request_opsgenie: + description: The Opsgenie connector uses the Opsgenie alert API. properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. + enum: + - .opsgenie + example: .opsgenie type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. + name: + description: The display name for the connector. + example: my-connector type: string - usesTableApi: - default: true - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - type: boolean + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_servicenow_itom: - description: Defines properties for connectors when type is `.servicenow`. + - config + - connector_type_id + - name + - secrets + title: Create Opsgenie connector request type: object + Connectors_create_connector_request_pagerduty: + description: > + The PagerDuty connector uses the v2 Events API to trigger, acknowledge, + and resolve PagerDuty alerts. properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. + enum: + - .pagerduty + example: .pagerduty type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_slack_api: - description: Defines properties for connectors when type is `.slack_api`. - properties: - allowedChannels: - description: A list of valid Slack channels. - items: - maxItems: 25 - type: object - properties: - id: - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - type: string - name: - description: The Slack channel name. - minLength: 1 - type: string - required: - - id - - name - type: array - title: Connector request properties for a Slack connector + - config + - connector_type_id + - name + - secrets + title: Create PagerDuty connector request + type: object + Connectors_create_connector_request_resilient: + description: >- + The IBM Resilient connector uses the RESILIENT REST v2 to create IBM + Resilient incidents. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + example: .resilient + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' + required: + - config + - connector_type_id + - name + - secrets + title: Create IBM Resilient connector request type: object - Connectors_config_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. + Connectors_create_connector_request_sentinelone: + description: > + The SentinelOne connector communicates with SentinelOne Management + Console via REST API. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Create SentinelOne connector request type: object properties: - apiUrl: - description: The Swimlane instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. + enum: + - .sentinelone + example: .sentinelone type: string - appId: - description: The Swimlane application ID. + name: + description: The display name for the connector. + example: my-connector type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + required: + - config + - connector_type_id + - name + - secrets + x-technical-preview: true + Connectors_create_connector_request_serverlog: + description: This connector writes an entry to the Kibana server log. + properties: + connector_type_id: + description: The type of connector. enum: - - all - - alerts - - cases + - .server-log + example: .server-log + type: string + name: + description: The display name for the connector. + example: my-connector type: string - mappings: - description: The field mapping. - properties: - alertIdConfig: - description: Mapping for the alert ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Alert identifier mapping - type: object - caseIdConfig: - description: Mapping for the case ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case identifier mapping - type: object - caseNameConfig: - description: Mapping for the case name. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case name mapping - type: object - commentsConfig: - description: Mapping for the case comments. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case comment mapping - type: object - descriptionConfig: - description: Mapping for the case description. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case description mapping - type: object - ruleNameConfig: - description: Mapping for the name of the alert's rule. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Rule name mapping - type: object - severityConfig: - description: Mapping for the severity. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Severity mapping - type: object - title: Connector mappings properties for a Swimlane connector - type: object required: - - apiUrl - - appId - - connectorType - title: Connector request properties for a Swimlane connector - Connectors_config_properties_tines: - description: Defines properties for connectors when type is `.tines`. + - connector_type_id + - name + title: Create server log connector request + type: object + Connectors_create_connector_request_servicenow: + description: > + The ServiceNow ITSM connector uses the import set API to create + ServiceNow incidents. You can use the connector for rule actions and + cases. properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow + example: .servicenow + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - url - title: Connector request properties for a Tines connector + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow ITSM connector request type: object - Connectors_config_properties_torq: - description: Defines properties for connectors when type is `.torq`. + Connectors_create_connector_request_servicenow_itom: + description: > + The ServiceNow ITOM connector uses the event API to create ServiceNow + events. You can use the connector for rule actions. properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-itom + example: .servicenow-itom + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - webhookIntegrationUrl - title: Connector request properties for a Torq connector + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow ITOM connector request type: object - Connectors_config_properties_webhook: - description: Defines properties for connectors when type is `.webhook`. + Connectors_create_connector_request_servicenow_sir: + description: > + The ServiceNow SecOps connector uses the import set API to create + ServiceNow security incidents. You can use the connector for rule + actions and cases. properties: - authType: - description: | - The type of authentication to use: basic, SSL, or none. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. enum: - - webhook-authentication-basic - - webhook-authentication-ssl - nullable: true - type: string - ca: - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option - is available for all authentication types. + - .servicenow-sir + example: .servicenow-sir type: string - certType: - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether - the certificate authentication data is in a CRT and key file format - or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx + name: + description: The display name for the connector. + example: my-connector type: string - hasAuth: - description: > - If `true`, a user name and password must be provided for login type - authentication. - type: boolean - headers: - description: A set of key-value pairs sent as headers with the request. - nullable: true - type: object - method: - default: post - description: | - The HTTP request method, either `post` or `put`. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + required: + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow SecOps connector request + type: object + Connectors_create_connector_request_slack_api: + description: The Slack connector uses an API method to send Slack messages. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. enum: - - post - - put - type: string - url: - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. + - .slack_api + example: .slack_api type: string - verificationMode: - default: full - description: > - Controls the verification of certificates. Use `full` to validate - that the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), - and has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and - verify that it is signed by a trusted authority; this option does - not check the certificate hostname. Use `none` to skip certificate - validation. - enum: - - certificate - - full - - none + name: + description: The display name for the connector. + example: my-connector type: string - title: Connector request properties for a Webhook connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' + required: + - connector_type_id + - name + - secrets + title: Create Slack connector request type: object - Connectors_config_properties_xmatters: - description: Defines properties for connectors when type is `.xmatters`. + Connectors_create_connector_request_slack_webhook: + description: The Slack connector uses Slack Incoming Webhooks. properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. - nullable: true + connector_type_id: + description: The type of connector. + enum: + - .slack + example: .slack type: string - usesBasic: - default: true - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - title: Connector request properties for an xMatters connector - type: object - Connectors_connector_response_properties: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - propertyName: connector_type_id - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - title: Connector response properties - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + required: + - connector_type_id + - name + - secrets + title: Create Slack connector request type: object + Connectors_create_connector_request_swimlane: + description: >- + The Swimlane connector uses the Swimlane REST API to create Swimlane + records. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' + $ref: '#/components/schemas/Connectors_config_properties_swimlane' connector_type_id: description: The type of connector. enum: - - .bedrock + - .swimlane + example: .swimlane type: string - id: - description: The identifier for the connector. + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' + required: + - config + - connector_type_id + - name + - secrets + title: Create Swimlane connector request + type: object + Connectors_create_connector_request_teams: + description: The Microsoft Teams connector uses Incoming Webhooks. + properties: + connector_type_id: + description: The type of connector. + enum: + - .teams + example: .teams + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' + required: + - connector_type_id + - name + - secrets + title: Create Microsoft Teams connector request + type: object + Connectors_create_connector_request_tines: + description: > + The Tines connector uses Tines Webhook actions to send events via POST + request. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. + enum: + - .tines + example: .tines type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - config - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector + - secrets + title: Create Tines connector request type: object + Connectors_create_connector_request_torq: + description: > + The Torq connector uses a Torq webhook to trigger workflows with Kibana + actions. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + $ref: '#/components/schemas/Connectors_config_properties_torq' connector_type_id: description: The type of connector. enum: - - .cases-webhook + - .torq + example: .torq type: string - id: - description: The identifier for the connector. + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + required: + - config + - connector_type_id + - name + - secrets + title: Create Torq connector request + type: object + Connectors_create_connector_request_webhook: + description: > + The Webhook connector uses axios to send a POST or PUT request to a web + service. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. + enum: + - .webhook + example: .webhook + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + required: + - config + - connector_type_id + - name + - secrets + title: Create Webhook connector request + type: object + Connectors_create_connector_request_xmatters: + description: > + The xMatters connector uses the xMatters Workflow for Elastic to send + actionable alerts to on-call xMatters resources. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. + enum: + - .xmatters + example: .xmatters type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + required: + - config + - connector_type_id + - name + - secrets + title: Create xMatters connector request + type: object + Connectors_features: + description: | + The feature that uses the connector. + enum: + - alerting + - cases + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - siem + - uptime + type: string + Connectors_is_deprecated: + description: Indicates whether the connector type is deprecated. + example: false + type: boolean + Connectors_is_missing_secrets: + description: >- + Indicates whether secrets are missing for the connector. Secrets + configuration properties vary depending on the connector type. + example: false + type: boolean + Connectors_is_preconfigured: + description: > + Indicates whether it is a preconfigured connector. If true, the `config` + and `is_missing_secrets` properties are omitted from the response. + example: false + type: boolean + Connectors_is_system_action: + description: Indicates whether the connector is used for system actions. + example: false + type: boolean + Connectors_referenced_by_count: + description: > + Indicates the number of saved objects that reference the connector. If + `is_preconfigured` is true, this value is not calculated. This property + is returned only by the get all connectors API. + example: 2 + type: integer + Connectors_secrets_properties_bedrock: + description: Defines secrets for connectors when type is `.bedrock`. + properties: + accessKey: + description: The AWS access key for authentication. + type: string + secret: + description: The AWS secret for authentication. + type: string + required: + - accessKey + - secret + title: Connector secrets properties for an Amazon Bedrock connector + type: object + Connectors_secrets_properties_cases_webhook: + title: Connector secrets properties for Webhook - Case Management connector + type: object + properties: + password: + description: >- + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + type: string + user: + description: >- + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + type: string + Connectors_secrets_properties_d3security: + description: Defines secrets for connectors when type is `.d3security`. + type: object + properties: + token: + description: The D3 Security token. + type: string + required: + - token + title: Connector secrets properties for a D3 Security connector + Connectors_secrets_properties_email: + description: Defines secrets for connectors when type is `.email`. + properties: + clientSecret: + description: > + The Microsoft Exchange Client secret for OAuth 2.0 client + credentials authentication. It must be URL-encoded. If `service` is + `exchange_server`, this property is required. + type: string + password: + description: > + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + type: string + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + type: string + title: Connector secrets properties for an email connector + type: object + Connectors_secrets_properties_gemini: + description: Defines secrets for connectors when type is `.gemini`. + properties: + credentialsJSON: + description: >- + The service account credentials JSON file. The service account + should have Vertex AI user IAM role assigned to it. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector + - credentialsJSON + title: Connector secrets properties for a Google Gemini connector type: object + Connectors_secrets_properties_genai: + description: Defines secrets for connectors when type is `.gen-ai`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security + apiKey: + description: The OpenAI API key. type: string - id: - description: The identifier for the connector. + title: Connector secrets properties for an OpenAI connector + type: object + Connectors_secrets_properties_jira: + description: Defines secrets for connectors when type is `.jira`. + type: object + properties: + apiToken: + description: The Jira API authentication token for HTTP basic authentication. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + email: + description: The account email for HTTP Basic authentication. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector + - apiToken + - email + title: Connector secrets properties for a Jira connector + Connectors_secrets_properties_opsgenie: + description: Defines secrets for connectors when type is `.opsgenie`. type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - type: string - id: - description: The identifier for the connector. + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + required: + - apiKey + title: Connector secrets properties for an Opsgenie connector + Connectors_secrets_properties_pagerduty: + description: Defines secrets for connectors when type is `.pagerduty`. + properties: + routingKey: + description: > + A 32 character PagerDuty Integration Key for an integration on a + service. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector + - routingKey + title: Connector secrets properties for a PagerDuty connector + type: object + Connectors_secrets_properties_resilient: + description: Defines secrets for connectors when type is `.resilient`. type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini + apiKeyId: + description: The authentication key ID for HTTP Basic authentication. type: string - id: - description: The identifier for the connector. + apiKeySecret: + description: The authentication key secret for HTTP Basic authentication. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + required: + - apiKeyId + - apiKeySecret + title: Connector secrets properties for IBM Resilient connector + Connectors_secrets_properties_sentinelone: + description: Defines secrets for connectors when type is `.sentinelone`. + properties: + token: + description: The A SentinelOne API token. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector + - token + title: Connector secrets properties for a SentinelOne connector type: object + Connectors_secrets_properties_servicenow: + description: >- + Defines secrets for connectors when type is `.servicenow`, + `.servicenow-sir`, or `.servicenow-itom`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai + clientSecret: + description: >- + The client secret assigned to your OAuth application. This property + is required when `isOAuth` is `true`. type: string - id: - description: The identifier for the connector. + password: + description: >- + The password for HTTP basic authentication. This property is + required when `isOAuth` is `false`. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + privateKey: + description: >- + The RSA private key that you created for use in ServiceNow. This + property is required when `isOAuth` is `true`. + type: string + privateKeyPassword: + description: >- + The password for the RSA private key. This property is required when + `isOAuth` is `true` and you set a password on your private key. + type: string + username: + description: >- + The username for HTTP basic authentication. This property is + required when `isOAuth` is `false`. + type: string + title: >- + Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors + type: object + Connectors_secrets_properties_slack_api: + description: Defines secrets for connectors when type is `.slack`. + type: object + properties: + token: + description: Slack bot user OAuth token. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector + - token + title: Connector secrets properties for a Web API Slack connector + Connectors_secrets_properties_slack_webhook: + description: Defines secrets for connectors when type is `.slack`. type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index + webhookUrl: + description: Slack webhook url. type: string - id: - description: The identifier for the connector. + required: + - webhookUrl + title: Connector secrets properties for a Webhook Slack connector + Connectors_secrets_properties_swimlane: + description: Defines secrets for connectors when type is `.swimlane`. + properties: + apiToken: + description: Swimlane API authentication token. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + title: Connector secrets properties for a Swimlane connector + type: object + Connectors_secrets_properties_teams: + description: Defines secrets for connectors when type is `.teams`. + properties: + webhookUrl: + description: > + The URL of the incoming webhook. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector + - webhookUrl + title: Connector secrets properties for a Microsoft Teams connector type: object + Connectors_secrets_properties_tines: + description: Defines secrets for connectors when type is `.tines`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira + email: + description: The email used to sign in to Tines. type: string - id: - description: The identifier for the connector. + token: + description: The Tines API token. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + required: + - email + - token + title: Connector secrets properties for a Tines connector + type: object + Connectors_secrets_properties_torq: + description: Defines secrets for connectors when type is `.torq`. + properties: + token: + description: The secret of the webhook authentication header. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector + - token + title: Connector secrets properties for a Torq connector type: object + Connectors_secrets_properties_webhook: + description: Defines secrets for connectors when type is `.webhook`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie + crt: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT + file. type: string - id: - description: The identifier for the connector. + key: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the KEY file. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + password: + description: > + The password for HTTP basic authentication or the passphrase for the + SSL certificate files. If `hasAuth` is set to `true` and `authType` + is `webhook-authentication-basic`, this property is required. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector + pfx: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + type: string + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true` and `authType` is `webhook-authentication-basic`, this + property is required. + type: string + title: Connector secrets properties for a Webhook connector type: object + Connectors_secrets_properties_xmatters: + description: Defines secrets for connectors when type is `.xmatters`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty + password: + description: > + A user name for HTTP basic authentication. It is applicable only + when `usesBasic` is `true`. type: string - id: - description: The identifier for the connector. + secretsUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters with the + API key included in the URL. It is applicable only when `usesBasic` + is `false`. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + user: + description: > + A password for HTTP basic authentication. It is applicable only when + `usesBasic` is `true`. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector + title: Connector secrets properties for an xMatters connector + type: object + Connectors_update_connector_request: + description: The properties vary depending on the connector type. + oneOf: + - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_update_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_update_connector_request_index' + - $ref: '#/components/schemas/Connectors_update_connector_request_jira' + - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_servicenow_itom + - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_update_connector_request_teams' + - $ref: '#/components/schemas/Connectors_update_connector_request_tines' + - $ref: '#/components/schemas/Connectors_update_connector_request_torq' + - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' + title: Update connector request body properties + Connectors_update_connector_request_bedrock: + title: Update Amazon Bedrock connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_bedrock' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector + Connectors_update_connector_request_cases_webhook: + title: Update Webhook - Case Managment connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - type: string - id: - description: The identifier for the connector. + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + name: + description: The display name for the connector. + example: my-connector type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' + required: + - config + - name + Connectors_update_connector_request_d3security: + title: Update D3 Security connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector + - secrets + Connectors_update_connector_request_email: + title: Update email connector request type: object properties: config: - nullable: true - type: object - connector_type_id: - description: The type of connector. - enum: - - .server-log - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_email' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector + Connectors_update_connector_request_gemini: + title: Update Google Gemini connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_gemini' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector + Connectors_update_connector_request_index: + title: Update index connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_index' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector + Connectors_update_connector_request_jira: + title: Update Jira connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_jira' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector + - secrets + Connectors_update_connector_request_opsgenie: + title: Update Opsgenie connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector + - secrets + Connectors_update_connector_request_pagerduty: + title: Update PagerDuty connector request type: object properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector + - secrets + Connectors_update_connector_request_resilient: + title: Update IBM Resilient connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_resilient' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector + - secrets + Connectors_update_connector_request_sentinelone: + title: Update SentinelOne connector request type: object properties: - config: - type: object - connector_type_id: - description: The type of connector. - enum: - - .teams - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector + - secrets + Connectors_update_connector_request_serverlog: + title: Update server log connector request type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector + Connectors_update_connector_request_servicenow: + title: Update ServiceNow ITSM connector or ServiceNow SecOps request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_servicenow' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector + - secrets + Connectors_update_connector_request_servicenow_itom: + title: Create ServiceNow ITOM connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured + - config - name - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector + - secrets + Connectors_update_connector_request_slack_api: + title: Update Slack connector request type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' + $ref: '#/components/schemas/Connectors_config_properties_slack_api' name: description: The display name for the connector. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_types: - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - title: Connector types - type: string - Connectors_create_connector_request: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - propertyName: connector_type_id - oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - title: Create connector request body properties - Connectors_create_connector_request_bedrock: - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. + - secrets + Connectors_update_connector_request_slack_webhook: + title: Update Slack connector request + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - example: .bedrock - type: string name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' required: - - config - - connector_type_id - name - secrets - title: Create Amazon Bedrock connector request - type: object - Connectors_create_connector_request_cases_webhook: - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. + Connectors_update_connector_request_swimlane: + title: Update Swimlane connector request + type: object properties: config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - type: string + $ref: '#/components/schemas/Connectors_config_properties_swimlane' name: description: The display name for the connector. example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' required: - config - - connector_type_id - name - title: Create Webhook - Case Managment connector request + - secrets + Connectors_update_connector_request_teams: + title: Update Microsoft Teams connector request type: object - Connectors_create_connector_request_d3security: - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - example: .d3security - type: string name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' + $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - config - - connector_type_id - name - secrets - title: Create D3 Security connector request + Connectors_update_connector_request_tines: + title: Update Tines connector request type: object - Connectors_create_connector_request_email: - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - example: .email - type: string + $ref: '#/components/schemas/Connectors_config_properties_tines' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - config - - connector_type_id - name - secrets - title: Create email connector request + Connectors_update_connector_request_torq: + title: Update Torq connector request type: object - Connectors_create_connector_request_gemini: - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - example: .gemini - type: string + $ref: '#/components/schemas/Connectors_config_properties_torq' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' + $ref: '#/components/schemas/Connectors_secrets_properties_torq' required: - config - - connector_type_id - name - secrets - title: Create Google Gemini connector request + Connectors_update_connector_request_webhook: + title: Update Webhook connector request type: object - Connectors_create_connector_request_genai: - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - type: string + $ref: '#/components/schemas/Connectors_config_properties_webhook' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' required: - config - - connector_type_id - name - secrets - title: Create OpenAI connector request + Connectors_update_connector_request_xmatters: + title: Update xMatters connector request type: object - Connectors_create_connector_request_index: - description: The index connector indexes a document into Elasticsearch. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - example: .index - type: string + $ref: '#/components/schemas/Connectors_config_properties_xmatters' name: description: The display name for the connector. - example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' required: - config - - connector_type_id - name - title: Create index connector request + - secrets + Data_views_400_response: + title: Bad request type: object - Connectors_create_connector_request_jira: - description: The Jira connector uses the REST API v2 to create Jira issues. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: enum: - - .jira - example: .jira + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean + required: + - data_view + Data_views_data_view_response_object: + title: Data view response properties + type: object + properties: + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. + type: object + properties: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 type: string - name: - description: The display name for the connector. - example: my-connector + customLabel: + description: Custom label for the field. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - required: - - config - - connector_type_id - - name - - secrets - title: Create Jira connector request + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. type: object - Connectors_create_connector_request_opsgenie: - description: The Opsgenie connector uses the Opsgenie alert API. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie - type: string - name: - description: The display name for the connector. - example: my-connector + script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - config - - connector_type_id - - name - - secrets - title: Create Opsgenie connector request + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request type: object - Connectors_create_connector_request_pagerduty: - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. type: string - name: - description: The display name for the connector. - example: my-connector + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - config - - connector_type_id - - name - - secrets - title: Create PagerDuty connector request - type: object - Connectors_create_connector_request_resilient: + - fromId + - toId + Data_views_timefieldname: + description: 'The timestamp field name, which you use for time-based data views.' + type: string + Data_views_title: description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: 'When set to `rollup`, identifies the rollup data views.' + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - example: .resilient - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object required: - - config - - connector_type_id - - name - - secrets - title: Create IBM Resilient connector request + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true type: object - Connectors_create_connector_request_sentinelone: - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Create SentinelOne connector request + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean required: - - config - - connector_type_id - - name - - secrets - x-technical-preview: true - Connectors_create_connector_request_serverlog: - description: This connector writes an entry to the Kibana server log. + - data_view + Fleet_agent: + title: Agent + type: object properties: - connector_type_id: - description: The type of connector. - enum: - - .server-log - example: .server-log + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + components: + items: + $ref: '#/components/schemas/Fleet_agent_component' + type: array + default_api_key: + type: string + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + metrics: + type: object + properties: + cpu_avg: + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 + type: number + memory_size_byte_avg: + description: Average agent memory consumption during the last 5 minutes + type: number + policy_id: type: string - name: - description: The display name for the connector. - example: my-connector + policy_revision: + type: number + status: + $ref: '#/components/schemas/Fleet_agent_status' + type: + $ref: '#/components/schemas/Fleet_agent_type' + unenrolled_at: + type: string + unenrollment_started_at: type: string + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' required: - - connector_type_id - - name - title: Create server log connector request + - type + - active + - enrolled_at + - id + - status + Fleet_agent_action: + oneOf: + - properties: + ack_data: + type: string + data: + type: string + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + - properties: + data: + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + type: + type: string + title: Agent action + Fleet_agent_component: + title: Agent component type: object - Connectors_create_connector_request_servicenow: - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - example: .servicenow + id: type: string - name: - description: The display name for the connector. - example: my-connector + message: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITSM connector request + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + type: string + units: + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' + type: array + Fleet_agent_component_status: + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + title: Agent component status + type: string + Fleet_agent_component_unit: + title: Agent component unit type: object - Connectors_create_connector_request_servicenow_itom: - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom + id: type: string - name: - description: The display name for the connector. - example: my-connector + message: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITOM connector request + payload: + type: object + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + Fleet_agent_component_unit_type: + enum: + - input + - output + title: Agent component unit type + type: string + Fleet_agent_diagnostics: + title: Agent diagnostics type: object - Connectors_create_connector_request_servicenow_sir: - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir + actionId: type: string - name: - description: The display name for the connector. - example: my-connector + createTime: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow SecOps connector request - type: object - Connectors_create_connector_request_slack_api: - description: The Slack connector uses an API method to send Slack messages. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - example: .slack_api + filePath: + type: string + id: type: string name: - description: The display name for the connector. - example: my-connector type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS required: - - connector_type_id + - id - name - - secrets - title: Create Slack connector request + - createTime + - filePath + - actionId + - status + Fleet_agent_get_by_actions: + items: + items: + type: string + type: array + title: Agents get by action ids + type: array + Fleet_agent_metadata: + title: Agent metadata + type: object + Fleet_agent_policy: + title: Agent Policy type: object - Connectors_create_connector_request_slack_webhook: - description: The Slack connector uses Slack Incoming Webhooks. properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - example: .slack + advanced_settings: + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs + nullable: true + type: object + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true type: string - name: - description: The display name for the connector. - example: my-connector + description: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request - type: object - Connectors_create_connector_request_swimlane: - description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - example: .swimlane + download_source_id: + nullable: true type: string - name: - description: The display name for the connector. - example: my-connector + fleet_server_host_id: + nullable: true type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - connector_type_id - - name - - secrets - title: Create Swimlane connector request - type: object - Connectors_create_connector_request_teams: - description: The Microsoft Teams connector uses Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .teams - example: .teams + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + nullable: true + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true type: string name: - description: The display name for the connector. - example: my-connector type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - connector_type_id - - name - - secrets - title: Create Microsoft Teams connector request - type: object - Connectors_create_connector_request_tines: - description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - example: .tines + namespace: + type: string + overrides: + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + revision: + type: number + supports_agentless: + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + type: boolean + unenroll_timeout: + type: integer + unprivileged_agents: + type: number + updated_by: type: string - name: - description: The display name for the connector. - example: my-connector + updated_on: + format: date-time type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - - config - - connector_type_id + - id + - status - name - - secrets - title: Create Tines connector request + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request type: object - Connectors_create_connector_request_torq: - description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - example: .torq + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true type: string - name: - description: The display name for the connector. - example: my-connector + description: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - connector_type_id - - name - - secrets - title: Create Torq connector request - type: object - Connectors_create_connector_request_webhook: - description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - example: .webhook + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true type: string name: - description: The display name for the connector. - example: my-connector type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + namespace: + type: string + unenroll_timeout: + type: integer required: - - config - - connector_type_id - name - - secrets - title: Create Webhook connector request + - namespace + Fleet_agent_policy_full: + oneOf: + - type: object + properties: + item: + type: string + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + title: Agent policy full response + type: object + Fleet_agent_policy_update_request: + title: Update agent policy request type: object - Connectors_create_connector_request_xmatters: - description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - example: .xmatters + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true type: string name: - description: The display name for the connector. - example: my-connector type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + namespace: + type: string + unenroll_timeout: + type: integer required: - - config - - connector_type_id - name - - secrets - title: Create xMatters connector request - type: object - Connectors_features: - description: | - The feature that uses the connector. + - namespace + Fleet_agent_status: enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime + - offline + - error + - online + - inactive + - warning + title: Elastic Agent status type: string - Connectors_is_deprecated: - description: Indicates whether the connector type is deprecated. - example: false - type: boolean - Connectors_is_missing_secrets: - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - type: boolean - Connectors_is_preconfigured: - description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - type: boolean - Connectors_is_system_action: - description: Indicates whether the connector is used for system actions. - example: false - type: boolean - Connectors_referenced_by_count: - description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - type: integer - Connectors_secrets_properties_bedrock: - description: Defines secrets for connectors when type is `.bedrock`. + Fleet_agent_type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + title: Agent type + type: string + Fleet_bulk_install_packages_response: + title: Bulk install packages response + type: object properties: - accessKey: - description: The AWS access key for authentication. - type: string - secret: - description: The AWS secret for authentication. - type: string + items: + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + response: + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + type: array required: - - accessKey - - secret - title: Connector secrets properties for an Amazon Bedrock connector - type: object - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector + - items + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents type: object properties: - password: - description: >- - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + rollout_duration_seconds: + description: rolling upgrade window duration in seconds + type: number + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + description: alternative upgrade binary download url type: string - user: - description: >- - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + start_time: + description: start time of upgrade in ISO 8601 format type: string - Connectors_secrets_properties_d3security: - description: Defines secrets for connectors when type is `.d3security`. - type: object - properties: - token: - description: The D3 Security token. + version: + description: version to upgrade to type: string required: - - token - title: Connector secrets properties for a D3 Security connector - Connectors_secrets_properties_email: - description: Defines secrets for connectors when type is `.email`. + - agents + - version + Fleet_data_stream: + title: Data stream + type: object properties: - clientSecret: - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. + dashboard: + items: + type: object + properties: + id: + type: string + title: + type: string + type: array + dataset: type: string - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + package_version: type: string - title: Connector secrets properties for an email connector + size_in_bytes: + type: number + size_in_bytes_formatted: + type: string + type: + type: string + Fleet_download_sources: + title: Download Source type: object - Connectors_secrets_properties_gemini: - description: Defines secrets for connectors when type is `.gemini`. properties: - credentialsJSON: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + proxy_id: description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. + The ID of the proxy to use for this download source. See the proxies + API for more information. + nullable: true type: string required: - - credentialsJSON - title: Connector secrets properties for a Google Gemini connector + - is_default + - name + - host + Fleet_elasticsearch_asset_type: + enum: + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + title: Elasticsearch asset type + type: string + Fleet_enrollment_api_key: + title: Enrollment API key type: object - Connectors_secrets_properties_genai: - description: Defines secrets for connectors when type is `.gen-ai`. properties: - apiKey: - description: The OpenAI API key. + active: + type: boolean + api_key: type: string - title: Connector secrets properties for an OpenAI connector - type: object - Connectors_secrets_properties_jira: - description: Defines secrets for connectors when type is `.jira`. - type: object - properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. + api_key_id: type: string - email: - description: The account email for HTTP Basic authentication. + created_at: + type: string + id: + type: string + name: + type: string + policy_id: type: string required: - - apiToken - - email - title: Connector secrets properties for a Jira connector - Connectors_secrets_properties_opsgenie: - description: Defines secrets for connectors when type is `.opsgenie`. + - id + - api_key_id + - api_key + - active + - created_at + Fleet_fleet_server_host: + title: Fleet Server Host type: object properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: type: string required: - - apiKey - title: Connector secrets properties for an Opsgenie connector - Connectors_secrets_properties_pagerduty: - description: Defines secrets for connectors when type is `.pagerduty`. + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + Fleet_fleet_settings_enrollment_response: + title: Fleet settings response + type: object properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. - type: string + download_source: + $ref: '#/components/schemas/Fleet_download_sources' + fleet_server: + type: object + properties: + has_active: + type: boolean + host: + $ref: '#/components/schemas/Fleet_fleet_server_host' + host_proxy: + $ref: '#/components/schemas/Fleet_proxies' + policies: + items: + type: object + properties: + download_source_id: + type: string + fleet_server_host_id: + type: string + has_fleet_server: + type: boolean + id: + type: string + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + name: + type: string + required: + - id + - name + - is_managed + type: array + required: + - agent_policies + - has_active required: - - routingKey - title: Connector secrets properties for a PagerDuty connector + - fleet_server + Fleet_fleet_settings_response: + title: Fleet settings response type: object - Connectors_secrets_properties_resilient: - description: Defines secrets for connectors when type is `.resilient`. + properties: + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_setup_response: + title: Fleet Setup response type: object properties: - apiKeyId: - description: The authentication key ID for HTTP Basic authentication. - type: string - apiKeySecret: - description: The authentication key secret for HTTP Basic authentication. - type: string + isInitialized: + type: boolean + nonFatalErrors: + items: + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array required: - - apiKeyId - - apiKeySecret - title: Connector secrets properties for IBM Resilient connector - Connectors_secrets_properties_sentinelone: - description: Defines secrets for connectors when type is `.sentinelone`. + - isInitialized + - nonFatalErrors + Fleet_fleet_status_response: + title: Fleet status response + type: object properties: - token: - description: The A SentinelOne API token. + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: type: string required: - - token - title: Connector secrets properties for a SentinelOne connector + - isReady + - missing_requirements + - missing_optional_features + Fleet_full_agent_policy: + title: Full agent policy type: object - Connectors_secrets_properties_servicenow: - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. properties: - clientSecret: - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. - type: string - password: - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - type: string - privateKey: - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. - type: string - privateKeyPassword: - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. + agent: + nullable: true type: string - username: - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. + fleet: + oneOf: + - type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + id: type: string - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors - type: object - Connectors_secrets_properties_slack_api: - description: Defines secrets for connectors when type is `.slack`. - type: object - properties: - token: - description: Slack bot user OAuth token. + inputs: type: string + output_permissions: + additionalProperties: + type: object + properties: + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + output: + type: integer + type: object + outputs: + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + type: object + revision: + type: number + secret_references: + items: + type: object + properties: + id: + type: string + type: array required: - - token - title: Connector secrets properties for a Web API Slack connector - Connectors_secrets_properties_slack_webhook: - description: Defines secrets for connectors when type is `.slack`. + - id + - outputs + - inputs + Fleet_full_agent_policy_input: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + revision: + type: number + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + title: Full agent policy input + Fleet_full_agent_policy_input_stream: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + - type + id: + type: string + required: + - id + - data_stream + title: Full agent policy input stream + Fleet_full_agent_policy_output: + title: Full agent policy type: object properties: - webhookUrl: - description: Slack webhook url. + additionalProperties: + type: object + properties: + text: {} + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: type: string + type: {} required: - - webhookUrl - title: Connector secrets properties for a Webhook Slack connector - Connectors_secrets_properties_swimlane: - description: Defines secrets for connectors when type is `.swimlane`. + - type + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + additionalProperties: + type: object + properties: + data: + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + type: object + properties: + names: + items: + type: string + type: array + privileges: + items: + type: string + type: array + type: array + packagePolicyName: + type: string + title: Full agent policy output permissions + Fleet_get_agent_tags_response: + title: Get Agent Tags response + type: object properties: - apiToken: - description: Swimlane API authentication token. - type: string - title: Connector secrets properties for a Swimlane connector + items: + items: + type: string + type: array + Fleet_get_agents_response: + title: Get Agent response type: object - Connectors_secrets_properties_teams: - description: Defines secrets for connectors when type is `.teams`. properties: - webhookUrl: - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string + items: + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + page: + type: number + perPage: + type: number + statusSummary: + type: object + properties: + degraded': + type: number + enrolling: + type: number + error: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + unenrolled: + type: number + unenrolling: + type: number + updating: + type: number + total: + type: number required: - - webhookUrl - title: Connector secrets properties for a Microsoft Teams connector + - items + - total + - page + - perPage + Fleet_get_bulk_assets_response: + deprecated: true + properties: + items: + items: + type: object + properties: + appLink: + type: string + attributes: + type: object + properties: + description: + type: string + title: + type: string + id: + type: string + type: + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: + type: string + type: array + required: + - items + title: Bulk get assets response + type: object + Fleet_get_categories_response: + title: Get categories response type: object - Connectors_secrets_properties_tines: - description: Defines secrets for connectors when type is `.tines`. properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string + items: + items: + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array required: - - email - - token - title: Connector secrets properties for a Tines connector + - items + Fleet_get_packages_response: + title: Get Packages response type: object - Connectors_secrets_properties_torq: - description: Defines secrets for connectors when type is `.torq`. properties: - token: - description: The secret of the webhook authentication header. - type: string + items: + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + response: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array required: - - token - title: Connector secrets properties for a Torq connector + - items + Fleet_installation_info: + title: Installation info object type: object - Connectors_secrets_properties_webhook: - description: Defines secrets for connectors when type is `.webhook`. properties: - crt: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT - file. - type: string - key: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. - type: string - password: - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. - type: string - pfx: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + created_at: type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. + experimental_data_stream_features: + type: array + properties: + data_stream: + type: string + features: + type: object + properties: + doc_value_only_numeric: + nullable: true + type: boolean + doc_value_only_other: + nullable: true + type: boolean + synthetic_source: + nullable: true + type: boolean + tsdb: + nullable: true + type: boolean + install_format_schema_version: type: string - title: Connector secrets properties for a Webhook connector - type: object - Connectors_secrets_properties_xmatters: - description: Defines secrets for connectors when type is `.xmatters`. - properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. + install_kibana_space_id: type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. + install_source: + enum: + - registry + - upload + - bundled type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. + install_status: + enum: + - installed + - installing + - install_failed type: string - title: Connector secrets properties for an xMatters connector - type: object - Connectors_update_connector_request: - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - title: Update connector request body properties - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' + installed_es: + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + installed_kibana: + type: object + properties: + id: + type: string + type: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + latest_executed_state: + description: Latest successfully executed state in package install state machine + type: object + properties: + error: + type: string + name: + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so + type: string + started_at: + type: string + latest_install_failed_attempts: + description: Latest failed install errors + items: + type: object + properties: + created_at: + type: string + error: + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + target_version: + type: string + type: array name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - name - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - name: - description: The display name for the connector. - example: my-connector + namespaces: + items: + type: string + type: array + type: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - name - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: - description: The display name for the connector. + updated_at: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - name - - secrets - Connectors_update_connector_request_email: - title: Update email connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - name: - description: The display name for the connector. + verification_key_id: + nullable: true type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - name - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: - description: The display name for the connector. + verification_status: + enum: + - verified + - unverified + - unknown + type: string + version: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - config + - installed_kibana + - installed_es - name - Connectors_update_connector_request_index: - title: Update index connector request - type: object + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_kibana_saved_object_type: + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + title: Kibana saved object asset type + type: string + Fleet_new_package_policy: + description: '' properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' + description: + type: string + enabled: + type: boolean + inputs: + items: + type: object + properties: + config: + type: object + enabled: + type: boolean + processors: + items: + type: string + type: array + streams: + items: {} + type: array + type: + type: string + vars: + type: object + required: + - type + - enabled + type: array name: - description: The display name for the connector. type: string + namespace: + type: string + output_id: + type: string + overrides: + type: object + package: + type: object + properties: + name: + type: string + requires_root: + type: boolean + title: + type: string + version: + type: string + required: + - name + - version + policy_id: + deprecated: true + type: string + policy_ids: + items: + type: string + type: array required: - - config + - inputs - name - Connectors_update_connector_request_jira: - title: Update Jira connector request + title: New package policy + type: object + Fleet_output_create_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + title: Output + Fleet_output_create_request_elasticsearch: + title: elasticsearch type: object properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string config: - $ref: '#/components/schemas/Connectors_config_properties_jira' + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string required: - - config - name - - secrets - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request + Fleet_output_create_request_kafka: + title: kafka type: object properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string name: - description: The display name for the connector. type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - name - - secrets - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - name: - description: The display name for the connector. + type: object + properties: + password: + type: string + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - required: - - config - - name - - secrets - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - name: - description: The display name for the connector. + username: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - name - - secrets - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - description: The display name for the connector. + version: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' required: - - config - name - - secrets - Connectors_update_connector_request_serverlog: - title: Update server log connector request + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash type: object properties: - name: - description: The display name for the connector. + ca_sha256: + type: string + ca_trusted_fingerprint: type: string - required: - - name - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request - type: object - properties: config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. + type: string + proxy_id: type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + type: object + properties: + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string required: - - config - name - - secrets - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request + - hosts + - type + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + type: object + properties: + service_token: + type: string + service_token: + type: string + type: + enum: + - remote_elasticsearch + type: string required: - - config - name - - secrets - Connectors_update_connector_request_slack_api: - title: Update Slack connector request + Fleet_output_update_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + title: Output + Fleet_output_update_request_elasticsearch: + title: elasticsearch type: object properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - name: - description: The display name for the connector. + type: object + config_yaml: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - name - - secrets - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request - type: object - properties: + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string required: - name - - secrets - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request + - hosts + - type + Fleet_output_update_request_kafka: + title: kafka type: object properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: - description: The display name for the connector. - example: my-connector + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - name - - secrets - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request - type: object - properties: name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - name - - secrets - Connectors_update_connector_request_tines: - title: Update Tines connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - name: - description: The display name for the connector. + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka + type: string + username: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - required: - - config - - name - - secrets - Connectors_update_connector_request_torq: - title: Update Torq connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - description: The display name for the connector. + version: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' required: - - config - name - - secrets - Connectors_update_connector_request_webhook: - title: Update Webhook connector request + Fleet_output_update_request_logstash: + title: logstash type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - description: The display name for the connector. + ca_sha256: + type: string + ca_trusted_fingerprint: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - name - - secrets - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request - type: object - properties: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string required: - - config - name - - secrets - Data_views_400_response: - title: Bad request + Fleet_package_info: + title: Package information type: object properties: - error: - example: Bad Request + assets: + items: + type: string + type: array + categories: + items: + type: string + type: array + conditions: + type: object + properties: + elasticsearch: + type: object + properties: + subscription: + enum: + - basic + - gold + - platinum + - enterprise + type: string + kibana: + type: object + properties: + versions: + type: string + data_streams: + items: + type: object + properties: + ingeset_pipeline: + type: string + name: + type: string + package: + type: string + release: + type: string + title: + type: string + type: + type: string + vars: + items: + type: object + properties: + default: + type: string + name: + type: string + required: + - name + - default + type: array + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + type: array + description: type: string - message: + download: type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found + elasticsearch: + type: object + properties: + privileges: + type: object + properties: + cluster: + items: + type: string + type: array + format_version: type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found + icons: + items: + type: string + type: array + internal: + type: boolean + name: type: string - statusCode: + path: + type: string + readme: + type: string + release: + deprecated: true + description: >- + release label is deprecated, derive from the version instead + (packages follow semver) enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. + - experimental + - beta + - ga + type: string + screenshots: + items: + type: object + properties: + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + - path + type: array + source: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. + license: + enum: + - Apache-2.0 + - Elastic-2.0 type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + title: + type: string + type: + type: string + version: + type: string + required: + - name + - title + - version + - description + - type + - categories + - conditions + - assets + - format_version + - download + - path + Fleet_package_policy: + allOf: + - type: object + properties: + id: type: string + inputs: + oneOf: + - items: {} + type: array + - type: object + revision: + type: number required: - - title - override: - default: false + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + title: Package policy + Fleet_package_policy_request: + title: Package Policy Request + type: object + properties: + description: + description: Package policy description + example: my description + type: string + force: + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that input, (default to true)' + type: boolean + streams: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that stream, (default to true)' + type: boolean + vars: + description: >- + Stream level variable (see integration documentation for + more information) + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + type: object + vars: + description: >- + Input level variable (see integration documentation for more + information) + type: object description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + ignore_older: 72h + paths: + - /var/log/nginx/access.log* + preserve_original_event: false + tags: + - nginx-access + type: object + name: + description: Package policy name (should be unique) + example: nginx-123 + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace + type: string + overrides: + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: + inputs: type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string + package: + type: object + properties: name: - description: The data view name. + description: Package name + example: nginx type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' version: - example: WzQ2LDJd + description: Package version + example: 1.6.0 type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + example: agent-policy-id + type: string + policy_ids: + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id + items: + type: string + type: array + vars: + description: >- + Package root level variable (see integration documentation for more + information) + type: object + required: + - name + - package + Fleet_package_usage_stats: + title: Package usage stats type: object properties: - count: - description: Popularity count for the field. + agent_policy_count: type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. + required: + - agent_policy_count + Fleet_proxies: + title: Fleet Proxy type: object properties: - script: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: type: object - properties: - source: - description: Script for the runtime field. - type: string - type: - description: Mapping type of the runtime field. + url: type: string required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request + - name + - url + Fleet_saved_object_type: + oneOf: + - enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + type: string + - enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model + type: string + title: Saved Object type + Fleet_search_result: + title: Search result type: object properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. + description: type: string - fromId: - description: The saved object reference to change. + download: type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + icons: type: string - toId: - description: New saved object reference value to replace the old value. + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + name: type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: 'The timestamp field name, which you use for time-based data views.' - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: 'When set to `rollup`, identifies the rollup data views.' - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. + path: + type: string + savedObject: + deprecated: true type: object + status: + type: string + title: + type: string + type: + type: string + version: + type: string required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true + - description + - download + - icons + - name + - path + - title + - type + - version + - status + Fleet_settings: + title: Settings type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request + fleet_server_hosts: + deprecated: true + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_upgrade_agent: + title: Upgrade agent type: object properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. + force: + description: 'Force upgrade, skipping validation (should be used with caution)' type: boolean + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + type: string + version: + type: string required: - - data_view + - version + Fleet_upgrade_agent_diff: + items: + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + type: array + title: Package policy Upgrade dryrun + type: array + Fleet_upgrade_diff: + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + items: + type: object + properties: + key: + type: string + message: + type: string + type: array + missingVars: + items: + type: string + type: array + type: object + title: Package policy Upgrade dryrun + type: array Kibana_HTTP_APIs_core_status_redactedResponse: additionalProperties: false description: A minimal representation of Kibana's operational status. @@ -8620,12 +14738,16 @@ components: BasicAuth: scheme: basic type: http + Fleet_basicAuth: + scheme: basic + type: http Kibana_HTTP_APIs_basicAuth: scheme: basic type: http security: - BasicAuth: [] - Kibana_HTTP_APIs_basicAuth: [] + - Fleet_basicAuth: [] tags: - description: > Configure APM agent keys to authorize requests from APM agents to the APM @@ -8638,10 +14760,26 @@ tags: name: APM annotations - description: Connector APIs enable you to create and manage connectors. name: connectors + - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana index patterns. name: data views + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Agents + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet Kubernetes + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet Server hosts + - name: Fleet service tokens + - name: Fleet uninstall tokens - description: Machine learning name: ml - description: >- diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 2ceaab3ed8f0f..bd576d13ca355 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -57,158 +57,212 @@ servers: kibana_url: default: 'localhost:5601' paths: - /api/actions: + /agent_download_sources: get: - deprecated: true - description: Deprecated in 7.13.0. Use the get all connectors API instead. - operationId: legacyGetConnectors + operationId: get-download-sources responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - $ref: '#/components/schemas/Connectors_action_response_properties' - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connectors + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_download_sources' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources tags: - - connectors + - Elastic Agent binary download sources post: - deprecated: true - description: Deprecated in 7.13.0. Use the create connector API instead. - operationId: legacyCreateConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + operationId: post-download-sources requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - title: Legacy create connector request properties type: object properties: - actionTypeId: - description: The connector type identifier. + host: type: string - config: - description: >- - The configuration for the connector. Configuration - properties vary depending on the connector type. - type: object + id: + type: string + is_default: + type: boolean name: - description: The display name for the connector. type: string - secrets: - description: > - The secrets configuration for the connector. Secrets - configuration properties vary depending on the connector - type. NOTE: Remember these values. You must provide them - each time you update the connector. - type: object - required: true + required: + - name + - host + - is_default responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent binary download source tags: - - connectors - '/api/actions/action/{actionId}': + - Elastic Agent binary download sources + '/agent_download_sources/{sourceId}': delete: - deprecated: true - description: > - Deprecated in 7.13.0. Use the delete connector API instead. WARNING: - When you delete a connector, it cannot be recovered. - operationId: legacyDeleteConnector + operationId: delete-download-source parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: - '204': - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Delete a connector + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent binary download source by ID tags: - - connectors + - Elastic Agent binary download sources get: - deprecated: true - description: Deprecated in 7.13.0. Use the get connector API instead. - operationId: legacyGetConnector - parameters: - - $ref: '#/components/parameters/Connectors_action_id' + operationId: get-one-download-source responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get connector information + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent binary download source by ID tags: - - connectors + - Elastic Agent binary download sources + parameters: + - in: path + name: sourceId + required: true + schema: + type: string put: - deprecated: true - description: Deprecated in 7.13.0. Use the update connector API instead. - operationId: legacyUpdateConnector + operationId: update-download-source parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary depending on the connector type. + type: object properties: - config: - description: >- - The new connector configuration. Configuration properties - vary depending on the connector type. - type: object + host: + type: string + is_default: + type: boolean name: - description: The new name for the connector. type: string - secrets: - description: >- - The updated secrets configuration for the connector. Secrets - properties vary depending on the connector type. - type: object - title: Legacy update connector request body properties - type: object - required: true + required: + - name + - is_default + - host responses: '200': - $ref: '#/components/responses/Connectors_200_actions' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Update a connector + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent binary download source by ID tags: - - connectors - '/api/actions/action/{actionId}/_execute': + - Elastic Agent binary download sources + /agent_policies: + get: + description: '' + operationId: agent-policy-list + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. + in: query + name: full + schema: + type: boolean + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. + in: query + name: noAgentCount + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent policies + tags: + - Elastic Agent policies post: - deprecated: true - description: Deprecated in 7.13.0. Use the run connector API instead. - operationId: legacyRunConnector + operationId: create-agent-policy parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_action_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary depending on the connector type. - properties: - params: - description: >- - The parameters of the connector. Parameter properties vary - depending on the connector type. - type: object - required: - - params - title: Legacy run connector request body properties - type: object - required: true + $ref: '#/components/schemas/Fleet_agent_policy_create_request' responses: '200': content: @@ -216,448 +270,477 @@ paths: schema: type: object properties: - actionId: - type: string - data: - oneOf: - - additionalProperties: true - description: Information returned from the action. - type: object - - description: An array of information returned from the action. - items: - type: object - type: array - status: - description: The status of the action. - type: string - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Run a connector + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent policy tags: - - connectors - /api/actions/connector: + - Elastic Agent policies + /agent_policies/_bulk_get: post: - description: The connector identifier is randomly generated. - operationId: createConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' + operationId: bulk-get-agent-policies + parameters: [] requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_email_connector_request - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request - createWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_request - createXmattersConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_request schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of agent policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_email_connector_response - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response - createWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_webhook_connector_response - createXmattersConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_xmatters_connector_response schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector with a random ID - tags: - - connectors - /api/actions/connector_types: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get agent policies + tags: + - Elastic Agent policies + '/agent_policies/{agentPolicyId}': get: - operationId: getConnectorTypes - parameters: - - description: >- - A filter to limit the retrieved connector types to those that - support a specific feature (such as alerting or cases). - in: query - name: feature_id - schema: - $ref: '#/components/schemas/Connectors_features' + description: Get one agent policy + operationId: agent-policy-info + parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorTypesServerlessResponse: - $ref: >- - #/components/examples/Connectors_get_connector_types_generativeai_response schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - example: true - type: boolean - enabled_in_config: - description: >- - Indicates whether the connector type is enabled in the - Kibana configuration file. - example: true - type: boolean - enabled_in_license: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - $ref: '#/components/schemas/Connectors_connector_types' - is_system_action_type: - example: false - type: boolean - minimum_license_required: - description: The license that is required to use the connector type. - example: basic - type: string - name: - description: The name of the connector type. - example: Index - type: string - supported_feature_ids: - description: The features that are supported by the connector type. - example: - - alerting - - cases - - siem - items: - $ref: '#/components/schemas/Connectors_features' - type: array - title: Get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connector types - tags: - - connectors - '/api/actions/connector/{connectorId}': - delete: - operationId: deleteConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - responses: - '204': - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Delete a connector + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent policy by ID tags: - - connectors - get: - operationId: getConnector + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + put: + operationId: update-agent-policy parameters: - - $ref: '#/components/parameters/Connectors_connector_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorResponse: - $ref: '#/components/examples/Connectors_get_connector_response' schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Get a connector information + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent policy by ID tags: - - connectors + - Elastic Agent policies + '/agent_policies/{agentPolicyId}/copy': + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string post: - operationId: createConnectorId + operationId: agent-policy-copy parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - description: > - A UUID v1 or v4 identifier for the connector. If you omit this - parameter, an identifier is randomly generated. - in: path - name: connectorId - required: true - schema: - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_create_index_connector_request schema: - $ref: '#/components/schemas/Connectors_create_connector_request' - required: true + type: object + properties: + description: + type: string + name: + type: string + required: + - name + description: '' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_create_index_connector_response schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Create a connector + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Copy agent policy by ID tags: - - connectors - put: - operationId: updateConnector - parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateIndexConnectorRequest: - $ref: >- - #/components/examples/Connectors_update_index_connector_request - schema: - $ref: '#/components/schemas/Connectors_update_connector_request' + - Elastic Agent policies + '/agent_policies/{agentPolicyId}/download': + get: + operationId: agent-policy-download + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + '/agent_policies/{agentPolicyId}/full': + get: + operationId: agent-policy-full responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Connectors_connector_response_properties' - description: Indicates a successful call. + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK '400': - $ref: '#/components/responses/Connectors_401' - '401': - $ref: '#/components/responses/Connectors_401' - '404': - $ref: '#/components/responses/Connectors_404' - summary: Update a connector + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID tags: - - connectors - '/api/actions/connector/{connectorId}/_execute': + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /agent_policies/delete: + parameters: [] post: - description: > - You can use this API to test an action that involves interaction with - Kibana services or integrations with third-party systems. You must have - `read` privileges for the **Actions and Connectors** feature in the - **Management** section of the Kibana feature privileges. If you use an - index connector, you must also have `all`, `create`, `index`, or `write` - indices privileges. - operationId: runConnector + operationId: delete-agent-policy parameters: - - $ref: '#/components/parameters/Connectors_kbn_xsrf' - - $ref: '#/components/parameters/Connectors_connector_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - runCasesWebhookConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_request - runEmailConnectorRequest: - $ref: '#/components/examples/Connectors_run_email_connector_request' - runIndexConnectorRequest: - $ref: '#/components/examples/Connectors_run_index_connector_request' - runJiraConnectorRequest: - $ref: '#/components/examples/Connectors_run_jira_connector_request' - runPagerDutyConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_request - runServerLogConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_request - runServiceNowITOMConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_request - runSlackConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_request - runSwimlaneConnectorRequest: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_request schema: - $ref: '#/components/schemas/Connectors_run_connector_request' - required: true + type: object + properties: + agentPolicyId: + type: string + force: + description: >- + bypass validation checks that can prevent agent policy + deletion + type: boolean + required: + - agentPolicyId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - runCasesWebhookConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_cases_webhook_connector_response - runEmailConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_email_connector_response - runIndexConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_index_connector_response - runJiraConnectorResponse: - $ref: '#/components/examples/Connectors_run_jira_connector_response' - runPagerDutyConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_pagerduty_connector_response - runServerLogConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_server_log_connector_response - runServiceNowITOMConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_servicenow_itom_connector_response - runSlackConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_slack_api_connector_response - runSwimlaneConnectorResponse: - $ref: >- - #/components/examples/Connectors_run_swimlane_connector_response schema: type: object properties: - connector_id: - description: The identifier for the connector. - type: string - data: - oneOf: - - additionalProperties: true - description: Information returned from the action. - type: object - - description: An array of information returned from the action. - items: - type: object - type: array - status: - description: The status of the action. - enum: - - error - - ok + id: type: string + success: + type: boolean required: - - connector_id - - status - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Run a connector + - id + - success + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID tags: - - connectors - /api/actions/connectors: + - Elastic Agent policies + /agent_status: get: - operationId: getConnectors + operationId: get-agent-status + parameters: + - in: query + name: policyId + required: false + schema: + type: string + - deprecated: true + in: query + name: kuery + required: false + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getConnectorsResponse: - $ref: '#/components/examples/Connectors_get_connectors_response' schema: - items: - $ref: >- - #/components/schemas/Connectors_connector_response_properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get all connectors + type: object + properties: + active: + type: integer + all: + type: integer + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + deprecated: true + type: integer + unenrolled: + type: integer + updating: + type: integer + required: + - active + - all + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - connectors - /api/actions/list_action_types: + - Elastic Agent status + /agent_status/data: + get: + operationId: get-agent-data + parameters: + - in: query + name: agentsIds + required: true + schema: + items: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + additionalProperties: + type: object + properties: + data: + type: boolean + type: object + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get incoming agent data + tags: + - Elastic Agent status + /agent-status: get: deprecated: true - description: Deprecated in 7.13.0. Use the get all connector types API instead. - operationId: legacyGetConnectorTypes + operationId: get-agent-status-deprecated + parameters: + - in: query + name: policyId + required: false + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - description: The properties vary for each connector type. - items: - type: object - properties: - enabled: - description: >- - Indicates whether the connector type is enabled in - Kibana. - type: boolean - enabledInConfig: - description: >- - Indicates whether the connector type is enabled in the - Kibana `.yml` file. - type: boolean - enabledInLicense: - description: >- - Indicates whether the connector is enabled in the - license. - example: true - type: boolean - id: - description: The unique identifier for the connector type. - type: string - minimumLicenseRequired: - description: The license that is required to use the connector type. - type: string - name: - description: The name of the connector type. - type: string - title: Legacy get connector types response body properties - type: array - description: Indicates a successful call. - '401': - $ref: '#/components/responses/Connectors_401' - summary: Get connector types + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary tags: - - connectors - /api/apm/agent_keys: + - Elastic Agent status + /agents: + get: + operationId: get-agents + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents + tags: + - Elastic Agents post: - description: Create a new agent key for APM. - operationId: createAgentKey + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - name: - type: string - privileges: + actionIds: items: - enum: - - 'event:write' - - 'config_agent:read' type: string type: array + required: + - policy_id required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids + tags: + - Elastic Agents + '/agents/{agentId}': + delete: + operationId: delete-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: @@ -665,53 +748,61 @@ paths: schema: type: object properties: - api_key: - type: string - encoded: - type: string - expiration: - format: int64 - type: integer - id: - type: string - name: + action: + enum: + - deleted type: string - description: Agent key created successfully - summary: Create an APM agent key + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID tags: - - APM agent keys - '/api/apm/services/{serviceName}/annotation': - post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + - Elastic Agents + get: + operationId: get-agent parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_with_metrics' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - '@timestamp': - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - version: - type: string tags: items: type: string type: array + user_provided_metadata: + type: object required: true responses: '200': @@ -720,70 +811,36 @@ paths: schema: type: object properties: - _id: - type: string - _index: - type: string - _source: - type: object - properties: - '@timestamp': - type: string - annotation: - type: string - event: - type: object - properties: - created: - type: string - message: - type: string - service: - type: object - properties: - environment: - type: string - name: - type: string - version: - type: string - tags: - items: - type: string - type: array - description: Annotation created successfully - summary: Create a service annotation + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID tags: - - APM annotations - '/api/apm/services/{serviceName}/annotation/search': - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation + - Elastic Agents + '/agents/{agentId}/actions': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: new-agent-action parameters: - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + $ref: '#/components/schemas/Fleet_agent_action' + required: true responses: '200': content: @@ -791,1312 +848,1452 @@ paths: schema: type: object properties: - annotations: + body: items: - type: object - properties: - '@timestamp': - type: number - id: - type: string - text: - type: string - type: - enum: - - version - type: string + type: number type: array - description: Successful response - summary: Search for annotations + headers: + type: string + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action tags: - - APM annotations - /api/cases: - delete: - description: > - You must have `read` or `all` privileges and the `delete` sub-feature - privilege for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseDefaultSpace + - Elastic Agent actions + '/agents/{agentId}/actions/{actionId}/cancel': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + - in: path + name: actionId + required: true + schema: + type: string + post: + operationId: agent-action-cancel parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_ids' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete cases + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - cases - patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - updating. - operationId: updateCaseDefaultSpace + - Elastic Agent actions + '/agents/{agentId}/reassign': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: reassign-agent parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseRequest: - $ref: '#/components/examples/Cases_update_case_request' schema: - $ref: '#/components/schemas/Cases_update_case_request' + type: object + properties: + policy_id: + type: string + required: + - policy_id + required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseResponse: - $ref: '#/components/examples/Cases_update_case_response' - schema: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - type: array - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update cases + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent tags: - - cases - post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the - Kibana feature privileges, depending on the owner of the case you're - creating. - operationId: createCaseDefaultSpace + - Elastic Agents + put: + deprecated: true + operationId: reassign-agent-deprecated parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseRequest: - $ref: '#/components/examples/Cases_create_case_request' schema: - $ref: '#/components/schemas/Cases_create_case_request' + type: object + properties: + policy_id: + type: string + required: + - policy_id required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseResponse: - $ref: '#/components/examples/Cases_create_case_response' schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent + tags: + - Elastic Agents + '/agents/{agentId}/request_diagnostics': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: request-diagnostics-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Create a case + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics tags: - - cases - /api/cases/_find: - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: findCasesDefaultSpace + - Elastic Agents + '/agents/{agentId}/unenroll': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: unenroll-agent parameters: - - $ref: '#/components/parameters/Cases_assignees' - - $ref: '#/components/parameters/Cases_category' - - $ref: '#/components/parameters/Cases_defaultSearchOperator' - - $ref: '#/components/parameters/Cases_from' - - $ref: '#/components/parameters/Cases_owner' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_reporters' - - $ref: '#/components/parameters/Cases_search' - - $ref: '#/components/parameters/Cases_searchFields' - - $ref: '#/components/parameters/Cases_severity' - - $ref: '#/components/parameters/Cases_sortField' - - $ref: '#/components/parameters/Cases_sort_order' - - $ref: '#/components/parameters/Cases_status' - - $ref: '#/components/parameters/Cases_tags' - - $ref: '#/components/parameters/Cases_to' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + revoke: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - findCaseResponse: - $ref: '#/components/examples/Cases_find_case_response' + schema: + type: object + description: OK + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - cases: - items: - $ref: '#/components/schemas/Cases_case_response_properties' - maxItems: 10000 - type: array - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - page: - type: integer - per_page: - type: integer - total: - type: integer - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Search cases + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: number + description: BAD REQUEST + summary: Unenroll agent tags: - - cases - '/api/cases/{caseId}': - get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're seeking. - operationId: getCaseDefaultSpace + - Elastic Agents + '/agents/{agentId}/upgrade': + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: upgrade-agent parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_includeComments' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultCaseResponse: - $ref: '#/components/examples/Cases_get_case_response' - getDefaultObservabilityCaseReponse: - $ref: '#/components/examples/Cases_get_case_observability_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case information + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent tags: - - cases - '/api/cases/{caseId}/alerts': + - Elastic Agents + '/agents/{agentId}/uploads': get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: getCaseAlertsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' + operationId: list-agent-uploads responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getCaseAlertsResponse: - $ref: '#/components/examples/Cases_get_case_alerts_response' - schema: - items: - $ref: '#/components/schemas/Cases_alert_response_properties' - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all alerts for a case - tags: - - cases - x-technical-preview: true - '/api/cases/{caseId}/comments': - delete: - description: > - Deletes all comments and alerts from a case. You must have `all` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseCommentsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - responses: - '204': - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete all case comments and alerts + type: object + properties: + body: + type: object + properties: + item: + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads tags: - - cases + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /agents/action_status: get: - deprecated: true - description: > - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; instead, use the get case comment API, which requires a - comment identifier in the path. You must have `read` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on the - owner of the cases with the comments you're seeking. - operationId: getAllCaseCommentsDefaultSpace + operationId: agents-action-status parameters: - - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - in: query + name: errorSize + schema: + default: 5 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all case comments + type: object + properties: + items: + items: + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + latestErrors: + description: >- + latest errors that happened when the agents executed + the action + items: + type: object + properties: + agentId: + type: string + error: + type: string + timestamp: + type: string + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: string + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status tags: - - cases - patch: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're updating. - NOTE: You cannot change the comment type or the owner of a comment. - operationId: updateCaseCommentDefaultSpace + - Elastic Agent actions + /agents/bulk_reassign: + post: + operationId: bulk-reassign-agents parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseCommentRequest: - $ref: '#/components/examples/Cases_update_comment_request' + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: - $ref: '#/components/schemas/Cases_update_case_comment_request' - required: true + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + policy_id: + description: new agent policy id + type: string + required: + - policy_id + - agents responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateCaseCommentResponse: - $ref: '#/components/examples/Cases_update_comment_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update a case comment or alert + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents tags: - - cases + - Elastic Agents + /agents/bulk_request_diagnostics: post: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're creating. - NOTE: Each case can have a maximum of 1,000 alerts. - operationId: addCaseCommentDefaultSpace + operationId: bulk-request-diagnostics parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseCommentRequest: - $ref: '#/components/examples/Cases_add_comment_request' + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' schema: - $ref: '#/components/schemas/Cases_add_case_comment_request' - required: true + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + required: + - agents responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createCaseCommentResponse: - $ref: '#/components/examples/Cases_add_comment_response' - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Add a case comment or alert + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents tags: - - cases - '/api/cases/{caseId}/comments/_find': - get: - description: > - Retrieves a paginated list of comments for a case. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases with the comments you're - seeking. - operationId: findCaseCommentsDefaultSpace + - Elastic Agents + /agents/bulk_unenroll: + post: + operationId: bulk-unenroll-agents parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + force: false + revoke: true + schema: + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents + tags: + - Elastic Agents + /agents/bulk_update_agent_tags: + post: + operationId: bulk-update-agent-tags + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag + schema: + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Find case comments and alerts + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags tags: - - cases - '/api/cases/{caseId}/comments/{commentId}': - delete: - description: > - You must have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're deleting. - operationId: deleteCaseCommentDefaultSpace + - Elastic Agents + /agents/bulk_upgrade: + post: + operationId: bulk-upgrade-agents parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_comment_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: 'https://artifacts.elastic.co/downloads/beats/elastic-agent' + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 + schema: + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' + required: true responses: - '204': - description: Indicates a successful call. - '401': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Delete a case comment or alert + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents tags: - - cases + - Elastic Agents + '/agents/files/{fileId}': + delete: + operationId: delete-agent-upload-file + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + properties: + deleted: + type: boolean + id: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + '/agents/files/{fileId}/{fileName}': get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases with the - comments you're seeking. - operationId: getCaseCommentDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_comment_id' + operationId: get-agent-upload-file responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getCaseCommentResponse: - $ref: '#/components/examples/Cases_get_comment_response' schema: - oneOf: - - $ref: >- - #/components/schemas/Cases_alert_comment_response_properties - - $ref: >- - #/components/schemas/Cases_user_comment_response_properties - description: Indicates a successful call. - '401': + type: object + properties: + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /agents/setup: + get: + operationId: get-agents-setup-status + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get a case comment or alert + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent setup info tags: - - cases - '/api/cases/{caseId}/connector/{connectorId}/_push': + - Elastic Agents post: - description: > - You must have `all` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - You must also have `all` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the case you're pushing. - operationId: pushCaseDefaultSpace + operationId: setup-agents parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_connector_id' - - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - nullable: true type: object + properties: + admin_password: + type: string + admin_username: + type: string + required: + - admin_username + - admin_password responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - pushCaseResponse: - $ref: '#/components/examples/Cases_push_case_response' schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup + tags: + - Elastic Agents + /agents/tags: + get: + operationId: get-agent-tags + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Push a case to an external service + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags tags: - - cases - '/api/cases/{caseId}/user_actions': + - Elastic Agents + /api/actions: get: deprecated: true - description: > - Returns all user activity for a case. Deprecated in 8.1.0. This API is - deprecated and will be removed in a future release; use the find user - actions API instead. You must have `read` privileges for the **Cases** - feature in the **Management**, **Observability**, or **Security** - section of the Kibana feature privileges, depending on the owner of the - case you're seeking. - operationId: getCaseActivityDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' + description: Deprecated in 7.13.0. Use the get all connectors API instead. + operationId: legacyGetConnectors responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: '#/components/schemas/Cases_user_actions_response_properties' + $ref: '#/components/schemas/Connectors_action_response_properties' type: array description: Indicates a successful call. '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case activity + $ref: '#/components/responses/Connectors_401' + summary: Get all connectors tags: - - cases - '/api/cases/{caseId}/user_actions/_find': - get: - description: > - Retrives a paginated list of user activity for a case. You must have - `read` privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the case you're seeking. - operationId: findCaseActivityDefaultSpace + - connectors + post: + deprecated: true + description: Deprecated in 7.13.0. Use the create connector API instead. + operationId: legacyCreateConnector parameters: - - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_page_index' - - $ref: '#/components/parameters/Cases_page_size' - - $ref: '#/components/parameters/Cases_sort_order' - - $ref: '#/components/parameters/Cases_user_action_types' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - findCaseActivityResponse: - $ref: '#/components/examples/Cases_find_case_activity_response' - schema: - type: object - properties: - page: - type: integer - perPage: - type: integer - total: - type: integer - userActions: - items: - $ref: >- - #/components/schemas/Cases_user_actions_find_response_properties - maxItems: 10000 - type: array + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + title: Legacy create connector request properties + type: object + properties: + actionTypeId: + description: The connector type identifier. + type: string + config: + description: >- + The configuration for the connector. Configuration + properties vary depending on the connector type. + type: object + name: + description: The display name for the connector. + type: string + secrets: + description: > + The secrets configuration for the connector. Secrets + configuration properties vary depending on the connector + type. NOTE: Remember these values. You must provide them + each time you update the connector. + type: object + required: true + responses: + '200': + $ref: '#/components/responses/Connectors_200_actions' + '401': + $ref: '#/components/responses/Connectors_401' + summary: Create a connector + tags: + - connectors + '/api/actions/action/{actionId}': + delete: + deprecated: true + description: > + Deprecated in 7.13.0. Use the delete connector API instead. WARNING: + When you delete a connector, it cannot be recovered. + operationId: legacyDeleteConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' + responses: + '204': description: Indicates a successful call. '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Find case activity + $ref: '#/components/responses/Connectors_401' + summary: Delete a connector tags: - - cases - '/api/cases/alerts/{alertId}': + - connectors get: - description: > - You must have `read` privileges for the **Cases** feature in the - **Management**, **Observability**, or **Security** section of the Kibana - feature privileges, depending on the owner of the cases you're seeking. - operationId: getCasesByAlertDefaultSpace + deprecated: true + description: Deprecated in 7.13.0. Use the get connector API instead. + operationId: legacyGetConnector parameters: - - $ref: '#/components/parameters/Cases_alert_id' - - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Connectors_action_id' + responses: + '200': + $ref: '#/components/responses/Connectors_200_actions' + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get connector information + tags: + - connectors + put: + deprecated: true + description: Deprecated in 7.13.0. Use the update connector API instead. + operationId: legacyUpdateConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + description: The properties vary depending on the connector type. + properties: + config: + description: >- + The new connector configuration. Configuration properties + vary depending on the connector type. + type: object + name: + description: The new name for the connector. + type: string + secrets: + description: >- + The updated secrets configuration for the connector. Secrets + properties vary depending on the connector type. + type: object + title: Legacy update connector request body properties + type: object + required: true + responses: + '200': + $ref: '#/components/responses/Connectors_200_actions' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Update a connector + tags: + - connectors + '/api/actions/action/{actionId}/_execute': + post: + deprecated: true + description: Deprecated in 7.13.0. Use the run connector API instead. + operationId: legacyRunConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_action_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + description: The properties vary depending on the connector type. + properties: + params: + description: >- + The parameters of the connector. Parameter properties vary + depending on the connector type. + type: object + required: + - params + title: Legacy run connector request body properties + type: object + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - example: - - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 - title: security_case - items: - type: object - properties: - id: - description: The case identifier. - type: string - title: - description: The case title. - type: string - maxItems: 10000 - type: array + type: object + properties: + actionId: + type: string + data: + oneOf: + - additionalProperties: true + description: Information returned from the action. + type: object + - description: An array of information returned from the action. + items: + type: object + type: array + status: + description: The status of the action. + type: string description: Indicates a successful call. '401': + $ref: '#/components/responses/Connectors_401' + summary: Run a connector + tags: + - connectors + /api/actions/connector: + post: + description: The connector identifier is randomly generated. + operationId: createConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createEmailConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_email_connector_request + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request + createWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_request + createXmattersConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_request + schema: + $ref: '#/components/schemas/Connectors_create_connector_request' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_email_connector_response + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response + createWebhookConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_webhook_connector_response + createXmattersConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_xmatters_connector_response schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get cases for an alert + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Create a connector with a random ID tags: - - cases - x-technical-preview: true - /api/cases/configure: + - connectors + /api/actions/connector_types: get: - description: > - Get setting details such as the closure type, custom fields, templatse, - and the default connector for cases. You must have `read` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the cases were created. - operationId: getCaseConfigurationDefaultSpace + operationId: getConnectorTypes parameters: - - $ref: '#/components/parameters/Cases_owner' + - description: >- + A filter to limit the retrieved connector types to those that + support a specific feature (such as alerting or cases). + in: query + name: feature_id + schema: + $ref: '#/components/schemas/Connectors_features' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - getConfigurationResponse: - $ref: '#/components/examples/Cases_get_case_configuration_response' + getConnectorTypesServerlessResponse: + $ref: >- + #/components/examples/Connectors_get_connector_types_generativeai_response schema: + description: The properties vary for each connector type. items: type: object properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are - not used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want - a default connector, use `none`. To retrieve - connector IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the - `type` is `text`, the default value must be a - string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If - `false`, the custom field can be set to null or - omitted when a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string + enabled: + description: >- + Indicates whether the connector type is enabled in + Kibana. + example: true + type: boolean + enabled_in_config: + description: >- + Indicates whether the connector type is enabled in the + Kibana configuration file. + example: true + type: boolean + enabled_in_license: + description: >- + Indicates whether the connector is enabled in the + license. + example: true + type: boolean id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + $ref: '#/components/schemas/Connectors_connector_types' + is_system_action_type: + example: false + type: boolean + minimum_license_required: + description: The license that is required to use the connector type. + example: basic type: string - mappings: + name: + description: The name of the connector type. + example: Index + type: string + supported_feature_ids: + description: The features that are supported by the connector type. + example: + - alerting + - cases + - siem items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string + $ref: '#/components/schemas/Connectors_features' type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string + title: Get connector types response body properties type: array description: Indicates a successful call. '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connector types + tags: + - connectors + '/api/actions/connector/{connectorId}': + delete: + operationId: deleteConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + responses: + '204': + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Delete a connector + tags: + - connectors + get: + operationId: getConnector + parameters: + - $ref: '#/components/parameters/Connectors_connector_id' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorResponse: + $ref: '#/components/examples/Connectors_get_connector_response' schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case settings + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Get a connector information tags: - - cases + - connectors post: - description: > - Case settings include external connection details, custom fields, and - templates. Connectors are used to interface with external systems. You - must create a connector before you can use it in your cases. If you set - a default connector, it is automatically selected when you create cases - in Kibana. If you use the create case API, however, you must still - specify all of the connector details. You must have `all` privileges for - the **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where you are creating cases. - operationId: setCaseConfigurationDefaultSpace + operationId: createConnectorId parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - description: > + A UUID v1 or v4 identifier for the connector. If you omit this + parameter, an identifier is randomly generated. + in: path + name: connectorId + required: true + schema: + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - setCaseConfigRequest: - $ref: '#/components/examples/Cases_set_case_configuration_request' + createIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_create_index_connector_request schema: - $ref: '#/components/schemas/Cases_set_case_configuration_request' + $ref: '#/components/schemas/Connectors_create_connector_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - setCaseConfigResponse: - $ref: '#/components/examples/Cases_set_case_configuration_response' + createIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_create_index_connector_response schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true - type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= - type: string + $ref: '#/components/schemas/Connectors_connector_response_properties' description: Indicates a successful call. '401': + $ref: '#/components/responses/Connectors_401' + summary: Create a connector + tags: + - connectors + put: + operationId: updateConnector + parameters: + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateIndexConnectorRequest: + $ref: >- + #/components/examples/Connectors_update_index_connector_request + schema: + $ref: '#/components/schemas/Connectors_update_connector_request' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Add case settings + $ref: '#/components/schemas/Connectors_connector_response_properties' + description: Indicates a successful call. + '400': + $ref: '#/components/responses/Connectors_401' + '401': + $ref: '#/components/responses/Connectors_401' + '404': + $ref: '#/components/responses/Connectors_404' + summary: Update a connector tags: - - cases - '/api/cases/configure/{configurationId}': - patch: + - connectors + '/api/actions/connector/{connectorId}/_execute': + post: description: > - Updates setting details such as the closure type, custom fields, - templates, and the default connector for cases. Connectors are used to - interface with external systems. You must create a connector before you - can use it in your cases. You must have `all` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on - where the case was created. - operationId: updateCaseConfigurationDefaultSpace + You can use this API to test an action that involves interaction with + Kibana services or integrations with third-party systems. You must have + `read` privileges for the **Actions and Connectors** feature in the + **Management** section of the Kibana feature privileges. If you use an + index connector, you must also have `all`, `create`, `index`, or `write` + indices privileges. + operationId: runConnector parameters: - - $ref: '#/components/parameters/Cases_kbn_xsrf' - - $ref: '#/components/parameters/Cases_configuration_id' + - $ref: '#/components/parameters/Connectors_kbn_xsrf' + - $ref: '#/components/parameters/Connectors_connector_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - updateCaseConfigurationRequest: - $ref: '#/components/examples/Cases_update_case_configuration_request' + runCasesWebhookConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_cases_webhook_connector_request + runEmailConnectorRequest: + $ref: '#/components/examples/Connectors_run_email_connector_request' + runIndexConnectorRequest: + $ref: '#/components/examples/Connectors_run_index_connector_request' + runJiraConnectorRequest: + $ref: '#/components/examples/Connectors_run_jira_connector_request' + runPagerDutyConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_pagerduty_connector_request + runServerLogConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_server_log_connector_request + runServiceNowITOMConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_servicenow_itom_connector_request + runSlackConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_slack_api_connector_request + runSwimlaneConnectorRequest: + $ref: >- + #/components/examples/Connectors_run_swimlane_connector_request schema: - $ref: '#/components/schemas/Cases_update_case_configuration_request' + $ref: '#/components/schemas/Connectors_run_connector_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - updateCaseConfigurationResponse: + runCasesWebhookConnectorResponse: $ref: >- - #/components/examples/Cases_update_case_configuration_response - schema: - type: object - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, - therefore it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector - IDs, use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a - default connector, use `none`. To retrieve connector - names, use the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - created_at: - example: '2022-06-01T17:07:17.767Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - customFields: - description: Custom fields configuration details. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` - is `text`, the default value must be a string. If - the `type` is `toggle`, the default value must be - boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower - case and composed only of a-z, 0-9, '_', and '-' - characters. It is used in API calls to refer to a - specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: >- - The custom field label that is displayed in the - case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, - the custom field can be set to null or omitted when - a case is created or updated. - type: boolean - type: array - error: - example: null - nullable: true - type: string - id: - example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 - type: string - mappings: - items: - type: object - properties: - action_type: - example: overwrite - type: string - source: - example: title - type: string - target: - example: summary - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - updated_at: - example: '2022-06-01T19:58:48.169Z' - format: date-time - nullable: true + #/components/examples/Connectors_run_cases_webhook_connector_response + runEmailConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_email_connector_response + runIndexConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_index_connector_response + runJiraConnectorResponse: + $ref: '#/components/examples/Connectors_run_jira_connector_response' + runPagerDutyConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_pagerduty_connector_response + runServerLogConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_server_log_connector_response + runServiceNowITOMConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_servicenow_itom_connector_response + runSlackConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_slack_api_connector_response + runSwimlaneConnectorResponse: + $ref: >- + #/components/examples/Connectors_run_swimlane_connector_response + schema: + type: object + properties: + connector_id: + description: The identifier for the connector. type: string - updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - version: - example: WzIwNzMsMV0= + data: + oneOf: + - additionalProperties: true + description: Information returned from the action. + type: object + - description: An array of information returned from the action. + items: + type: object + type: array + status: + description: The status of the action. + enum: + - error + - ok type: string + required: + - connector_id + - status description: Indicates a successful call. '401': + $ref: '#/components/responses/Connectors_401' + summary: Run a connector + tags: + - connectors + /api/actions/connectors: + get: + operationId: getConnectors + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConnectorsResponse: + $ref: '#/components/examples/Connectors_get_connectors_response' schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Update case settings + items: + $ref: >- + #/components/schemas/Connectors_connector_response_properties + type: array + description: Indicates a successful call. + '401': + $ref: '#/components/responses/Connectors_401' + summary: Get all connectors tags: - - cases - /api/cases/configure/connectors/_find: + - connectors + /api/actions/list_action_types: get: - description: > - Get information about connectors that are supported for use in cases. - You must have `read` privileges for the **Actions and Connectors** - feature in the **Management** section of the Kibana feature privileges. - operationId: findCaseConnectorsDefaultSpace + deprecated: true + description: Deprecated in 7.13.0. Use the get all connector types API instead. + operationId: legacyGetConnectorTypes responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - findConnectorResponse: - $ref: '#/components/examples/Cases_find_connector_response' schema: + description: The properties vary for each connector type. items: type: object properties: - actionTypeId: - $ref: '#/components/schemas/Cases_connector_types' - config: - additionalProperties: true - type: object - properties: - apiUrl: - type: string - projectKey: - type: string - id: - type: string - isDeprecated: + enabled: + description: >- + Indicates whether the connector type is enabled in + Kibana. type: boolean - isMissingSecrets: + enabledInConfig: + description: >- + Indicates whether the connector type is enabled in the + Kibana `.yml` file. type: boolean - isPreconfigured: + enabledInLicense: + description: >- + Indicates whether the connector is enabled in the + license. + example: true type: boolean + id: + description: The unique identifier for the connector type. + type: string + minimumLicenseRequired: + description: The license that is required to use the connector type. + type: string name: + description: The name of the connector type. type: string - referencedByCount: - type: integer - maxItems: 1000 + title: Legacy get connector types response body properties type: array description: Indicates a successful call. '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case connectors + $ref: '#/components/responses/Connectors_401' + summary: Get connector types tags: - - cases - /api/cases/reporters: - get: - description: > - Returns information about the users who opened cases. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases. The API returns - information about the users as they existed at the time of the case - creation, including their name, full name, and email address. If any of - those details change thereafter or if a user is deleted, the information - returned by this API is unchanged. - operationId: getCaseReportersDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner' + - connectors + /api/apm/agent_keys: + post: + description: Create a new agent key for APM. + operationId: createAgentKey + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + privileges: + items: + enum: + - 'event:write' + - 'config_agent:read' + type: string + type: array + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getReportersResponse: - $ref: '#/components/examples/Cases_get_reporters_response' schema: - items: + type: object + properties: + api_key: + type: string + encoded: + type: string + expiration: + format: int64 + type: integer + id: + type: string + name: + type: string + description: Agent key created successfully + summary: Create an APM agent key + tags: + - APM agent keys + '/api/apm/services/{serviceName}/annotation': + post: + description: Create a new annotation for a specific service. + operationId: createAnnotation + parameters: + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + '@timestamp': + type: string + message: + type: string + service: type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + environment: type: string - username: - example: elastic - nullable: true + version: type: string - required: - - email - - full_name - - username - maxItems: 10000 - type: array - description: Indicates a successful call. - '401': + tags: + items: + type: string + type: array + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case creators + type: object + properties: + _id: + type: string + _index: + type: string + _source: + type: object + properties: + '@timestamp': + type: string + annotation: + type: string + event: + type: object + properties: + created: + type: string + message: + type: string + service: + type: object + properties: + environment: + type: string + name: + type: string + version: + type: string + tags: + items: + type: string + type: array + description: Annotation created successfully + summary: Create a service annotation tags: - - cases - /api/cases/status: + - APM annotations + '/api/apm/services/{serviceName}/annotation/search': get: - deprecated: true - description: > - Returns the number of cases that are open, closed, and in progress. - Deprecated in 8.1.0. This API is deprecated and will be removed in a - future release; use the find cases API instead. You must have `read` - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. - operationId: getCaseStatusDefaultSpace + description: Search for annotations related to a specific service. + operationId: getAnnotation parameters: - - $ref: '#/components/parameters/Cases_owner' + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + - description: The environment to filter annotations by + in: query + name: environment + required: false + schema: + type: string + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: + type: string responses: '200': content: @@ -2104,12 +2301,38 @@ paths: schema: type: object properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer + annotations: + items: + type: object + properties: + '@timestamp': + type: number + id: + type: string + text: + type: string + type: + enum: + - version + type: string + type: array + description: Successful response + summary: Search for annotations + tags: + - APM annotations + /api/cases: + delete: + description: > + You must have `read` or `all` privileges and the `delete` sub-feature + privilege for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're deleting. + operationId: deleteCaseDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_ids' + responses: + '204': description: Indicates a successful call. '401': content: @@ -2117,30 +2340,36 @@ paths: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Get case status summary + summary: Delete cases tags: - cases - /api/cases/tags: - get: + patch: description: > - Aggregates and returns a list of case tags. You must have read - privileges for the **Cases** feature in the **Management**, - **Observability**, or **Security** section of the Kibana feature - privileges, depending on the owner of the cases you're seeking. - operationId: getCaseTagsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner' + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + updating. + operationId: updateCaseDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseRequest: + $ref: '#/components/examples/Cases_update_case_request' + schema: + $ref: '#/components/schemas/Cases_update_case_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - getTagsResponse: - $ref: '#/components/examples/Cases_get_tags_response' + updateCaseResponse: + $ref: '#/components/examples/Cases_update_case_response' schema: items: - type: string - maxItems: 10000 + $ref: '#/components/schemas/Cases_case_response_properties' type: array description: Indicates a successful call. '401': @@ -2149,2018 +2378,5493 @@ paths: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Get case tags + summary: Update cases tags: - cases - /api/data_views: - get: - operationId: getAllDataViewsDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' - schema: - type: object - properties: - data_view: - items: - type: object - properties: - id: - type: string - name: - type: string - namespaces: - items: - type: string - type: array - title: - type: string - typeMeta: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views - tags: - - data views - /api/data_views/data_view: post: - operationId: createDataViewDefaultw + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the + Kibana feature privileges, depending on the owner of the case you're + creating. + operationId: createCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' + createCaseRequest: + $ref: '#/components/examples/Cases_create_case_request' schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' + $ref: '#/components/schemas/Cases_create_case_request' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + createCaseResponse: + $ref: '#/components/examples/Cases_create_case_response' schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view - tags: - - data views - '/api/data_views/data_view/{viewId}': - delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '404': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Create a case tags: - - data views + - cases + /api/cases/_find: get: - operationId: getDataViewDefault + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + operationId: findCasesDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_assignees' + - $ref: '#/components/parameters/Cases_category' + - $ref: '#/components/parameters/Cases_defaultSearchOperator' + - $ref: '#/components/parameters/Cases_from' + - $ref: '#/components/parameters/Cases_owner' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_reporters' + - $ref: '#/components/parameters/Cases_search' + - $ref: '#/components/parameters/Cases_searchFields' + - $ref: '#/components/parameters/Cases_severity' + - $ref: '#/components/parameters/Cases_sortField' + - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Cases_status' + - $ref: '#/components/parameters/Cases_tags' + - $ref: '#/components/parameters/Cases_to' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' + findCaseResponse: + $ref: '#/components/examples/Cases_find_case_response' schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' + type: object + properties: + cases: + items: + $ref: '#/components/schemas/Cases_case_response_properties' + maxItems: 10000 + type: array + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer + page: + type: integer + per_page: + type: integer + total: + type: integer description: Indicates a successful call. - '404': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Search cases tags: - - data views - post: - operationId: updateDataViewDefault + - cases + '/api/cases/{caseId}': + get: + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're seeking. + operationId: getCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_includeComments' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultCaseResponse: + $ref: '#/components/examples/Cases_get_case_response' + getDefaultObservabilityCaseReponse: + $ref: '#/components/examples/Cases_get_case_observability_response' schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case information tags: - - data views - '/api/data_views/data_view/{viewId}/fields': - post: + - cases + '/api/cases/{caseId}/alerts': + get: description: > - Update fields presentation metadata such as count, customLabel, - customDescription, and format. - operationId: updateFieldsMetadataDefault + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + operationId: getCaseAlertsDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' - schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields - required: true + - $ref: '#/components/parameters/Cases_case_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getCaseAlertsResponse: + $ref: '#/components/examples/Cases_get_case_alerts_response' schema: - type: object - properties: - acknowledged: - type: boolean + items: + $ref: '#/components/schemas/Cases_alert_response_properties' + type: array description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get all alerts for a case tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field': - post: - operationId: createRuntimeFieldDefault + - cases + x-technical-preview: true + '/api/cases/{caseId}/comments': + delete: + description: > + Deletes all comments and alerts from a case. You must have `all` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're deleting. + operationId: deleteCaseCommentsDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' responses: - '200': + '204': + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a successful call. - summary: Create a runtime field + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Delete all case comments and alerts tags: - - data views - put: - operationId: createUpdateRuntimeFieldDefault + - cases + get: + deprecated: true + description: > + Deprecated in 8.1.0. This API is deprecated and will be removed in a + future release; instead, use the get case comment API, which requires a + comment identifier in the path. You must have `read` privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on the + owner of the cases with the comments you're seeking. + operationId: getAllCaseCommentsDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. - in: path - name: viewId - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true + - $ref: '#/components/parameters/Cases_case_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '404': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get all case comments tags: - - data views - get: - operationId: getRuntimeFieldDefault + - cases + patch: + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're updating. + NOTE: You cannot change the comment type or the owner of a comment. + operationId: updateCaseCommentDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateCaseCommentRequest: + $ref: '#/components/examples/Cases_update_comment_request' + schema: + $ref: '#/components/schemas/Cases_update_case_comment_request' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' + updateCaseCommentResponse: + $ref: '#/components/examples/Cases_update_comment_response' schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '404': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Update a case comment or alert tags: - - data views + - cases post: - operationId: updateRuntimeFieldDefault + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're creating. + NOTE: Each case can have a maximum of 1,000 alerts. + operationId: addCaseCommentDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' + createCaseCommentRequest: + $ref: '#/components/examples/Cases_add_comment_request' schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField + $ref: '#/components/schemas/Cases_add_case_comment_request' required: true responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createCaseCommentResponse: + $ref: '#/components/examples/Cases_add_comment_response' + schema: + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Add a case comment or alert tags: - - data views - /api/data_views/default: + - cases + '/api/cases/{caseId}/comments/_find': get: - operationId: getDefaultDataViewDefault + description: > + Retrieves a paginated list of comments for a case. You must have `read` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases with the comments you're + seeking. + operationId: findCaseCommentsDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_sort_order' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: - $ref: >- - #/components/examples/Data_views_get_default_data_view_response schema: - type: object - properties: - data_view_id: - type: string + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get the default data view + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Find case comments and alerts tags: - - data views - post: - operationId: setDefaultDatailViewDefault + - cases + '/api/cases/{caseId}/comments/{commentId}': + delete: + description: > + You must have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're deleting. + operationId: deleteCaseCommentDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - setDefaultDataViewRequest: - $ref: '#/components/examples/Data_views_set_default_data_view_request' - schema: - type: object - properties: - data_view_id: - description: > - The data view identifier. NOTE: The API does not validate - whether it is a valid identifier. Use `null` to unset the - default data view. - nullable: true - type: string - force: - default: false - description: Update an existing default data view identifier. - type: boolean - required: - - data_view_id - required: true + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_comment_id' + responses: + '204': + description: Indicates a successful call. + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Delete a case comment or alert + tags: + - cases + get: + description: > + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases with the + comments you're seeking. + operationId: getCaseCommentDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_comment_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getCaseCommentResponse: + $ref: '#/components/examples/Cases_get_comment_response' schema: - type: object - properties: - acknowledged: - type: boolean + oneOf: + - $ref: >- + #/components/schemas/Cases_alert_comment_response_properties + - $ref: >- + #/components/schemas/Cases_user_comment_response_properties description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Set the default data view + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get a case comment or alert tags: - - data views - /api/data_views/swap_references: + - cases + '/api/cases/{caseId}/connector/{connectorId}/_push': post: description: > - Changes saved object references from one data view identifier to - another. WARNING: Misuse can break large numbers of saved objects! - Practicing with a backup is recommended. - operationId: swapDataViewsDefault + You must have `all` privileges for the **Actions and Connectors** + feature in the **Management** section of the Kibana feature privileges. + You must also have `all` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the case you're pushing. + operationId: pushCaseDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_connector_id' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - swapDataViewRequest: - $ref: '#/components/examples/Data_views_swap_data_view_request' schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + nullable: true + type: object responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + pushCaseResponse: + $ref: '#/components/examples/Cases_push_case_response' schema: - type: object - properties: - deleteStatus: - type: object - properties: - deletePerformed: - type: boolean - remainingRefs: - type: integer - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. - summary: Swap saved object references + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Push a case to an external service tags: - - data views - /api/data_views/swap_references/_preview: - post: + - cases + '/api/cases/{caseId}/user_actions': + get: + deprecated: true description: > - Preview the impact of swapping saved object references from one data - view identifier to another. - operationId: previewSwapDataViewsDefault + Returns all user activity for a case. Deprecated in 8.1.0. This API is + deprecated and will be removed in a future release; use the find user + actions API instead. You must have `read` privileges for the **Cases** + feature in the **Management**, **Observability**, or **Security** + section of the Kibana feature privileges, depending on the owner of the + case you're seeking. + operationId: getCaseActivityDefaultSpace parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - previewSwapDataViewRequest: - $ref: >- - #/components/examples/Data_views_preview_swap_data_view_request - schema: - $ref: '#/components/schemas/Data_views_swap_data_view_request_object' - required: true + - $ref: '#/components/parameters/Cases_case_id' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - result: - items: - type: object - properties: - id: - description: A saved object identifier. - type: string - type: - description: The saved object type. - type: string - type: array + items: + $ref: '#/components/schemas/Cases_user_actions_response_properties' + type: array description: Indicates a successful call. - summary: Preview a saved object reference swap + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case activity tags: - - data views - /api/encrypted_saved_objects/_rotate_key: - post: + - cases + '/api/cases/{caseId}/user_actions/_find': + get: description: > - Superuser role required. - - - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: rotateEncryptionKey + Retrives a paginated list of user activity for a case. You must have + `read` privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the case you're seeking. + operationId: findCaseActivityDefaultSpace parameters: - - description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. - in: query - name: batch_size - required: false - schema: - default: 10000 - type: number - - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. - in: query - name: type - required: false - schema: - type: string + - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_page_index' + - $ref: '#/components/parameters/Cases_page_size' + - $ref: '#/components/parameters/Cases_sort_order' + - $ref: '#/components/parameters/Cases_user_action_types' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - rotateEncryptionKeyResponse: - $ref: '#/components/examples/Saved_objects_key_rotation_response' + findCaseActivityResponse: + $ref: '#/components/examples/Cases_find_case_activity_response' schema: type: object properties: - failed: - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. - type: number - successful: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - - - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. - type: number + page: + type: integer + perPage: + type: integer total: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - type: number + type: integer + userActions: + items: + $ref: >- + #/components/schemas/Cases_user_actions_find_response_properties + maxItems: 10000 + type: array description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - '429': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Already in progress. - summary: Rotate a key for encrypted saved objects + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Find case activity tags: - - saved objects - /api/ml/saved_objects/sync: + - cases + '/api/cases/alerts/{alertId}': get: description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync + You must have `read` privileges for the **Cases** feature in the + **Management**, **Observability**, or **Security** section of the Kibana + feature privileges, depending on the owner of the cases you're seeking. + operationId: getCasesByAlertDefaultSpace parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + - $ref: '#/components/parameters/Cases_alert_id' + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call + example: + - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 + title: security_case + items: + type: object + properties: + id: + description: The case identifier. + type: string + title: + description: The case title. + type: string + maxItems: 10000 + type: array + description: Indicates a successful call. '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space - tags: - - ml - /api/saved_objects/_bulk_create: - post: - deprecated: true - operationId: bulkCreateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: 'When true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. - in: query - name: force - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects - tags: - - saved objects - /api/saved_objects/_bulk_get: - post: - deprecated: true - operationId: bulkGetSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects + summary: Get cases for an alert tags: - - saved objects - /api/saved_objects/_bulk_resolve: - post: - deprecated: true + - cases + x-technical-preview: true + /api/cases/configure: + get: description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects + Get setting details such as the closure type, custom fields, templatse, + and the default connector for cases. You must have `read` privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where the cases were created. + operationId: getCaseConfigurationDefaultSpace parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getConfigurationResponse: + $ref: '#/components/examples/Cases_get_case_configuration_response' schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects - tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': + items: + type: object + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are + not used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want + a default connector, use `none`. To retrieve + connector IDs, use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + customFields: + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the + `type` is `text`, the default value must be a + string. If the `type` is `toggle`, the default + value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: >- + The custom field label that is displayed in the + case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If + `false`, the custom field can be set to null or + omitted when a case is created or updated. + type: boolean + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzIwNzMsMV0= + type: string + type: array + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case settings tags: - - saved objects - /api/saved_objects/_export: + - cases post: description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault + Case settings include external connection details, custom fields, and + templates. Connectors are used to interface with external systems. You + must create a connector before you can use it in your cases. If you set + a default connector, it is automatically selected when you create cases + in Kibana. If you use the create case API, however, you must still + specify all of the connector details. You must have `all` privileges for + the **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where you are creating cases. + operationId: setCaseConfigurationDefaultSpace parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' + setCaseConfigRequest: + $ref: '#/components/examples/Cases_set_case_configuration_request' schema: - type: object - properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array - required: true + $ref: '#/components/schemas/Cases_set_case_configuration_request' responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' + setCaseConfigResponse: + $ref: '#/components/examples/Cases_set_case_configuration_response' schema: - additionalProperties: true type: object - description: Indicates a successful call. - '400': + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + customFields: + description: Custom fields configuration details. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` + is `text`, the default value must be a string. If + the `type` is `toggle`, the default value must be + boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: >- + The custom field label that is displayed in the + case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, + the custom field can be set to null or omitted when + a case is created or updated. + type: boolean + type: array + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: + items: + type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzIwNzMsMV0= + type: string + description: Indicates a successful call. + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Add case settings tags: - - saved objects - /api/saved_objects/_find: - get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects + - cases + '/api/cases/configure/{configurationId}': + patch: + description: > + Updates setting details such as the closure type, custom fields, + templates, and the default connector for cases. Connectors are used to + interface with external systems. You must create a connector before you + can use it in your cases. You must have `all` privileges for the + **Cases** feature in the **Management**, **Observability**, or + **Security** section of the Kibana feature privileges, depending on + where the case was created. + operationId: updateCaseConfigurationDefaultSpace parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. - in: query - name: fields - schema: - oneOf: - - type: string - - type: array - - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. - in: query - name: has_reference - schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator - schema: - type: string - - description: The page of objects to return. - in: query - name: page - schema: - type: integer - - description: The number of objects to return per page. - in: query - name: per_page - schema: - type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. - in: query - name: sort_field - schema: - type: string - - description: The saved object types to include. - in: query - name: type - required: true - schema: - oneOf: - - type: string - - type: array - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Cases_kbn_xsrf' + - $ref: '#/components/parameters/Cases_configuration_id' requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' + updateCaseConfigurationRequest: + $ref: '#/components/examples/Cases_update_case_configuration_request' schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true + $ref: '#/components/schemas/Cases_update_case_configuration_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' + updateCaseConfigurationResponse: + $ref: >- + #/components/examples/Cases_update_case_configuration_response schema: type: object properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects - tags: - - saved objects - /api/saved_objects/_resolve_import_errors: - post: - description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. - in: query - name: createNewCopies - required: false - schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request - schema: - type: object - properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: type: object properties: - destinationId: + fields: description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string + The fields specified in the case configuration are not + used and are not propagated to individual cases, + therefore it is recommended to set it to `null`. + nullable: true + type: object id: - description: The saved object ID. - type: string - ignoreMissingReferences: description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - overwrite: + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector + IDs, use the find connectors API. + example: none + type: string + name: description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array + The name of the connector. If you do not want a + default connector, use `none`. To retrieve connector + names, use the find connectors API. + example: none + type: string type: - description: The saved object type. + $ref: '#/components/schemas/Cases_connector_types' + created_at: + example: '2022-06-01T17:07:17.767Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true type: string required: - - type - - id - type: array - required: - - retries - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response - schema: - type: object - properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. + - email + - full_name + - username + customFields: + description: Custom fields configuration details. items: type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` + is `text`, the default value must be a string. If + the `type` is `toggle`, the default value must be + boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower + case and composed only of a-z, 0-9, '_', and '-' + characters. It is used in API calls to refer to a + specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: >- + The custom field label that is displayed in the + case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, + the custom field can be set to null or omitted when + a case is created or updated. + type: boolean type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. + error: + example: null + nullable: true + type: string + id: + example: 4a97a440-e1cd-11ec-be9b-9b1838238ee6 + type: string + mappings: items: type: object + properties: + action_type: + example: overwrite + type: string + source: + example: title + type: string + target: + example: summary + type: string type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + updated_at: + example: '2022-06-01T19:58:48.169Z' + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzIwNzMsMV0= + type: string description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors - tags: - - saved objects - '/api/saved_objects/{type}': - post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - '409': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Update case settings tags: - - saved objects - '/api/saved_objects/{type}/{id}': + - cases + /api/cases/configure/connectors/_find: get: - deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + description: > + Get information about connectors that are supported for use in cases. + You must have `read` privileges for the **Actions and Connectors** + feature in the **Management** section of the Kibana feature privileges. + operationId: findCaseConnectorsDefaultSpace responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + findConnectorResponse: + $ref: '#/components/examples/Cases_find_connector_response' schema: - type: object + items: + type: object + properties: + actionTypeId: + $ref: '#/components/schemas/Cases_connector_types' + config: + additionalProperties: true + type: object + properties: + apiUrl: + type: string + projectKey: + type: string + id: + type: string + isDeprecated: + type: boolean + isMissingSecrets: + type: boolean + isPreconfigured: + type: boolean + name: + type: string + referencedByCount: + type: integer + maxItems: 1000 + type: array description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case connectors tags: - - saved objects - post: - deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId + - cases + /api/cases/reporters: + get: + description: > + Returns information about the users who opened cases. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases. The API returns + information about the users as they existed at the time of the case + creation, including their name, full name, and email address. If any of + those details change thereafter or if a user is deleted, the information + returned by this API is unchanged. + operationId: getCaseReportersDefaultSpace parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: 'If true, overwrites the document with the same identifier.' - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - required: - - attributes - required: true + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getReportersResponse: + $ref: '#/components/examples/Cases_get_reporters_response' schema: - type: object + items: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + maxItems: 10000 + type: array description: Indicates a successful call. - '409': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case creators tags: - - saved objects - put: + - cases + /api/cases/status: + get: deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject + description: > + Returns the number of cases that are open, closed, and in progress. + Deprecated in 8.1.0. This API is deprecated and will be removed in a + future release; use the find cases API instead. You must have `read` + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + operationId: getCaseStatusDefaultSpace parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - required: true + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object + properties: + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case status summary tags: - - saved objects - '/api/saved_objects/resolve/{type}/{id}': + - cases + /api/cases/tags: get: - deprecated: true description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject + Aggregates and returns a list of case tags. You must have read + privileges for the **Cases** feature in the **Management**, + **Observability**, or **Security** section of the Kibana feature + privileges, depending on the owner of the cases you're seeking. + operationId: getCaseTagsDefaultSpace parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - $ref: '#/components/parameters/Cases_owner' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getTagsResponse: + $ref: '#/components/examples/Cases_get_tags_response' schema: - type: object + items: + type: string + maxItems: 10000 + type: array description: Indicates a successful call. - '400': + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case tags tags: - - saved objects - /api/status: + - cases + /api/data_views: get: - operationId: /api/status#0 - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean + operationId: getAllDataViewsDefault responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status - tags: - - system - '/s/{spaceId}/api/observability/slos': - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp + type: object + properties: + data_view: + items: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views + tags: + - data views + /api/data_views/data_view: + post: + operationId: createDataViewDefaultw parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: 'The page to use for pagination, must be greater or equal than 1' - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' + $ref: '#/components/schemas/Data_views_400_response' description: Bad request - '401': + summary: Create a data view + tags: + - data views + '/api/data_views/data_view/{viewId}': + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '204': + description: Indicates a successful call. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view + tags: + - data views + get: + operationId: getDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view tags: - - slo + - data views post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp + operationId: updateDataViewDefault parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' schema: - $ref: '#/components/schemas/SLOs_create_slo_request' + $ref: '#/components/schemas/Data_views_update_data_view_request_object' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' + $ref: '#/components/schemas/Data_views_400_response' description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO + summary: Update a data view tags: - - slo - '/s/{spaceId}/api/observability/slos/_delete_instances': + - data views + '/api/data_views/data_view/{viewId}/fields': post: description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp + Update fields presentation metadata such as count, customLabel, + customDescription, and format. + operationId: updateFieldsMetadataDefault parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + type: object + properties: + fields: + description: The field object. + type: object + required: + - fields required: true responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data - tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}': - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - responses: - '204': - description: Successful request + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' + $ref: '#/components/schemas/Data_views_400_response' description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + summary: Update data view fields metadata + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field': + post: + operationId: createRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO + type: object + description: Indicates a successful call. + summary: Create a runtime field tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp + - data views + put: + operationId: createUpdateRuntimeFieldDefault parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. + in: path + name: viewId + required: true schema: type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' + $ref: '#/components/schemas/Data_views_400_response' description: Bad request - '401': + summary: Create or update a runtime field + tags: + - data views + '/api/data_views/data_view/{viewId}/runtime_field/{fieldName}': + delete: + operationId: deleteRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view + tags: + - data views + get: + operationId: getRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp + - data views + post: + operationId: updateRuntimeFieldDefault parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' schema: - $ref: '#/components/schemas/SLOs_update_slo_request' + type: object + properties: + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' + $ref: '#/components/schemas/Data_views_400_response' description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO + summary: Update a runtime field tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/_reset': - post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - data views + /api/data_views/default: + get: + operationId: getDefaultDataViewDefault responses: - '204': + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + getDefaultDataViewResponse: + $ref: >- + #/components/examples/Data_views_get_default_data_view_response schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + type: object + properties: + data_view_id: + type: string + description: Indicates a successful call. '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' + $ref: '#/components/schemas/Data_views_400_response' description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO + summary: Get the default data view tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/disable': + - data views post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp + operationId: setDefaultDatailViewDefault parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + setDefaultDataViewRequest: + $ref: '#/components/examples/Data_views_set_default_data_view_request' + schema: + type: object + properties: + data_view_id: + description: > + The data view identifier. NOTE: The API does not validate + whether it is a valid identifier. Use `null` to unset the + default data view. + nullable: true + type: string + force: + default: false + description: Update an existing default data view identifier. + type: boolean + required: + - data_view_id + required: true responses: '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Set the default data view + tags: + - data views + /api/data_views/swap_references: + post: + description: > + Changes saved object references from one data view identifier to + another. WARNING: Misuse can break large numbers of saved objects! + Practicing with a backup is recommended. + operationId: swapDataViewsDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + swapDataViewRequest: + $ref: '#/components/examples/Data_views_swap_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO + type: object + properties: + deleteStatus: + type: object + properties: + deletePerformed: + type: boolean + remainingRefs: + type: integer + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Swap saved object references tags: - - slo - '/s/{spaceId}/api/observability/slos/{sloId}/enable': + - data views + /api/data_views/swap_references/_preview: post: description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp + Preview the impact of swapping saved object references from one data + view identifier to another. + operationId: previewSwapDataViewsDefault parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + previewSwapDataViewRequest: + $ref: >- + #/components/examples/Data_views_preview_swap_data_view_request + schema: + $ref: '#/components/schemas/Data_views_swap_data_view_request_object' + required: true responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': + type: object + properties: + result: + items: + type: object + properties: + id: + description: A saved object identifier. + type: string + type: + description: The saved object type. + type: string + type: array + description: Indicates a successful call. + summary: Preview a saved object reference swap + tags: + - data views + /api/encrypted_saved_objects/_rotate_key: + post: + description: > + Superuser role required. + + + If a saved object cannot be decrypted using the primary encryption key, + then Kibana will attempt to decrypt it using the specified + decryption-only keys. In most of the cases this overhead is negligible, + but if you're dealing with a large number of saved objects and + experiencing performance issues, you may want to rotate the encryption + key. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: rotateEncryptionKey + parameters: + - description: > + Specifies a maximum number of saved objects that Kibana can process + in a single batch. Bulk key rotation is an iterative process since + Kibana may not be able to fetch and process all required saved + objects in one go and splits processing into consequent batches. By + default, the batch size is 10000, which is also a maximum allowed + value. + in: query + name: batch_size + required: false + schema: + default: 10000 + type: number + - description: > + Limits encryption key rotation only to the saved objects with the + specified type. By default, Kibana tries to rotate the encryption + key for all saved object types that may contain encrypted + attributes. + in: query + name: type + required: false + schema: + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + rotateEncryptionKeyResponse: + $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + type: object + properties: + failed: + description: > + Indicates the number of the saved objects that were still + encrypted with one of the old encryption keys that Kibana + failed to re-encrypt with the primary key. + type: number + successful: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + + + NOTE: In most cases, `total` will be greater than + `successful` even if `failed` is zero. The reason is that + Kibana may not need or may not be able to rotate + encryption keys for all encrypted saved objects. + type: number + total: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + type: number + description: Indicates a successful call. + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + '429': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO + type: object + description: Already in progress. + summary: Rotate a key for encrypted saved objects tags: - - slo -components: - examples: + - saved objects + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync saved objects in the default space + tags: + - ml + /api/saved_objects/_bulk_create: + post: + deprecated: true + operationId: bulkCreateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: 'When true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Create saved objects + tags: + - saved objects + /api/saved_objects/_bulk_delete: + post: + deprecated: true + description: | + WARNING: When you delete a saved object, it cannot be recovered. + operationId: bulkDeleteSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Delete saved objects + tags: + - saved objects + /api/saved_objects/_bulk_get: + post: + deprecated: true + operationId: bulkGetSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Get saved objects + tags: + - saved objects + /api/saved_objects/_bulk_resolve: + post: + deprecated: true + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + operationId: bulkResolveSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Resolve saved objects + tags: + - saved objects + /api/saved_objects/_bulk_update: + post: + deprecated: true + description: Update the attributes for multiple Kibana saved objects. + operationId: bulkUpdateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Update saved objects + tags: + - saved objects + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_find: + get: + deprecated: true + description: Retrieve a paginated set of Kibana saved objects. + operationId: findSavedObjects + parameters: + - description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + in: query + name: aggs + schema: + type: string + - description: The default operator to use for the `simple_query_string`. + in: query + name: default_search_operator + schema: + type: string + - description: The fields to return in the attributes key of the response. + in: query + name: fields + schema: + oneOf: + - type: string + - type: array + - description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + in: query + name: has_no_reference + schema: + type: object + - description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + in: query + name: has_no_reference_operator + schema: + type: string + - description: >- + Filters to objects that have a relationship with the type and ID + combination. + in: query + name: has_reference + schema: + type: object + - description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. + in: query + name: has_reference_operator + schema: + type: string + - description: The page of objects to return. + in: query + name: page + schema: + type: integer + - description: The number of objects to return per page. + in: query + name: per_page + schema: + type: integer + - description: >- + An Elasticsearch `simple_query_string` query that filters the + objects in the response. + in: query + name: search + schema: + type: string + - description: >- + The fields to perform the `simple_query_string` parsed query + against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - type: array + - description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + in: query + name: sort_field + schema: + type: string + - description: The saved object types to include. + in: query + name: type + required: true + schema: + oneOf: + - type: string + - type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Search for saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + /api/saved_objects/_resolve_import_errors: + post: + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: resolveImportErrors + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + - description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + in: query + name: createNewCopies + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request + schema: + type: object + properties: + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. + items: + type: object + properties: + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + items: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + type: array + type: + description: The saved object type. + type: string + required: + - type + - id + type: array + required: + - retries + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsResponse: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_response + schema: + type: object + properties: + errors: + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. + items: + type: object + type: array + success: + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve import errors + tags: + - saved objects + '/api/saved_objects/{type}': + post: + deprecated: true + description: Create a Kibana saved object with a randomly generated identifier. + operationId: createSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + '/api/saved_objects/{type}/{id}': + get: + deprecated: true + description: Retrieve a single Kibana saved object by identifier. + operationId: getSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Get a saved object + tags: + - saved objects + post: + deprecated: true + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + operationId: createSavedObjectId + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: 'If true, overwrites the document with the same identifier.' + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + put: + deprecated: true + description: Update the attributes for Kibana saved objects. + operationId: updateSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates the object was not found. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Update a saved object + tags: + - saved objects + '/api/saved_objects/resolve/{type}/{id}': + get: + deprecated: true + description: > + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + operationId: resolveSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve a saved object + tags: + - saved objects + /api/status: + get: + operationId: /api/status#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /data_streams: + get: + operationId: data-streams-list + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + operationId: create-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/enrollment_api_keys/{keyId}': + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + operationId: get-enrollment-api-key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + deprecated: true + operationId: create-enrollment-api-keys-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + '/enrollment-api-keys/{keyId}': + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + deprecated: true + operationId: get-enrollment-api-key-deprecated + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /epm/bulk_assets: + post: + operationId: bulk-get-assets + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array + required: + - assetIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /epm/categories: + get: + operationId: get-package-categories + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories + tags: + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /epm/packages: + get: + operationId: list-all-packages + parameters: + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus + schema: + default: false + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: category + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List packages + tags: + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgkey}': + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + get: + deprecated: true + operationId: get-package-deprecated + parameters: + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/{pkgVersion}': + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package + tags: + - Elastic Package Manager (EPM) + get: + operationId: get-package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/{pkgVersion}/{filePath}': + get: + operationId: packages-get-file + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + '/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize': + post: + description: '' + operationId: reauthorize-transforms + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + transforms: + items: + type: object + properties: + transformId: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + '/epm/packages/{pkgName}/stats': + get: + operationId: get-package-stats + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + /epm/packages/limited: + get: + operationId: list-limited-packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + parameters: [] + '/epm/templates/{pkgName}/{pkgVersion}/inputs': + get: + operationId: get-inputs-template + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /epm/verification_key_id: + get: + operationId: packages-get-verification-key-id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + parameters: [] + /fleet_server_hosts: + get: + operationId: get-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + post: + operationId: post-fleet-server-hosts + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + '/fleet_server_hosts/{itemId}': + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID + tags: + - Fleet Server hosts + /health_check: + post: + operationId: fleet-server-health-check + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + type: string + required: + - id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + description: Fleet Server host id + type: string + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check + tags: + - Fleet internals + /kubernetes: + get: + operationId: get-full-k8s-manifest + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + /logstash_api_keys: + post: + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + '/outputs/{outputId}': + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID + tags: + - Fleet outputs + get: + operationId: get-output + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + put: + operationId: update-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID + tags: + - Fleet outputs + '/outputs/{outputId}/health': + get: + operationId: get-output-health + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: 'state of output, HEALTHY or DEGRADED' + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /package_policies: + get: + operationId: get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy + tags: + - Fleet package policies + /package_policies/_bulk_get: + post: + operationId: bulk-get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get package policies + tags: + - Fleet package policies + '/package_policies/{packagePolicyId}': + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID + tags: + - Fleet package policies + get: + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + sucess: + type: boolean + required: + - item + - sucess + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID + tags: + - Fleet package policies + /package_policies/delete: + post: + operationId: post-delete-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy + tags: + - Fleet package policies + /package_policies/upgrade: + post: + operationId: upgrade-package-policy + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade + tags: + - Fleet package policies + /proxies: + get: + operationId: get-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List proxies + tags: + - Fleet proxies + post: + operationId: post-fleet-proxies + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create proxy + tags: + - Fleet proxies + '/proxies/{itemId}': + delete: + operationId: delete-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID + tags: + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + '/s/{spaceId}/api/observability/slos': + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: 'The page to use for pagination, must be greater or equal than 1' + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + summary: Create an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/_delete_instances': + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + summary: Batch delete rollup and summary data + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}': + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/_reset': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/disable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + '/s/{spaceId}/api/observability/slos/{sloId}/enable': + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO + tags: + - slo + /service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /settings: + get: + operationId: get-settings + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings + tags: + - Fleet internals + /settings/enrollment: + get: + operationId: get-enrollment-settings + parameters: + - description: >- + An agent policy ID to scope the enrollment settings to. For example, + that policy's Fleet Server host, its proxy, download location, etc. + If not provided, the default Fleet Server policy is used (if any). + in: query + name: agentPolicyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_enrollment_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment settings + tags: + - Fleet internals + /setup: + post: + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + description: Internal Server Error + summary: Initiate Fleet setup + tags: + - Fleet internals + /uninstall_tokens: + get: + operationId: get-uninstall-tokens + parameters: + - description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + '/uninstall_tokens/{uninstallTokenId}': + get: + operationId: get-uninstall-token + parameters: + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID + tags: + - Fleet uninstall tokens +components: + examples: Cases_add_comment_request: summary: Adds a comment to a case. value: @@ -6509,87 +10213,360 @@ components: aggregatable: false count: 0 esTypes: - - _id + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: '$0,0.[00]' + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer format: - id: string + id: number isMapped: true - name: _id - readFromDocValues: false + name: FlightDelayMin + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: string - _index: + type: number + FlightDelayType: aggregatable: true count: 0 esTypes: - - _index + - keyword format: id: string isMapped: true - name: _index - readFromDocValues: false + name: FlightDelayType + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - _score: - aggregatable: false + FlightNum: + aggregatable: true count: 0 + esTypes: + - keyword format: - id: number + id: string isMapped: true - name: _score - readFromDocValues: false + name: FlightNum + readFromDocValues: true scripted: false - searchable: false + searchable: true shortDotsEnable: false - type: number - _source: - aggregatable: false + type: string + FlightTimeHour: + aggregatable: true count: 0 esTypes: - - _source + - keyword format: - id: _source + id: string isMapped: true - name: _source - readFromDocValues: false + name: FlightTimeHour + readFromDocValues: true scripted: false - searchable: false + searchable: true shortDotsEnable: false - type: _source - AvgTicketPrice: + type: string + FlightTimeMin: aggregatable: true count: 0 esTypes: - float format: id: number - params: - pattern: '$0,0.[00]' isMapped: true - name: AvgTicketPrice + name: FlightTimeMin readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: number - Cancelled: + hour_of_day: aggregatable: true count: 0 esTypes: - - boolean + - long format: - id: boolean + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string isMapped: true - name: Cancelled + name: Origin readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: boolean - Carrier: + type: string + OriginAirportID: aggregatable: true count: 0 esTypes: @@ -6597,27 +10574,27 @@ components: format: id: string isMapped: true - name: Carrier + name: OriginAirportID readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - dayOfWeek: + OriginCityName: aggregatable: true count: 0 esTypes: - - integer + - keyword format: - id: number + id: string isMapped: true - name: dayOfWeek + name: OriginCityName readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - type: number - Dest: + type: string + OriginCountry: aggregatable: true count: 0 esTypes: @@ -6625,13 +10602,29 @@ components: format: id: string isMapped: true - name: Dest + name: OriginCountry readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - DestAirportID: + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: aggregatable: true count: 0 esTypes: @@ -6639,13 +10632,13 @@ components: format: id: string isMapped: true - name: DestAirportID + name: OriginRegion readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - DestCityName: + OriginWeather: aggregatable: true count: 0 esTypes: @@ -6653,983 +10646,2342 @@ components: format: id: string isMapped: true - name: DestCityName + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: 'emit(doc[''timestamp''].value.getHour());' + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: 'emit(doc["bar"].value)' + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Saved_objects_import_objects_request: + value: + file: file.ndjson + Saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + Saved_objects_key_rotation_response: + summary: Encryption key rotation using default parameters. + value: + failed: 0 + successful: 300 + total: 1000 + Saved_objects_resolve_missing_reference_request: + value: + file: file.ndjson + retries: + - id: my-pattern + overwrite: true + type: index-pattern + - destinationId: another-vis + id: my-vis + overwrite: true + type: visualization + - destinationId: yet-another-canvas + id: my-canvas + overwrite: true + type: canvas + - id: my-dashboard + type: dashboard + Saved_objects_resolve_missing_reference_response: + summary: Resolve missing reference errors. + value: + success: true + successCount: 3 + successResults: + - id: my-vis + meta: + icon: visualizeApp + title: Look at my visualization + type: visualization + - id: my-search + meta: + icon: searchApp + title: Look at my search + type: search + - id: my-dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + type: dashboard + parameters: + Cases_alert_id: + description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + type: string + Cases_assignees: + description: > + Filters the returned cases by assignees. Valid values are `none` or + unique identifiers for the user profiles. These identifiers can be found + by using the suggest user profile API. + in: query + name: assignees + schema: + oneOf: + - type: string + - items: type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + maxItems: 100 + type: array + Cases_case_id: + description: >- + The identifier for the case. To retrieve case IDs, use the find cases + API. All non-ASCII characters must be URL encoded. + in: path + name: caseId + required: true + schema: + example: 9c235210-6834-11ea-a78c-6ffb38a34414 + type: string + Cases_category: + description: Filters the returned cases by category. + in: query + name: category + schema: + oneOf: + - example: my-category + type: string + - items: type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + maxItems: 100 + type: array + Cases_comment_id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + case or find cases APIs. + in: path + name: commentId + required: true + schema: + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + type: string + Cases_configuration_id: + description: An identifier for the configuration. + in: path + name: configurationId + required: true + schema: + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + type: string + Cases_connector_id: + description: >- + An identifier for the connector. To retrieve connector IDs, use the find + connectors API. + in: path + name: connectorId + required: true + schema: + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + type: string + Cases_defaultSearchOperator: + description: he default operator to use for the simple_query_string. + example: OR + in: query + name: defaultSearchOperator + schema: + default: OR + type: string + Cases_from: + description: > + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + in: query + name: from + schema: + example: now-1d + type: string + Cases_ids: + description: > + The cases that you want to removed. All non-ASCII characters must be URL + encoded. + example: d4e7abb0-b462-11ec-9a8d-698504725a43 + in: query + name: ids + required: true + schema: + items: + maxItems: 100 + minItems: 1 + type: string + type: array + Cases_includeComments: + deprecated: true + description: >- + Deprecated in 8.1.0. This parameter is deprecated and will be removed in + a future release. It determines whether case comments are returned. + in: query + name: includeComments + schema: + default: true + type: boolean + Cases_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Cases_owner: + description: > + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + example: cases + in: query + name: owner + schema: + oneOf: + - $ref: '#/components/schemas/Cases_owners' + - items: + $ref: '#/components/schemas/Cases_owners' + type: array + Cases_page_index: + description: The page number to return. + in: query + name: page + required: false + schema: + default: 1 + type: integer + Cases_page_size: + description: The number of items to return. Limited to 100 items. + in: query + name: perPage + required: false + schema: + default: 20 + maximum: 100 + type: integer + Cases_reporters: + description: Filters the returned cases by the user name of the reporter. + example: elastic + in: query + name: reporters + schema: + oneOf: + - type: string + - items: type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + maxItems: 100 + type: array + Cases_search: + description: >- + An Elasticsearch simple_query_string query that filters the objects in + the response. + in: query + name: search + schema: + type: string + Cases_searchFields: + description: The fields to perform the simple_query_string parsed query against. + in: query + name: searchFields + schema: + oneOf: + - $ref: '#/components/schemas/Cases_searchFieldsType' + - items: + $ref: '#/components/schemas/Cases_searchFieldsType' + type: array + Cases_severity: + description: The severity of the case. + in: query + name: severity + schema: + enum: + - critical + - high + - low + - medium + type: string + Cases_sort_order: + description: Determines the sort order. + in: query + name: sortOrder + required: false + schema: + default: desc + enum: + - asc + - desc + type: string + Cases_sortField: + description: Determines which field is used to sort the results. + example: updatedAt + in: query + name: sortField + schema: + default: createdAt + enum: + - createdAt + - updatedAt + - closedAt + - title + - category + - status + - severity + type: string + Cases_status: + description: Filters the returned cases by state. + example: open + in: query + name: status + schema: + enum: + - closed + - in-progress + - open + type: string + Cases_tags: + description: Filters the returned cases by tags. + example: tag-1 + in: query + name: tags + schema: + oneOf: + - type: string + - items: type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + maxItems: 100 + type: array + Cases_to: + description: > + Returns only cases that were created before a specific date. The date + must be specified as a KQL data range or date match expression. + example: now+1d + in: query + name: to + schema: + type: string + Cases_user_action_types: + description: Determines the types of user actions to return. + example: create_case + in: query + name: types + schema: + items: + enum: + - action + - alert + - assignees + - attachment + - comment + - connector + - create_case + - description + - pushed + - settings + - severity + - status + - tags + - title + - user + type: string + type: array + Connectors_action_id: + description: An identifier for the action. + in: path + name: actionId + required: true + schema: + example: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad + type: string + Connectors_connector_id: + description: An identifier for the connector. + in: path + name: connectorId + required: true + schema: + example: df770e30-8b8b-11ed-a780-3b746c987a81 + type: string + Connectors_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Fleet_format: + description: Simplified or legacy format for package inputs + in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf + required: true + schema: + type: string + Fleet_kuery: + in: query + name: kuery + required: false + schema: + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: 'Return agent metrics, false by default' + in: query + name: withMetrics + required: false + schema: + type: boolean + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Saved_objects_saved_object_id: + description: An identifier for the saved object. + in: path + name: id + required: true + schema: + type: string + Saved_objects_saved_object_type: + description: >- + Valid options include `visualization`, `dashboard`, `search`, + `index-pattern`, `config`. + in: path + name: type + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Connectors_200_actions: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Connectors_action_response_properties' + description: Indicates a successful call. + Connectors_401: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Unauthorized + example: Unauthorized + type: string + message: + type: string + statusCode: + enum: + - 401 + example: 401 + type: integer + title: Unauthorized response + type: object + description: Authorization information is missing or invalid. + Connectors_404: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not + found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + title: Not found response + type: object + description: Object is not found. + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: + Cases_4xx_response: + properties: + error: + example: Unauthorized + type: string + message: + type: string + statusCode: + example: 401 + type: integer + title: Unsuccessful cases API response + type: object + Cases_action_types: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + type: string + Cases_actions: + enum: + - add + - create + - delete + - push_to_service + - update + example: create + type: string + Cases_add_alert_comment_request_properties: + description: Defines properties for case comment requests when type is alert. + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + enum: + - alert + example: alert + type: string + required: + - alertId + - index + - owner + - rule + - type + title: Add case comment request properties for alerts + Cases_add_case_comment_request: + description: >- + The add comment to case API request body varies depending on whether you + are adding an alert or a comment. + discriminator: + mapping: + alert: '#/components/schemas/Cases_add_alert_comment_request_properties' + user: '#/components/schemas/Cases_add_user_comment_request_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' + title: Add case comment request + Cases_add_user_comment_request_properties: + description: Defines properties for case comment requests when type is user. + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + example: A new comment. + maxLength: 30000 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + type: + description: The type of comment. + enum: + - user + example: user + type: string + required: + - comment + - owner + - type + title: Add case comment request properties for user comments + type: object + Cases_alert_comment_response_properties: + title: Add case comment response properties for alerts + type: object + properties: + alertId: + items: + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + type: string + type: array + created_at: + example: '2023-11-06T19:29:38.424Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + username: + example: elastic + nullable: true type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - email + - full_name + - username + id: + example: 73362370-ab1a-11ec-985f-97e55adae8b9 + type: string + index: + items: + example: .internal.alerts-security.alerts-default-000001 + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + example: null + format: date-time + nullable: true + type: string + pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert + example: alert + type: string + updated_at: + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: 'emit(doc[''timestamp''].value.getHour());' - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: 'emit(doc["bar"].value)' - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Saved_objects_import_objects_request: - value: - file: file.ndjson - Saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - Saved_objects_key_rotation_response: - summary: Encryption key rotation using default parameters. - value: - failed: 0 - successful: 300 - total: 1000 - Saved_objects_resolve_missing_reference_request: - value: - file: file.ndjson - retries: - - id: my-pattern - overwrite: true - type: index-pattern - - destinationId: another-vis - id: my-vis - overwrite: true - type: visualization - - destinationId: yet-another-canvas - id: my-canvas - overwrite: true - type: canvas - - id: my-dashboard - type: dashboard - Saved_objects_resolve_missing_reference_response: - summary: Resolve missing reference errors. - value: - success: true - successCount: 3 - successResults: - - id: my-vis - meta: - icon: visualizeApp - title: Look at my visualization - type: visualization - - id: my-search - meta: - icon: searchApp - title: Look at my search - type: search - - id: my-dashboard - meta: - icon: dashboardApp - title: Look at my dashboard - type: dashboard - parameters: - Cases_alert_id: - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 - type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzMwNDgsMV0= + type: string + required: + - type + Cases_alert_identifiers: + description: > + The alert identifiers. It is required only when `type` is `alert`. You + can use an array of strings to add multiple alerts to a case, provided + that they all relate to the same rule; `index` must also be an array + with the same length or number of elements. Adding multiple alerts in + this manner is recommended rather than calling the API multiple times. + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert identifiers + x-technical-preview: true + Cases_alert_indices: + description: > + The alert indices. It is required only when `type` is `alert`. If you + are adding multiple alerts to a case, use an array of strings; the + position of each index name in the array must match the position of the + corresponding alert identifier in the `alertId` array. This + functionality is in technical preview and may be changed or removed in a + future release. Elastic will work to fix any issues, but features in + technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert indices + x-technical-preview: true + Cases_alert_response_properties: + type: object + properties: + attached_at: + format: date-time + type: string + id: + description: The alert identifier. + type: string + index: + description: The alert index. + type: string Cases_assignees: + description: An array containing users that are assigned to the case. + items: + type: object + properties: + uid: + description: >- + A unique identifier for the user profile. These identifiers can be + found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + type: string + required: + - uid + maxItems: 10 + nullable: true + type: array + Cases_case_category: + description: A word or phrase that categorizes the case. + maxLength: 50 + type: string + Cases_case_description: + description: The description for the case. + maxLength: 30000 + type: string + Cases_case_response_closed_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for closed_by + type: object + Cases_case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Cases_case_response_properties: + title: Case response properties + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + description: The case category. + nullable: true + type: string + closed_at: + format: date-time + nullable: true + type: string + closed_by: + $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + comments: + description: An array of comment objects for the case. + items: + discriminator: + mapping: + alert: '#/components/schemas/Cases_alert_comment_response_properties' + user: '#/components/schemas/Cases_user_comment_response_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + maxItems: 10000 + title: Case response properties for comments + type: array + connector: + discriminator: + mapping: + .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' + .jira: '#/components/schemas/Cases_connector_properties_jira' + .none: '#/components/schemas/Cases_connector_properties_none' + .resilient: '#/components/schemas/Cases_connector_properties_resilient' + .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' + .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' + .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + title: Case response properties for connectors + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + customFields: + description: Custom field values for the case. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + type: array + description: + example: A case description. + type: string + duration: + description: > + The elapsed time from the creation of the case to its closure (in + seconds). If the case has not been closed, the duration is set to + null. If the case was closed after less than half a second, the + duration is rounded down to zero. + example: 120 + nullable: true + type: integer + external_service: + $ref: '#/components/schemas/Cases_external_service' + id: + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + example: + - tag-1 + items: + type: string + type: array + title: + example: Case title 1 + type: string + totalAlerts: + example: 0 + type: integer + totalComment: + example: 0 + type: integer + updated_at: + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + example: WzUzMiwxXQ== + type: string + required: + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version + Cases_case_response_pushed_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for pushed_by + type: object + Cases_case_response_updated_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for updated_by + type: object + Cases_case_severity: + default: low + description: The severity of the case. + enum: + - critical + - high + - low + - medium + type: string + Cases_case_status: + description: The status of the case. + enum: + - closed + - in-progress + - open + type: string + Cases_case_tags: description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. - in: query - name: assignees - schema: - oneOf: - - type: string - - items: + The words and phrases that help categorize cases. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_case_title: + description: A title for the case. + maxLength: 160 + type: string + Cases_closure_types: + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). + enum: + - close-by-pushing + - close-by-user + example: close-by-user + type: string + Cases_connector_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + example: null + nullable: true + type: string + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .cases-webhook + example: .cases-webhook + type: string + required: + - fields + - id + - name + - type + title: Create or upate case request properties for Cases Webhook connector + Cases_connector_properties_jira: + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + issueType: + description: The type of issue. + nullable: true + type: string + parent: + description: 'The key of the parent issue, when the issue type is sub-task.' + nullable: true + type: string + priority: + description: The priority of the issue. + nullable: true + type: string + required: + - issueType + - parent + - priority + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .jira + example: .jira + type: string + required: + - fields + - id + - name + - type + title: Create or update case request properties for a Jira connector + Cases_connector_properties_none: + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case without + a connector, specify null. To update a case to remove the connector, + specify null. + example: null + nullable: true + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. To update a case to remove the connector, + specify `none`. + example: none + type: string + name: + description: >- + The name of the connector. To create a case without a connector, use + `none`. To update a case to remove the connector, specify `none`. + example: none + type: string + type: + description: >- + The type of connector. To create a case without a connector, use + `.none`. To update a case to remove the connector, specify `.none`. + enum: + - .none + example: .none + type: string + required: + - fields + - id + - name + - type + title: Create or update case request properties for no connector + Cases_connector_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + nullable: true + type: object + properties: + issueTypes: + description: The type of incident. + items: + type: string + type: array + severityCode: + description: The severity code of the incident. + type: string + required: + - issueTypes + - severityCode + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .resilient + example: .resilient + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a IBM Resilient connector + Cases_connector_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + impact: + description: The effect an incident had on business. + nullable: true + type: string + severity: + description: The severity of the incident. + nullable: true + type: string + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + urgency: + description: The extent to which the incident resolution can be delayed. + nullable: true + type: string + required: + - category + - impact + - severity + - subcategory + - urgency + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow + example: .servicenow + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow ITSM connector + Cases_connector_properties_servicenow_sir: + description: Defines properties for connectors when type is `.servicenow-sir`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs. + nullable: true + type: boolean + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs. + nullable: true + type: boolean + priority: + description: The priority of the issue. + nullable: true + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident. + nullable: true + type: string + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow SecOps connector + Cases_connector_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + nullable: true + type: string + required: + - caseId + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .swimlane + example: .swimlane + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a Swimlane connector + Cases_connector_types: + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none + type: string + Cases_create_case_request: + description: >- + The create case API request body varies depending on the type of + connector. + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields that are + not specified in the request are set to null. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + required: + - connector + - description + - owner + - settings + - tags + - title + title: Create case request + type: object + Cases_external_service: + nullable: true + type: object + properties: + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + format: date-time + type: string + pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true type: string - maxItems: 100 - type: array - Cases_case_id: - description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. - in: path - name: caseId - required: true - schema: - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - type: string - Cases_category: - description: Filters the returned cases by category. - in: query - name: category - schema: - oneOf: - - example: my-category - type: string - - items: + full_name: + example: null + nullable: true type: string - maxItems: 100 - type: array - Cases_comment_id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. - in: path - name: commentId - required: true - schema: - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - type: string - Cases_configuration_id: - description: An identifier for the configuration. - in: path - name: configurationId - required: true - schema: - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - type: string - Cases_connector_id: - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. - in: path - name: connectorId - required: true - schema: - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - type: string - Cases_defaultSearchOperator: - description: he default operator to use for the simple_query_string. - example: OR - in: query - name: defaultSearchOperator - schema: - default: OR - type: string - Cases_from: - description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. - in: query - name: from - schema: - example: now-1d - type: string - Cases_ids: - description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - in: query - name: ids - required: true - schema: - items: - maxItems: 100 - minItems: 1 - type: string - type: array - Cases_includeComments: - deprecated: true - description: >- - Deprecated in 8.1.0. This parameter is deprecated and will be removed in - a future release. It determines whether case comments are returned. - in: query - name: includeComments - schema: - default: true - type: boolean - Cases_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_owner: + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + Cases_owners: description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. + The application that owns the cases: Stack Management, Observability, or + Elastic Security. + enum: + - cases + - observability + - securitySolution example: cases - in: query - name: owner - schema: - oneOf: - - $ref: '#/components/schemas/Cases_owners' - - items: + type: string + Cases_payload_alert_comment: + type: object + properties: + comment: + type: object + properties: + alertId: + oneOf: + - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + type: string + - items: + type: string + type: array + index: + oneOf: + - example: .alerts-observability.logs.alerts-default + type: string + - items: + type: string + type: array + owner: $ref: '#/components/schemas/Cases_owners' - type: array - Cases_page_index: - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - type: integer - Cases_page_size: - description: The number of items to return. Limited to 100 items. - in: query - name: perPage - required: false - schema: - default: 20 - maximum: 100 - type: integer - Cases_reporters: - description: Filters the returned cases by the user name of the reporter. - example: elastic - in: query - name: reporters - schema: - oneOf: - - type: string - - items: + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert + type: string + Cases_payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + Cases_payload_connector: + type: object + properties: + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none type: string - maxItems: 100 - type: array - Cases_search: - description: >- - An Elasticsearch simple_query_string query that filters the objects in - the response. - in: query - name: search - schema: - type: string - Cases_searchFields: - description: The fields to perform the simple_query_string parsed query against. - in: query - name: searchFields - schema: - oneOf: - - $ref: '#/components/schemas/Cases_searchFieldsType' - - items: - $ref: '#/components/schemas/Cases_searchFieldsType' - type: array - Cases_severity: - description: The severity of the case. - in: query - name: severity - schema: - enum: - - critical - - high - - low - - medium - type: string - Cases_sort_order: - description: Determines the sort order. - in: query - name: sortOrder - required: false - schema: - default: desc - enum: - - asc - - desc - type: string - Cases_sortField: - description: Determines which field is used to sort the results. - example: updatedAt - in: query - name: sortField - schema: - default: createdAt - enum: - - createdAt - - updatedAt - - closedAt - - title - - category - - status - - severity - type: string - Cases_status: - description: Filters the returned cases by state. - example: open - in: query - name: status - schema: - enum: - - closed - - in-progress - - open - type: string - Cases_tags: - description: Filters the returned cases by tags. - example: tag-1 - in: query - name: tags - schema: - oneOf: - - type: string - - items: + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none type: string - maxItems: 100 - type: array - Cases_to: - description: > - Returns only cases that were created before a specific date. The date - must be specified as a KQL data range or date match expression. - example: now+1d - in: query - name: to - schema: - type: string - Cases_user_action_types: - description: Determines the types of user actions to return. - example: create_case - in: query - name: types - schema: - items: - enum: - - action - - alert - - assignees - - attachment - - comment - - connector - - create_case - - description - - pushed - - settings - - severity - - status - - tags - - title - - user + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none + type: string + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + description: type: string - type: array - Connectors_action_id: - description: An identifier for the action. - in: path - name: actionId - required: true - schema: - example: c55b6eb0-6bad-11eb-9f3b-611eebc6c3ad - type: string - Connectors_connector_id: - description: An identifier for the connector. - in: path - name: connectorId - required: true - schema: - example: df770e30-8b8b-11ed-a780-3b746c987a81 - type: string - Connectors_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Saved_objects_saved_object_id: - description: An identifier for the saved object. - in: path - name: id - required: true - schema: - type: string - Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - in: path - name: type - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + items: + example: + - tag-1 + type: string + type: array + title: + type: string + Cases_payload_delete: description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Connectors_200_actions: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Connectors_action_response_properties' - description: Indicates a successful call. - Connectors_401: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unauthorized response - type: object - description: Authorization information is missing or invalid. - Connectors_404: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - properties: - error: - enum: - - Not Found - example: Not Found - type: string - message: - example: >- - Saved object [action/baf33fc0-920c-11ed-b36a-874bd1548a00] not - found - type: string - statusCode: - enum: - - 404 - example: 404 - type: integer - title: Not found response - type: object - description: Object is not found. - schemas: - Cases_4xx_response: + If the `action` is `delete` and the `type` is `delete_case`, the payload + is nullable. + nullable: true + type: object + Cases_payload_description: + type: object + properties: + description: + type: string + Cases_payload_pushed: + type: object + properties: + externalService: + $ref: '#/components/schemas/Cases_external_service' + Cases_payload_settings: + type: object + properties: + settings: + $ref: '#/components/schemas/Cases_settings' + Cases_payload_severity: + type: object + properties: + severity: + $ref: '#/components/schemas/Cases_case_severity' + Cases_payload_status: + type: object + properties: + status: + $ref: '#/components/schemas/Cases_case_status' + Cases_payload_tags: + type: object + properties: + tags: + example: + - tag-1 + items: + type: string + type: array + Cases_payload_title: + type: object + properties: + title: + type: string + Cases_payload_user_comment: + type: object + properties: + comment: + type: object + properties: + comment: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + type: + enum: + - user + type: string + Cases_rule: + description: > + The rule that is associated with the alerts. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Alerting rule + type: object properties: - error: - example: Unauthorized + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 type: string - message: + name: + description: The rule name. + example: security_rule type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful cases API response - type: object - Cases_action_types: - description: The type of action. + x-technical-preview: true + Cases_searchFieldsType: + description: The fields to perform the `simple_query_string` parsed query against. enum: - - assignees - - create_case - - comment - - connector - - delete_case - description - - pushed - - tags - title - - status - - settings - - severity - example: create_case - type: string - Cases_actions: - enum: - - add - - create - - delete - - push_to_service - - update - example: create type: string - Cases_add_alert_comment_request_properties: + Cases_set_case_configuration_request: + description: >- + External connection details, such as the closure type and default + connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + maxItems: 10 + minItems: 0 + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + required: + - closure_type + - connector + - owner + title: Set case configuration request + type: object + Cases_settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + example: true + type: boolean + required: + - syncAlerts + Cases_template_tags: + description: > + The words and phrases that help categorize templates. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_templates: + items: + type: object + properties: + caseFields: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, therefore + it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector IDs, + use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + customFields: + description: Custom field values in the template. + items: + type: object + properties: + key: + description: The unique key for the custom field. + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + value: + description: > + The default value for the custom field when a case uses + the template. If the `type` is `text`, the default value + must be a string. If the `type` is `toggle`, the default + value must be boolean. + oneOf: + - type: string + - type: boolean + type: array + x-technical-preview: true + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + description: + description: A description for the template. + type: string + key: + description: > + A unique key for the template. Must be lower case and composed + only of a-z, 0-9, '_', and '-' characters. It is used in API calls + to refer to a specific template. + type: string + name: + description: The name of the template. + type: string + tags: + $ref: '#/components/schemas/Cases_template_tags' + type: array + x-technical-preview: true + Cases_update_alert_comment_request_properties: description: Defines properties for case comment requests when type is alert. type: object properties: alertId: $ref: '#/components/schemas/Cases_alert_identifiers' + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string index: $ref: '#/components/schemas/Cases_alert_indices' owner: @@ -7642,27 +12994,227 @@ components: - alert example: alert type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd + type: string required: - alertId + - id - index - owner - rule - type - title: Add case comment request properties for alerts - Cases_add_case_comment_request: + - version + title: Update case comment request properties for alerts + Cases_update_case_comment_request: description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. + The update case comment API request body varies depending on whether you + are updating an alert or a comment. discriminator: mapping: - alert: '#/components/schemas/Cases_add_alert_comment_request_properties' - user: '#/components/schemas/Cases_add_user_comment_request_properties' + alert: '#/components/schemas/Cases_update_alert_comment_request_properties' + user: '#/components/schemas/Cases_update_user_comment_request_properties' propertyName: type oneOf: - - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' - title: Add case comment request - Cases_add_user_comment_request_properties: + - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' + title: Update case comment request + Cases_update_case_configuration_request: + description: > + You can update settings such as the closure type, custom fields, + templates, and the default connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + type: array + templates: + $ref: '#/components/schemas/Cases_templates' + version: + description: > + The version of the connector. To retrieve the version value, use the + get configuration API. + example: WzIwMiwxXQ== + type: string + required: + - version + title: Update case configuration request + type: object + Cases_update_case_request: + description: >- + The update case API request body varies depending on the type of + connector. + properties: + cases: + description: An array containing one or more case objects. + items: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: >- + #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: >- + #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields + that are not specified in the request are set to null. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key + value must exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified + in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, + it cannot be explicitly set to null. However, for cases + that existed when the required custom field was added, + the default value stored in Elasticsearch is + `undefined`. The value returned in the API and user + interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + maxLength: 30000 + type: string + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: + description: >- + The current version of the case. To determine this value, use + the get case or find cases APIs. + type: string + required: + - id + - version + maxItems: 100 + minItems: 1 + type: array + required: + - cases + title: Update case request + type: object + Cases_update_user_comment_request_properties: description: Defines properties for case comment requests when type is user. properties: comment: @@ -7670,6 +13222,12 @@ components: example: A new comment. maxLength: 30000 type: string + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string owner: $ref: '#/components/schemas/Cases_owners' type: @@ -7678,23 +13236,31 @@ components: - user example: user type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd + type: string required: - comment + - id - owner - type - title: Add case comment request properties for user comments + - version + title: Update case comment request properties for user comments type: object - Cases_alert_comment_response_properties: - title: Add case comment response properties for alerts + Cases_user_actions_find_response_properties: type: object properties: - alertId: - items: - example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - type: string - type: array + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true + type: string created_at: - example: '2023-11-06T19:29:38.424Z' + example: '2022-05-13T09:16:17.416Z' format: date-time type: string created_by: @@ -7720,22 +13286,74 @@ components: - full_name - username id: - example: 73362370-ab1a-11ec-985f-97e55adae8b9 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 type: string - index: - items: - example: .internal.alerts-security.alerts-default-000001 - type: string - type: array owner: $ref: '#/components/schemas/Cases_owners' - pushed_at: - example: null - format: date-time - nullable: true + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case type: string - pushed_by: + version: + example: WzM1ODg4LDFd + type: string + required: + - action + - comment_id + - created_at + - created_by + - id + - owner + - payload + - type + - version + Cases_user_actions_response_properties: + type: object + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + case_id: + example: 22df07d0-03b1-11ed-920c-974bfa104448 + type: string + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 nullable: true + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: type: object properties: email: @@ -7757,6200 +13375,6679 @@ components: - email - full_name - username - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + Cases_user_comment_response_properties: + title: Case response properties for user comments + type: object + properties: + comment: + example: A new comment. + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + example: null + format: date-time + nullable: true + type: string + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' type: enum: - - alert - example: alert + - user + example: user type: string updated_at: + example: null format: date-time nullable: true type: string updated_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' version: - example: WzMwNDgsMV0= + example: WzIwNDMxLDFd type: string required: - type - Cases_alert_identifiers: - description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert identifiers - x-technical-preview: true - Cases_alert_indices: - description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert indices - x-technical-preview: true - Cases_alert_response_properties: - type: object + Connectors_action_response_properties: + description: The properties vary depending on the action type. properties: - attached_at: - format: date-time + actionTypeId: type: string + config: + type: object id: - description: The alert identifier. - type: string - index: - description: The alert index. - type: string - Cases_assignees: - description: An array containing users that are assigned to the case. - items: - type: object - properties: - uid: - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - type: string - required: - - uid - maxItems: 10 - nullable: true - type: array - Cases_case_category: - description: A word or phrase that categorizes the case. - maxLength: 50 - type: string - Cases_case_description: - description: The description for the case. - maxLength: 30000 - type: string - Cases_case_response_closed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true type: string - full_name: - example: null - nullable: true + isDeprecated: + description: Indicates whether the action type is deprecated. + type: boolean + isMissingSecrets: + description: Indicates whether secrets are missing for the action. + type: boolean + isPreconfigured: + description: Indicates whether it is a preconfigured action. + type: boolean + name: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + title: Action response properties + type: object + Connectors_config_properties_bedrock: + description: Defines properties for connectors when type is `.bedrock`. + properties: + apiUrl: + description: The Amazon Bedrock request URL. type: string - username: - example: elastic - nullable: true + defaultModel: + default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' + description: > + The generative artificial intelligence model for Amazon Bedrock to + use. Current support is for the Anthropic Claude models. type: string required: - - email - - full_name - - username - title: Case response properties for closed_by + - apiUrl + title: Connector request properties for an Amazon Bedrock connector type: object - Cases_case_response_created_by_properties: - title: Case response properties for created_by + Connectors_config_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. type: object properties: - email: - example: null - nullable: true + createCommentJson: + description: > + A JSON payload sent to the create comment URL to create a case + comment. You can use variables to add Kibana Cases data to the + payload. The required variable is `case.comment`. Due to Mustache + template variables (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated once the Mustache variables have + been placed when the REST method runs. Manually ensure that the JSON + is valid, disregarding the Mustache variables, so the later + validation will pass. + example: '{"body": {{{case.comment}}}}' type: string - full_name: - example: null - nullable: true + createCommentMethod: + default: put + description: > + The REST API HTTP request method to create a case comment in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + createCommentUrl: + description: > + The REST API URL to create a case comment by ID in the third-party + system. You can use a variable to add the external system ID to the + URL. If you are using the `xpack.actions.allowedHosts setting`, add + the hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.id}}}/comment' type: string - username: - example: elastic - nullable: true + createIncidentJson: + description: > + A JSON payload sent to the create case URL to create a case. You can + use variables to add case data to the payload. Required variables + are `case.title` and `case.description`. Due to Mustache template + variables (which is the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid to avoid future validation errors; disregard Mustache + variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} type: string - required: - - email - - full_name - - username - Cases_case_response_properties: - title: Case response properties - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - description: The case category. - nullable: true + createIncidentMethod: + default: post + description: > + The REST API HTTP request method to create a case in the third-party + system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - closed_at: - format: date-time - nullable: true + createIncidentResponseKey: + description: >- + The JSON key in the create external case response that contains the + case ID. type: string - closed_by: - $ref: '#/components/schemas/Cases_case_response_closed_by_properties' - comments: - description: An array of comment objects for the case. - items: - discriminator: - mapping: - alert: '#/components/schemas/Cases_alert_comment_response_properties' - user: '#/components/schemas/Cases_user_comment_response_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' - maxItems: 10000 - title: Case response properties for comments - type: array - connector: - discriminator: - mapping: - .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' - .jira: '#/components/schemas/Cases_connector_properties_jira' - .none: '#/components/schemas/Cases_connector_properties_none' - .resilient: '#/components/schemas/Cases_connector_properties_resilient' - .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' - .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' - .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - title: Case response properties for connectors - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + createIncidentUrl: + description: > + The REST API URL to create a case in the third-party system. If you + are using the `xpack.actions.allowedHosts` setting, add the hostname + to the allowed hosts. type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - customFields: - description: Custom field values for the case. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - type: array - description: - example: A case description. + getIncidentResponseExternalTitleKey: + description: >- + The JSON key in get external case response that contains the case + title. type: string - duration: + getIncidentUrl: description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. - example: 120 - nullable: true - type: integer - external_service: - $ref: '#/components/schemas/Cases_external_service' - id: - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + The REST API URL to get the case by ID from the third-party system. + If you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. You can use a variable to add the + external system ID to the URL. Due to Mustache template variables + (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid, disregarding the Mustache variables, so the later validation + will pass. + example: 'https://example.com/issue/{{{external.system.id}}}' + type: string + hasAuth: + default: true + description: >- + If true, a username and password for login type authentication must + be provided. + type: boolean + headers: + description: > + A set of key-value pairs sent as headers with the request URLs for + the create case, update case, get case, and create comment methods. + type: string + updateIncidentJson: + description: > + The JSON payload sent to the update case URL to update the case. You + can use variables to add Kibana Cases data to the payload. Required + variables are `case.title` and `case.description`. Due to Mustache + template variables (which is the text enclosed in triple braces, for + example, `{{{case.title}}}`), the JSON is not validated when you + create the connector. The JSON is validated after the Mustache + variables have been placed when REST method runs. Manually ensure + that the JSON is valid to avoid future validation errors; disregard + Mustache variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} type: string - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - example: - - tag-1 - items: - type: string - type: array - title: - example: Case title 1 + updateIncidentMethod: + default: put + description: > + The REST API HTTP request method to update the case in the + third-party system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put type: string - totalAlerts: - example: 0 - type: integer - totalComment: - example: 0 - type: integer - updated_at: - format: date-time - nullable: true + updateIncidentUrl: + description: > + The REST API URL to update the case by ID in the third-party system. + You can use a variable to add the external system ID to the URL. If + you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. + example: 'https://example.com/issue/{{{external.system.ID}}}' type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzUzMiwxXQ== + viewIncidentUrl: + description: > + The URL to view the case in the external system. You can use + variables to add the external system ID or external system title to + the URL. + example: >- + https://testing-jira.atlassian.net/browse/{{{external.system.title}}} type: string required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by - - version - Cases_case_response_pushed_by_properties: - nullable: true + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + title: Connector request properties for Webhook - Case Management connector + Connectors_config_properties_d3security: + description: Defines properties for connectors when type is `.d3security`. properties: - email: - example: null + url: + description: > + The D3 Security API request URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string + required: + - url + title: Connector request properties for a D3 Security connector + type: object + Connectors_config_properties_email: + description: Defines properties for connectors when type is `.email`. + type: object + properties: + clientId: + description: > + The client identifier, which is a part of OAuth 2.0 client + credentials authentication, in GUID format. If `service` is + `exchange_server`, this property is required. nullable: true type: string - full_name: - example: null + from: + description: > + The from address for all emails sent by the connector. It must be + specified in `user@host-name` format. + type: string + hasAuth: + default: true + description: > + Specifies whether a user and password are required inside the + secrets configuration. + type: boolean + host: + description: > + The host name of the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: string + oauthTokenUrl: nullable: true type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + port: + description: > + The port to connect to on the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: > + Specifies whether the connection to the service provider will use + TLS. If the `service` is `elastic_cloud` (for Elastic Cloud + notifications) or one of Nodemailer's well-known email service + providers, this property is ignored. + type: boolean + service: + description: | + The name of the email service. + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses type: string - username: - example: elastic + tenantId: + description: > + The tenant identifier, which is part of OAuth 2.0 client credentials + authentication, in GUID format. If `service` is `exchange_server`, + this property is required. nullable: true type: string required: - - email - - full_name - - username - title: Case response properties for pushed_by - type: object - Cases_case_response_updated_by_properties: - nullable: true + - from + title: Connector request properties for an email connector + Connectors_config_properties_gemini: + description: Defines properties for connectors when type is `.gemini`. properties: - email: - example: null - nullable: true + apiUrl: + description: The Google Gemini request URL. type: string - full_name: - example: null - nullable: true + defaultModel: + default: gemini-1.5-pro-001 + description: >- + The generative artificial intelligence model for Google Gemini to + use. type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + gcpProjectID: + description: The Google ProjectID that has Vertex AI endpoint enabled. type: string - username: - example: elastic - nullable: true + gcpRegion: + description: The GCP region where the Vertex AI endpoint enabled. type: string required: - - email - - full_name - - username - title: Case response properties for updated_by - type: object - Cases_case_severity: - default: low - description: The severity of the case. - enum: - - critical - - high - - low - - medium - type: string - Cases_case_status: - description: The status of the case. - enum: - - closed - - in-progress - - open - type: string - Cases_case_tags: - description: > - The words and phrases that help categorize cases. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_case_title: - description: A title for the case. - maxLength: 160 - type: string - Cases_closure_types: - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - type: string - Cases_connector_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. + - apiUrl + - gcpRegion + - gcpProjectID + title: Connector request properties for an Google Gemini connector type: object + Connectors_config_properties_genai: + description: Defines properties for connectors when type is `.gen-ai`. + discriminator: + mapping: + Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' + OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' + propertyName: apiProvider + oneOf: + - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' + - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' + title: Connector request properties for an OpenAI connector + Connectors_config_properties_genai_azure: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `Azure OpenAI'. properties: - fields: - example: null - nullable: true - type: string - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. + apiProvider: + description: The OpenAI API provider. enum: - - .cases-webhook - example: .cases-webhook + - Azure OpenAI + type: string + apiUrl: + description: The OpenAI API endpoint. type: string required: - - fields - - id - - name - - type - title: Create or upate case request properties for Cases Webhook connector - Cases_connector_properties_jira: - description: Defines properties for connectors when type is `.jira`. + - apiProvider + - apiUrl + title: >- + Connector request properties for an OpenAI connector that uses Azure + OpenAI type: object + Connectors_config_properties_genai_openai: + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `OpenAI'. properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - issueType: - description: The type of issue. - nullable: true - type: string - parent: - description: 'The key of the parent issue, when the issue type is sub-task.' - nullable: true - type: string - priority: - description: The priority of the issue. - nullable: true - type: string - required: - - issueType - - parent - - priority - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + apiProvider: + description: The OpenAI API provider. + enum: + - OpenAI type: string - name: - description: The name of the connector. + apiUrl: + description: The OpenAI API endpoint. type: string - type: - description: The type of connector. - enum: - - .jira - example: .jira + defaultModel: + description: The default model to use for requests. type: string required: - - fields - - id - - name - - type - title: Create or update case request properties for a Jira connector - Cases_connector_properties_none: - description: Defines properties for connectors when type is `.none`. + - apiProvider + - apiUrl + title: Connector request properties for an OpenAI connector + type: object + Connectors_config_properties_index: + description: Defines properties for connectors when type is `.index`. type: object properties: - fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. - example: null + executionTimeField: + default: null + description: A field that indicates when the document was indexed. nullable: true type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. - example: none - type: string - type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. - enum: - - .none - example: .none + index: + description: The Elasticsearch index to be written to. type: string + refresh: + default: false + description: > + The refresh policy for the write request, which affects when changes + are made visible to search. Refer to the refresh setting for + Elasticsearch document APIs. + type: boolean required: - - fields - - id - - name - - type - title: Create or update case request properties for no connector - Cases_connector_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. + - index + title: Connector request properties for an index connector + Connectors_config_properties_jira: + description: Defines properties for connectors when type is `.jira`. type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - nullable: true - type: object - properties: - issueTypes: - description: The type of incident. - items: - type: string - type: array - severityCode: - description: The severity code of the incident. - type: string - required: - - issueTypes - - severityCode - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. + apiUrl: + description: The Jira instance URL. type: string - type: - description: The type of connector. - enum: - - .resilient - example: .resilient + projectKey: + description: The Jira project key. type: string required: - - fields - - id - - name - - type - title: Create case request properties for a IBM Resilient connector - Cases_connector_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. + - apiUrl + - projectKey + title: Connector request properties for a Jira connector + Connectors_config_properties_opsgenie: + description: Defines properties for connectors when type is `.opsgenie`. type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - impact: - description: The effect an incident had on business. - nullable: true - type: string - severity: - description: The severity of the incident. - nullable: true - type: string - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - urgency: - description: The extent to which the incident resolution can be delayed. - nullable: true - type: string - required: - - category - - impact - - severity - - subcategory - - urgency - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + apiUrl: + description: > + The Opsgenie URL. For example, `https://api.opsgenie.com` or + `https://api.eu.opsgenie.com`. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - name: - description: The name of the connector. + required: + - apiUrl + title: Connector request properties for an Opsgenie connector + Connectors_config_properties_pagerduty: + description: Defines properties for connectors when type is `.pagerduty`. + properties: + apiUrl: + description: The PagerDuty event URL. + example: 'https://events.pagerduty.com/v2/enqueue' + nullable: true type: string - type: - description: The type of connector. - enum: - - .servicenow - example: .servicenow + title: Connector request properties for a PagerDuty connector + type: object + Connectors_config_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + apiUrl: + description: The IBM Resilient instance URL. + type: string + orgId: + description: The IBM Resilient organization ID. type: string required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow ITSM connector - Cases_connector_properties_servicenow_sir: - description: Defines properties for connectors when type is `.servicenow-sir`. + - apiUrl + - orgId + title: Connector request properties for a IBM Resilient connector + Connectors_config_properties_sentinelone: + description: Defines properties for connectors when type is `.sentinelone`. type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. - nullable: true - type: boolean - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. - nullable: true - type: boolean - priority: - description: The priority of the issue. - nullable: true - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. - nullable: true - type: boolean - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + url: + description: > + The SentinelOne tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - name: - description: The name of the connector. + required: + - url + title: Connector request properties for a SentinelOne connector + Connectors_config_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + apiUrl: + description: The ServiceNow instance URL. type: string - type: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. + type: string + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. type: string + usesTableApi: + default: true + description: > + Determines whether the connector uses the Table API or the Import + Set API. This property is supported only for ServiceNow ITSM and + ServiceNow SecOps connectors. NOTE: If this property is set to + `false`, the Elastic application should be installed in ServiceNow. + type: boolean required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow SecOps connector - Cases_connector_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_servicenow_itom: + description: Defines properties for connectors when type is `.servicenow`. type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - nullable: true - type: string - required: - - caseId - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + apiUrl: + description: The ServiceNow instance URL. type: string - name: - description: The name of the connector. + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. type: string - type: - description: The type of connector. - enum: - - .swimlane - example: .swimlane + isOAuth: + default: false + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. type: string required: - - fields - - id - - name - - type - title: Create case request properties for a Swimlane connector - Cases_connector_types: - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - type: string - Cases_create_case_request: - description: >- - The create case API request body varies depending on the type of - connector. + - apiUrl + title: Connector request properties for a ServiceNow ITSM connector + Connectors_config_properties_slack_api: + description: Defines properties for connectors when type is `.slack_api`. properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. + allowedChannels: + description: A list of valid Slack channels. items: + maxItems: 25 type: object properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean + id: + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 + type: string + name: + description: The Slack channel name. + minLength: 1 + type: string required: - - key - - type - - value - maxItems: 10 - minItems: 0 + - id + - name type: array - description: - $ref: '#/components/schemas/Cases_case_description' - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - required: - - connector - - description - - owner - - settings - - tags - - title - title: Create case request + title: Connector request properties for a Slack connector type: object - Cases_external_service: - nullable: true + Connectors_config_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. type: object properties: - connector_id: - type: string - connector_name: - type: string - external_id: - type: string - external_title: + apiUrl: + description: The Swimlane instance URL. type: string - external_url: + appId: + description: The Swimlane application ID. type: string - pushed_at: - format: date-time + connectorType: + description: >- + The type of connector. Valid values are `all`, `alerts`, and + `cases`. + enum: + - all + - alerts + - cases type: string - pushed_by: - nullable: true - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - Cases_owners: - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - type: string - Cases_payload_alert_comment: - type: object - properties: - comment: - type: object + mappings: + description: The field mapping. properties: - alertId: - oneOf: - - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: string - - items: - type: string - type: array - index: - oneOf: - - example: .alerts-observability.logs.alerts-default - type: string - - items: - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - type: object + alertIdConfig: + description: Mapping for the alert ID. properties: + fieldType: + description: The type of field in Swimlane. + type: string id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + description: The identifier for the field in Swimlane. + type: string + key: + description: The key for the field in Swimlane. type: string name: - description: The rule name. - example: security_rule + description: The name of the field in Swimlane. type: string - type: - enum: - - alert - type: string - Cases_payload_assignees: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - Cases_payload_connector: - type: object - properties: - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true + required: + - fieldType + - id + - key + - name + title: Alert identifier mapping type: object + caseIdConfig: + description: Mapping for the case ID. properties: - caseId: - description: The case identifier for Swimlane connectors. + fieldType: + description: The type of field in Swimlane. type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + id: + description: The identifier for the field in Swimlane. type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + key: + description: The key for the field in Swimlane. type: string - issueType: - description: The type of issue for Jira connectors. + name: + description: The name of the field in Swimlane. type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + required: + - fieldType + - id + - key + - name + title: Case identifier mapping + type: object + caseNameConfig: + description: Mapping for the case name. + properties: + fieldType: + description: The type of field in Swimlane. type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + id: + description: The identifier for the field in Swimlane. type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. + key: + description: The key for the field in Swimlane. type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + name: + description: The name of the field in Swimlane. type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + required: + - fieldType + - id + - key + - name + title: Case name mapping + type: object + commentsConfig: + description: Mapping for the case comments. + properties: + fieldType: + description: The type of field in Swimlane. + type: string + id: + description: The identifier for the field in Swimlane. type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + key: + description: The key for the field in Swimlane. type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - Cases_payload_create_case: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Case comment mapping type: object + descriptionConfig: + description: Mapping for the case description. properties: - caseId: - description: The case identifier for Swimlane connectors. + fieldType: + description: The type of field in Swimlane. type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. + id: + description: The identifier for the field in Swimlane. type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + key: + description: The key for the field in Swimlane. type: string - issueType: - description: The type of issue for Jira connectors. + name: + description: The name of the field in Swimlane. type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. + required: + - fieldType + - id + - key + - name + title: Case description mapping + type: object + ruleNameConfig: + description: Mapping for the name of the alert's rule. + properties: + fieldType: + description: The type of field in Swimlane. type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. + id: + description: The identifier for the field in Swimlane. type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. + key: + description: The key for the field in Swimlane. type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. + name: + description: The name of the field in Swimlane. type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. + required: + - fieldType + - id + - key + - name + title: Rule name mapping + type: object + severityConfig: + description: Mapping for the severity. + properties: + fieldType: + description: The type of field in Swimlane. type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. + id: + description: The identifier for the field in Swimlane. type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none - type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - description: + key: + description: The key for the field in Swimlane. + type: string + name: + description: The name of the field in Swimlane. + type: string + required: + - fieldType + - id + - key + - name + title: Severity mapping + type: object + title: Connector mappings properties for a Swimlane connector + type: object + required: + - apiUrl + - appId + - connectorType + title: Connector request properties for a Swimlane connector + Connectors_config_properties_tines: + description: Defines properties for connectors when type is `.tines`. + properties: + url: + description: > + The Tines tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, make sure this hostname is + added to the allowed hosts. + type: string + required: + - url + title: Connector request properties for a Tines connector + type: object + Connectors_config_properties_torq: + description: Defines properties for connectors when type is `.torq`. + properties: + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. + type: string + required: + - webhookIntegrationUrl + title: Connector request properties for a Torq connector + type: object + Connectors_config_properties_webhook: + description: Defines properties for connectors when type is `.webhook`. + properties: + authType: + description: | + The type of authentication to use: basic, SSL, or none. + enum: + - webhook-authentication-basic + - webhook-authentication-ssl + nullable: true + type: string + ca: + description: > + A base64 encoded version of the certificate authority file that the + connector can trust to sign and validate certificates. This option + is available for all authentication types. + type: string + certType: + description: > + If the `authType` is `webhook-authentication-ssl`, specifies whether + the certificate authentication data is in a CRT and key file format + or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx + type: string + hasAuth: + description: > + If `true`, a user name and password must be provided for login type + authentication. + type: boolean + headers: + description: A set of key-value pairs sent as headers with the request. + nullable: true + type: object + method: + default: post + description: | + The HTTP request method, either `post` or `put`. + enum: + - post + - put + type: string + url: + description: > + The request URL. If you are using the `xpack.actions.allowedHosts` + setting, add the hostname to the allowed hosts. type: string - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - items: - example: - - tag-1 - type: string - type: array - title: + verificationMode: + default: full + description: > + Controls the verification of certificates. Use `full` to validate + that the certificate has an issue date within the `not_before` and + `not_after` dates, chains to a trusted certificate authority (CA), + and has a hostname or IP address that matches the names within the + certificate. Use `certificate` to validate the certificate and + verify that it is signed by a trusted authority; this option does + not check the certificate hostname. Use `none` to skip certificate + validation. + enum: + - certificate + - full + - none type: string - Cases_payload_delete: - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. - nullable: true - type: object - Cases_payload_description: + title: Connector request properties for a Webhook connector type: object + Connectors_config_properties_xmatters: + description: Defines properties for connectors when type is `.xmatters`. properties: - description: + configUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters. It is + applicable only when `usesBasic` is `true`. + nullable: true type: string - Cases_payload_pushed: + usesBasic: + default: true + description: >- + Specifies whether the connector uses HTTP basic authentication + (`true`) or URL authentication (`false`). + type: boolean + title: Connector request properties for an xMatters connector type: object - properties: - externalService: - $ref: '#/components/schemas/Cases_external_service' - Cases_payload_settings: + Connectors_connector_response_properties: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + .cases-webhook: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + .d3security: >- + #/components/schemas/Connectors_connector_response_properties_d3security + .email: '#/components/schemas/Connectors_connector_response_properties_email' + .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' + .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' + .index: '#/components/schemas/Connectors_connector_response_properties_index' + .jira: '#/components/schemas/Connectors_connector_response_properties_jira' + .opsgenie: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + .pagerduty: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + .resilient: >- + #/components/schemas/Connectors_connector_response_properties_resilient + .sentinelone: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + .server-log: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + .servicenow: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + .servicenow-itom: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + .slack: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + .slack_api: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + .swimlane: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + .teams: '#/components/schemas/Connectors_connector_response_properties_teams' + .tines: '#/components/schemas/Connectors_connector_response_properties_tines' + .torq: '#/components/schemas/Connectors_connector_response_properties_torq' + .webhook: >- + #/components/schemas/Connectors_connector_response_properties_webhook + .xmatters: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + propertyName: connector_type_id + oneOf: + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_d3security + - $ref: '#/components/schemas/Connectors_connector_response_properties_email' + - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' + - $ref: '#/components/schemas/Connectors_connector_response_properties_index' + - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_resilient + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' + - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' + - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + title: Connector response properties + Connectors_connector_response_properties_bedrock: + title: Connector response properties for an Amazon Bedrock connector type: object properties: - settings: - $ref: '#/components/schemas/Cases_settings' - Cases_payload_severity: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. + enum: + - .bedrock + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + required: + - config + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_cases_webhook: + title: Connector request properties for a Webhook - Case Management connector type: object properties: - severity: - $ref: '#/components/schemas/Cases_case_severity' - Cases_payload_status: + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. + enum: + - .cases-webhook + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_d3security: + title: Connector response properties for a D3 Security connector type: object properties: - status: - $ref: '#/components/schemas/Cases_case_status' - Cases_payload_tags: + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. + enum: + - .d3security + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_email: + title: Connector response properties for an email connector type: object properties: - tags: - example: - - tag-1 - items: - type: string - type: array - Cases_payload_title: + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. + enum: + - .email + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_gemini: + title: Connector response properties for a Google Gemini connector type: object properties: - title: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. + enum: + - .gemini type: string - Cases_payload_user_comment: + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_genai: + title: Connector response properties for an OpenAI connector type: object properties: - comment: - type: object - properties: - comment: - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - type: - enum: - - user - type: string - Cases_rule: - description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Alerting rule + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. + enum: + - .gen-ai + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_index: + title: Connector response properties for an index connector type: object properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. + enum: + - .index + type: string id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + description: The identifier for the connector. type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: - description: The rule name. - example: security_rule + description: The display name for the connector. type: string - x-technical-preview: true - Cases_searchFieldsType: - description: The fields to perform the `simple_query_string` parsed query against. - enum: - - description - - title - type: string - Cases_set_case_configuration_request: - description: >- - External connection details, such as the closure type and default - connector for cases. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_jira: + title: Connector response properties for a Jira connector + type: object properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - maxItems: 10 - minItems: 0 - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. + enum: + - .jira + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - closure_type - - connector - - owner - title: Set case configuration request + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_opsgenie: + title: Connector response properties for an Opsgenie connector type: object - Cases_settings: - description: An object that contains the case settings. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. + enum: + - .opsgenie + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_pagerduty: + title: Connector response properties for a PagerDuty connector type: object properties: - syncAlerts: - description: Turns alert syncing on or off. - example: true - type: boolean + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. + enum: + - .pagerduty + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - syncAlerts - Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_templates: - items: - type: object - properties: - caseFields: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - description: Custom field values in the template. - items: - type: object - properties: - key: - description: The unique key for the custom field. - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - value: - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - type: array - x-technical-preview: true - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - description: A description for the template. - type: string - key: - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. - type: string - name: - description: The name of the template. - type: string - tags: - $ref: '#/components/schemas/Cases_template_tags' - type: array - x-technical-preview: true - Cases_update_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_resilient: + title: Connector response properties for a IBM Resilient connector type: object properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + type: string id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + description: The identifier for the connector. type: string - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_sentinelone: + title: Connector response properties for a SentinelOne connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. enum: - - alert - example: alert + - .sentinelone type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - alertId + - connector_type_id - id - - index - - owner - - rule - - type - - version - title: Update case comment request properties for alerts - Cases_update_case_comment_request: - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_update_alert_comment_request_properties' - user: '#/components/schemas/Cases_update_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' - title: Update case comment request - Cases_update_case_configuration_request: - description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_serverlog: + title: Connector response properties for a server log connector + type: object properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. + config: + nullable: true type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - type: array - templates: - $ref: '#/components/schemas/Cases_templates' - version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. - example: WzIwMiwxXQ== + connector_type_id: + description: The type of connector. + enum: + - .server-log + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - version - title: Update case configuration request + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow: + title: Connector response properties for a ServiceNow ITSM connector type: object - Cases_update_case_request: - description: >- - The update case API request body varies depending on the type of - connector. properties: - cases: - description: An array containing one or more case objects. - items: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - maxLength: 30000 - type: string - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: - description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. - type: string - required: - - id - - version - maxItems: 100 - minItems: 1 - type: array + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - cases - title: Update case request + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_itom: + title: Connector response properties for a ServiceNow ITOM connector type: object - Cases_update_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-itom type: string id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - type: - description: The type of comment. - enum: - - user - example: user + description: The identifier for the connector. type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - comment + - connector_type_id - id - - owner - - type - - version - title: Update case comment request properties for user comments - type: object - Cases_user_actions_find_response_properties: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_servicenow_sir: + title: Connector response properties for a ServiceNow SecOps connector type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-sir type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case + description: The identifier for the connector. type: string - version: - example: WzM1ODg4LDFd + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - action - - comment_id - - created_at - - created_by + - connector_type_id - id - - owner - - payload - - type - - version - Cases_user_actions_response_properties: + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_api: + title: Connector response properties for a Slack connector type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 - type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. + enum: + - .slack_api type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + id: + description: The identifier for the connector. type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type - Cases_user_comment_response_properties: - title: Case response properties for user comments + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. + type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_slack_webhook: + title: Connector response properties for a Slack connector type: object properties: - comment: - example: A new comment. - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + connector_type_id: + description: The type of connector. + enum: + - .slack type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' id: - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + description: The identifier for the connector. type: string - owner: - $ref: '#/components/schemas/Cases_owners' - pushed_at: - example: null - format: date-time - nullable: true + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' - type: + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_swimlane: + title: Connector response properties for a Swimlane connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. enum: - - user - example: user + - .swimlane type: string - updated_at: - example: null - format: date-time - nullable: true + id: + description: The identifier for the connector. type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzIwNDMxLDFd + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - type - Connectors_action_response_properties: - description: The properties vary depending on the action type. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_teams: + title: Connector response properties for a Microsoft Teams connector + type: object properties: - actionTypeId: - type: string config: type: object + connector_type_id: + description: The type of connector. + enum: + - .teams + type: string id: + description: The identifier for the connector. type: string - isDeprecated: - description: Indicates whether the action type is deprecated. - type: boolean - isMissingSecrets: - description: Indicates whether secrets are missing for the action. - type: boolean - isPreconfigured: - description: Indicates whether it is a preconfigured action. - type: boolean + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: + description: The display name for the connector. type: string - title: Action response properties - type: object - Connectors_config_properties_bedrock: - description: Defines properties for connectors when type is `.bedrock`. - properties: - apiUrl: - description: The Amazon Bedrock request URL. - type: string - defaultModel: - default: 'anthropic.claude-3-5-sonnet-20240620-v1:0' - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. - type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - apiUrl - title: Connector request properties for an Amazon Bedrock connector - type: object - Connectors_config_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_tines: + title: Connector response properties for a Tines connector type: object properties: - createCommentJson: - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' - type: string - createCommentMethod: - default: put - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + description: The type of connector. enum: - - patch - - post - - put + - .tines type: string - createCommentUrl: - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.id}}}/comment' + id: + description: The identifier for the connector. type: string - createIncidentJson: - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - createIncidentMethod: - default: post - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_torq: + title: Connector response properties for a Torq connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + description: The type of connector. enum: - - patch - - post - - put - type: string - createIncidentResponseKey: - description: >- - The JSON key in the create external case response that contains the - case ID. + - .torq type: string - createIncidentUrl: - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. + id: + description: The identifier for the connector. type: string - getIncidentResponseExternalTitleKey: - description: >- - The JSON key in get external case response that contains the case - title. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - getIncidentUrl: - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: 'https://example.com/issue/{{{external.system.id}}}' + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_webhook: + title: Connector response properties for a Webhook connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + description: The type of connector. + enum: + - .webhook type: string - hasAuth: - default: true - description: >- - If true, a username and password for login type authentication must - be provided. - type: boolean - headers: - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. + id: + description: The identifier for the connector. type: string - updateIncidentJson: - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string - updateIncidentMethod: - default: put - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_response_properties_xmatters: + title: Connector response properties for an xMatters connector + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: + description: The type of connector. enum: - - patch - - post - - put + - .xmatters type: string - updateIncidentUrl: - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: 'https://example.com/issue/{{{external.system.ID}}}' + id: + description: The identifier for the connector. type: string - viewIncidentUrl: - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + description: The display name for the connector. type: string + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - title: Connector request properties for Webhook - Case Management connector - Connectors_config_properties_d3security: - description: Defines properties for connectors when type is `.d3security`. + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + Connectors_connector_types: + description: >- + The type of connector. For example, `.email`, `.index`, `.jira`, + `.opsgenie`, or `.server-log`. + enum: + - .bedrock + - .gemini + - .cases-webhook + - .d3security + - .email + - .gen-ai + - .index + - .jira + - .opsgenie + - .pagerduty + - .resilient + - .sentinelone + - .servicenow + - .servicenow-itom + - .servicenow-sir + - .server-log + - .slack + - .slack_api + - .swimlane + - .teams + - .tines + - .torq + - .webhook + - .xmatters + example: .server-log + title: Connector types + type: string + Connectors_create_connector_request: + description: The properties vary depending on the connector type. + discriminator: + mapping: + .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' + .cases-webhook: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' + .email: '#/components/schemas/Connectors_create_connector_request_email' + .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' + .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' + .index: '#/components/schemas/Connectors_create_connector_request_index' + .jira: '#/components/schemas/Connectors_create_connector_request_jira' + .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' + .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' + .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' + .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' + .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' + .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' + .servicenow-itom: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + .slack: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' + .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' + .teams: '#/components/schemas/Connectors_create_connector_request_teams' + .tines: '#/components/schemas/Connectors_create_connector_request_tines' + .torq: '#/components/schemas/Connectors_create_connector_request_torq' + .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' + .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' + propertyName: connector_type_id + oneOf: + - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_create_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_create_connector_request_index' + - $ref: '#/components/schemas/Connectors_create_connector_request_jira' + - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_create_connector_request_teams' + - $ref: '#/components/schemas/Connectors_create_connector_request_tines' + - $ref: '#/components/schemas/Connectors_create_connector_request_torq' + - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' + title: Create connector request body properties + Connectors_create_connector_request_bedrock: + description: >- + The Amazon Bedrock connector uses axios to send a POST request to Amazon + Bedrock. properties: - url: - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: + description: The type of connector. + enum: + - .bedrock + example: .bedrock + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - - url - title: Connector request properties for a D3 Security connector - type: object - Connectors_config_properties_email: - description: Defines properties for connectors when type is `.email`. + - config + - connector_type_id + - name + - secrets + title: Create Amazon Bedrock connector request type: object + Connectors_create_connector_request_cases_webhook: + description: > + The Webhook - Case Management connector uses axios to send POST, PUT, + and GET requests to a case management RESTful API web service. properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - nullable: true - type: string - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. - type: string - hasAuth: - default: true - description: > - Specifies whether a user and password are required inside the - secrets configuration. - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: string - oauthTokenUrl: - nullable: true - type: string - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + description: The type of connector. enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses + - .cases-webhook + example: .cases-webhook type: string - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. - nullable: true + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - - from - title: Connector request properties for an email connector - Connectors_config_properties_gemini: - description: Defines properties for connectors when type is `.gemini`. + - config + - connector_type_id + - name + title: Create Webhook - Case Managment connector request + type: object + Connectors_create_connector_request_d3security: + description: > + The connector uses axios to send a POST request to a D3 Security + endpoint. properties: - apiUrl: - description: The Google Gemini request URL. - type: string - defaultModel: - default: gemini-1.5-pro-001 - description: >- - The generative artificial intelligence model for Google Gemini to - use. - type: string - gcpProjectID: - description: The Google ProjectID that has Vertex AI endpoint enabled. + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: + description: The type of connector. + enum: + - .d3security + example: .d3security type: string - gcpRegion: - description: The GCP region where the Vertex AI endpoint enabled. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - apiUrl - - gcpRegion - - gcpProjectID - title: Connector request properties for an Google Gemini connector + - config + - connector_type_id + - name + - secrets + title: Create D3 Security connector request type: object - Connectors_config_properties_genai: - description: Defines properties for connectors when type is `.gen-ai`. - discriminator: - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - propertyName: apiProvider - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - title: Connector request properties for an OpenAI connector - Connectors_config_properties_genai_azure: + Connectors_create_connector_request_email: description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. + The email connector uses the SMTP protocol to send mail messages, using + an integration of Nodemailer. An exception is Microsoft Exchange, which + uses HTTP protocol for sending emails, Send mail. Email message text is + sent as both plain text and html text. properties: - apiProvider: - description: The OpenAI API provider. + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + description: The type of connector. enum: - - Azure OpenAI + - .email + example: .email type: string - apiUrl: - description: The OpenAI API endpoint. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - - apiProvider - - apiUrl - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI + - config + - connector_type_id + - name + - secrets + title: Create email connector request type: object - Connectors_config_properties_genai_openai: - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. + Connectors_create_connector_request_gemini: + description: >- + The Google Gemini connector uses axios to send a POST request to Google + Gemini. properties: - apiProvider: - description: The OpenAI API provider. + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + description: The type of connector. enum: - - OpenAI - type: string - apiUrl: - description: The OpenAI API endpoint. + - .gemini + example: .gemini type: string - defaultModel: - description: The default model to use for requests. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - apiProvider - - apiUrl - title: Connector request properties for an OpenAI connector - type: object - Connectors_config_properties_index: - description: Defines properties for connectors when type is `.index`. + - config + - connector_type_id + - name + - secrets + title: Create Google Gemini connector request type: object + Connectors_create_connector_request_genai: + description: > + The OpenAI connector uses axios to send a POST request to either OpenAI + or Azure OpenAPI. properties: - executionTimeField: - default: null - description: A field that indicates when the document was indexed. - nullable: true + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + description: The type of connector. + enum: + - .gen-ai + example: .gen-ai type: string - index: - description: The Elasticsearch index to be written to. + name: + description: The display name for the connector. + example: my-connector type: string - refresh: - default: false - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - type: boolean + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_genai' required: - - index - title: Connector request properties for an index connector - Connectors_config_properties_jira: - description: Defines properties for connectors when type is `.jira`. + - config + - connector_type_id + - name + - secrets + title: Create OpenAI connector request type: object + Connectors_create_connector_request_index: + description: The index connector indexes a document into Elasticsearch. properties: - apiUrl: - description: The Jira instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: + description: The type of connector. + enum: + - .index + example: .index type: string - projectKey: - description: The Jira project key. + name: + description: The display name for the connector. + example: my-connector type: string required: - - apiUrl - - projectKey - title: Connector request properties for a Jira connector - Connectors_config_properties_opsgenie: - description: Defines properties for connectors when type is `.opsgenie`. + - config + - connector_type_id + - name + title: Create index connector request type: object + Connectors_create_connector_request_jira: + description: The Jira connector uses the REST API v2 to create Jira issues. properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + description: The type of connector. + enum: + - .jira + example: .jira type: string - required: - - apiUrl - title: Connector request properties for an Opsgenie connector - Connectors_config_properties_pagerduty: - description: Defines properties for connectors when type is `.pagerduty`. - properties: - apiUrl: - description: The PagerDuty event URL. - example: 'https://events.pagerduty.com/v2/enqueue' - nullable: true + name: + description: The display name for the connector. + example: my-connector type: string - title: Connector request properties for a PagerDuty connector - type: object - Connectors_config_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' + required: + - config + - connector_type_id + - name + - secrets + title: Create Jira connector request type: object + Connectors_create_connector_request_opsgenie: + description: The Opsgenie connector uses the Opsgenie alert API. properties: - apiUrl: - description: The IBM Resilient instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: + description: The type of connector. + enum: + - .opsgenie + example: .opsgenie type: string - orgId: - description: The IBM Resilient organization ID. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - apiUrl - - orgId - title: Connector request properties for a IBM Resilient connector - Connectors_config_properties_sentinelone: - description: Defines properties for connectors when type is `.sentinelone`. + - config + - connector_type_id + - name + - secrets + title: Create Opsgenie connector request type: object + Connectors_create_connector_request_pagerduty: + description: > + The PagerDuty connector uses the v2 Events API to trigger, acknowledge, + and resolve PagerDuty alerts. properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: + description: The type of connector. + enum: + - .pagerduty + example: .pagerduty type: string + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - url - title: Connector request properties for a SentinelOne connector - Connectors_config_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. + - config + - connector_type_id + - name + - secrets + title: Create PagerDuty connector request type: object + Connectors_create_connector_request_resilient: + description: >- + The IBM Resilient connector uses the RESILIENT REST v2 to create IBM + Resilient incidents. properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. + enum: + - .resilient + example: .resilient type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. + name: + description: The display name for the connector. + example: my-connector type: string - usesTableApi: - default: true - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - type: boolean + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_servicenow_itom: - description: Defines properties for connectors when type is `.servicenow`. + - config + - connector_type_id + - name + - secrets + title: Create IBM Resilient connector request + type: object + Connectors_create_connector_request_sentinelone: + description: > + The SentinelOne connector communicates with SentinelOne Management + Console via REST API. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Create SentinelOne connector request type: object properties: - apiUrl: - description: The ServiceNow instance URL. - type: string - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. - type: string - isOAuth: - default: false - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + description: The type of connector. + enum: + - .sentinelone + example: .sentinelone type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' required: - - apiUrl - title: Connector request properties for a ServiceNow ITSM connector - Connectors_config_properties_slack_api: - description: Defines properties for connectors when type is `.slack_api`. - properties: - allowedChannels: - description: A list of valid Slack channels. - items: - maxItems: 25 - type: object - properties: - id: - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - type: string - name: - description: The Slack channel name. - minLength: 1 - type: string - required: - - id - - name - type: array - title: Connector request properties for a Slack connector - type: object - Connectors_config_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. + - config + - connector_type_id + - name + - secrets + x-technical-preview: true + Connectors_create_connector_request_serverlog: + description: This connector writes an entry to the Kibana server log. + properties: + connector_type_id: + description: The type of connector. + enum: + - .server-log + example: .server-log + type: string + name: + description: The display name for the connector. + example: my-connector + type: string + required: + - connector_type_id + - name + title: Create server log connector request type: object + Connectors_create_connector_request_servicenow: + description: > + The ServiceNow ITSM connector uses the import set API to create + ServiceNow incidents. You can use the connector for rule actions and + cases. properties: - apiUrl: - description: The Swimlane instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow + example: .servicenow type: string - appId: - description: The Swimlane application ID. + name: + description: The display name for the connector. + example: my-connector type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + required: + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow ITSM connector request + type: object + Connectors_create_connector_request_servicenow_itom: + description: > + The ServiceNow ITOM connector uses the event API to create ServiceNow + events. You can use the connector for rule actions. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + description: The type of connector. enum: - - all - - alerts - - cases + - .servicenow-itom + example: .servicenow-itom type: string - mappings: - description: The field mapping. - properties: - alertIdConfig: - description: Mapping for the alert ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Alert identifier mapping - type: object - caseIdConfig: - description: Mapping for the case ID. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case identifier mapping - type: object - caseNameConfig: - description: Mapping for the case name. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case name mapping - type: object - commentsConfig: - description: Mapping for the case comments. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case comment mapping - type: object - descriptionConfig: - description: Mapping for the case description. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Case description mapping - type: object - ruleNameConfig: - description: Mapping for the name of the alert's rule. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Rule name mapping - type: object - severityConfig: - description: Mapping for the severity. - properties: - fieldType: - description: The type of field in Swimlane. - type: string - id: - description: The identifier for the field in Swimlane. - type: string - key: - description: The key for the field in Swimlane. - type: string - name: - description: The name of the field in Swimlane. - type: string - required: - - fieldType - - id - - key - - name - title: Severity mapping - type: object - title: Connector mappings properties for a Swimlane connector - type: object + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - apiUrl - - appId - - connectorType - title: Connector request properties for a Swimlane connector - Connectors_config_properties_tines: - description: Defines properties for connectors when type is `.tines`. + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow ITOM connector request + type: object + Connectors_create_connector_request_servicenow_sir: + description: > + The ServiceNow SecOps connector uses the import set API to create + ServiceNow security incidents. You can use the connector for rule + actions and cases. properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - url - title: Connector request properties for a Tines connector + - config + - connector_type_id + - name + - secrets + title: Create ServiceNow SecOps connector request type: object - Connectors_config_properties_torq: - description: Defines properties for connectors when type is `.torq`. + Connectors_create_connector_request_slack_api: + description: The Slack connector uses an API method to send Slack messages. properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: + description: The type of connector. + enum: + - .slack_api + example: .slack_api + type: string + name: + description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - webhookIntegrationUrl - title: Connector request properties for a Torq connector + - connector_type_id + - name + - secrets + title: Create Slack connector request type: object - Connectors_config_properties_webhook: - description: Defines properties for connectors when type is `.webhook`. + Connectors_create_connector_request_slack_webhook: + description: The Slack connector uses Slack Incoming Webhooks. properties: - authType: - description: | - The type of authentication to use: basic, SSL, or none. + connector_type_id: + description: The type of connector. enum: - - webhook-authentication-basic - - webhook-authentication-ssl - nullable: true - type: string - ca: - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option - is available for all authentication types. + - .slack + example: .slack type: string - certType: - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether - the certificate authentication data is in a CRT and key file format - or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx + name: + description: The display name for the connector. + example: my-connector type: string - hasAuth: - description: > - If `true`, a user name and password must be provided for login type - authentication. - type: boolean - headers: - description: A set of key-value pairs sent as headers with the request. - nullable: true - type: object - method: - default: post - description: | - The HTTP request method, either `post` or `put`. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + required: + - connector_type_id + - name + - secrets + title: Create Slack connector request + type: object + Connectors_create_connector_request_swimlane: + description: >- + The Swimlane connector uses the Swimlane REST API to create Swimlane + records. + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: + description: The type of connector. enum: - - post - - put - type: string - url: - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. + - .swimlane + example: .swimlane type: string - verificationMode: - default: full - description: > - Controls the verification of certificates. Use `full` to validate - that the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), - and has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and - verify that it is signed by a trusted authority; this option does - not check the certificate hostname. Use `none` to skip certificate - validation. - enum: - - certificate - - full - - none + name: + description: The display name for the connector. + example: my-connector type: string - title: Connector request properties for a Webhook connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' + required: + - config + - connector_type_id + - name + - secrets + title: Create Swimlane connector request type: object - Connectors_config_properties_xmatters: - description: Defines properties for connectors when type is `.xmatters`. + Connectors_create_connector_request_teams: + description: The Microsoft Teams connector uses Incoming Webhooks. properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. - nullable: true + connector_type_id: + description: The type of connector. + enum: + - .teams + example: .teams type: string - usesBasic: - default: true - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - title: Connector request properties for an xMatters connector - type: object - Connectors_connector_response_properties: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - propertyName: connector_type_id - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - title: Connector response properties - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector + name: + description: The display name for the connector. + example: my-connector + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' + required: + - connector_type_id + - name + - secrets + title: Create Microsoft Teams connector request type: object + Connectors_create_connector_request_tines: + description: > + The Tines connector uses Tines Webhook actions to send events via POST + request. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' + $ref: '#/components/schemas/Connectors_config_properties_tines' connector_type_id: description: The type of connector. enum: - - .bedrock - type: string - id: - description: The identifier for the connector. + - .tines + example: .tines type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. + example: my-connector type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - config - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector + - secrets + title: Create Tines connector request type: object + Connectors_create_connector_request_torq: + description: > + The Torq connector uses a Torq webhook to trigger workflows with Kibana + actions. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + $ref: '#/components/schemas/Connectors_config_properties_torq' connector_type_id: description: The type of connector. enum: - - .cases-webhook - type: string - id: - description: The identifier for the connector. + - .torq + example: .torq type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. + example: my-connector type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' required: + - config - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector + - secrets + title: Create Torq connector request type: object + Connectors_create_connector_request_webhook: + description: > + The Webhook connector uses axios to send a POST or PUT request to a web + service. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' + $ref: '#/components/schemas/Connectors_config_properties_webhook' connector_type_id: description: The type of connector. enum: - - .d3security - type: string - id: - description: The identifier for the connector. + - .webhook + example: .webhook type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. + example: my-connector type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' required: + - config - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector + - secrets + title: Create Webhook connector request type: object + Connectors_create_connector_request_xmatters: + description: > + The xMatters connector uses the xMatters Workflow for Elastic to send + actionable alerts to on-call xMatters resources. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_email' + $ref: '#/components/schemas/Connectors_config_properties_xmatters' connector_type_id: description: The type of connector. enum: - - .email - type: string - id: - description: The identifier for the connector. + - .xmatters + example: .xmatters type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' name: description: The display name for the connector. + example: my-connector type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' required: + - config - connector_type_id - - id - - is_deprecated - - is_preconfigured - name - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector + - secrets + title: Create xMatters connector request type: object + Connectors_features: + description: | + The feature that uses the connector. + enum: + - alerting + - cases + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - siem + - uptime + type: string + Connectors_is_deprecated: + description: Indicates whether the connector type is deprecated. + example: false + type: boolean + Connectors_is_missing_secrets: + description: >- + Indicates whether secrets are missing for the connector. Secrets + configuration properties vary depending on the connector type. + example: false + type: boolean + Connectors_is_preconfigured: + description: > + Indicates whether it is a preconfigured connector. If true, the `config` + and `is_missing_secrets` properties are omitted from the response. + example: false + type: boolean + Connectors_is_system_action: + description: Indicates whether the connector is used for system actions. + example: false + type: boolean + Connectors_referenced_by_count: + description: > + Indicates the number of saved objects that reference the connector. If + `is_preconfigured` is true, this value is not calculated. This property + is returned only by the get all connectors API. + example: 2 + type: integer + Connectors_run_connector_params_acknowledge_resolve_pagerduty: + description: Test an action that acknowledges or resolves a PagerDuty alert. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. + dedupKey: + description: The deduplication key for the PagerDuty alert. + maxLength: 255 + type: string + eventAction: + description: The type of event. enum: - - .gemini + - acknowledge + - resolve type: string - id: - description: The identifier for the connector. + required: + - dedupKey + - eventAction + title: PagerDuty connector parameters + type: object + Connectors_run_connector_params_documents: + description: Test an action that indexes a document into Elasticsearch. + properties: + documents: + description: The documents in JSON format for index connectors. + items: + additionalProperties: true + type: object + type: array + required: + - documents + title: Index connector parameters + type: object + Connectors_run_connector_params_message_email: + anyOf: + - required: + - bcc + - message + - subject + - required: + - cc + - message + - subject + - required: + - to + - message + - subject + description: > + Test an action that sends an email message. There must be at least one + recipient in `to`, `cc`, or `bcc`. + properties: + bcc: + description: > + A list of "blind carbon copy" email addresses. Addresses can be + specified in `user@host-name` format or in name `` + format + items: + type: string + type: array + cc: + description: > + A list of "carbon copy" email addresses. Addresses can be specified + in `user@host-name` format or in name `` format + items: + type: string + type: array + message: + description: The email message text. Markdown format is supported. type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + subject: + description: The subject line of the email. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector + to: + description: > + A list of email addresses. Addresses can be specified in + `user@host-name` format or in name `` format. + items: + type: string + type: array + title: Email connector parameters type: object + Connectors_run_connector_params_message_serverlog: + description: Test an action that writes an entry to the Kibana server log. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. + level: + default: info + description: The log level of the message for server log connectors. enum: - - .gen-ai - type: string - id: - description: The identifier for the connector. + - debug + - error + - fatal + - info + - trace + - warn type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + message: + description: The message for server log connectors. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector + - message + title: Server log connector parameters type: object + Connectors_run_connector_params_message_slack: + description: > + Test an action that sends a message to Slack. It is applicable only when + the connector type is `.slack`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + message: + description: >- + The Slack message text, which cannot contain Markdown, images, or + other advanced formatting. type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector + - message + title: Slack connector parameters type: object + Connectors_run_connector_params_trigger_pagerduty: + description: Test an action that triggers a PagerDuty alert. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. + class: + description: The class or type of the event. + example: cpu load + type: string + component: + description: >- + The component of the source machine that is responsible for the + event. + example: eth0 + type: string + customDetails: + description: Additional details to add to the event. + type: object + dedupKey: + description: > + All actions sharing this key will be associated with the same + PagerDuty alert. This value is used to correlate trigger and + resolution. + maxLength: 255 + type: string + eventAction: + description: The type of event. enum: - - .jira + - trigger type: string - id: - description: The identifier for the connector. + group: + description: The logical grouping of components of a service. + example: app-stack type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + links: + description: A list of links to add to the event. + items: + type: object + properties: + href: + description: The URL for the link. + type: string + text: + description: A plain text description of the purpose of the link. + type: string + type: array + severity: + default: info + description: The severity of the event on the affected system. + enum: + - critical + - error + - info + - warning type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + source: + description: > + The affected system, such as a hostname or fully qualified domain + name. Defaults to the Kibana saved object id of the action. + type: string + summary: + description: A summery of the event. + maxLength: 1024 + type: string + timestamp: + description: >- + An ISO-8601 timestamp that indicates when the event was detected or + generated. + format: date-time + type: string + required: + - eventAction + title: PagerDuty connector parameters + type: object + Connectors_run_connector_request: + description: The properties vary depending on the connector type. + properties: + params: + oneOf: + - $ref: >- + #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty + - $ref: '#/components/schemas/Connectors_run_connector_params_documents' + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_email + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_serverlog + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_slack + - $ref: >- + #/components/schemas/Connectors_run_connector_params_trigger_pagerduty + - description: Test an action that involves a subaction. + discriminator: + mapping: + addEvent: >- + #/components/schemas/Connectors_run_connector_subaction_addevent + closeAlert: >- + #/components/schemas/Connectors_run_connector_subaction_closealert + closeIncident: >- + #/components/schemas/Connectors_run_connector_subaction_closeincident + createAlert: >- + #/components/schemas/Connectors_run_connector_subaction_createalert + fieldsByIssueType: >- + #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype + getChoices: >- + #/components/schemas/Connectors_run_connector_subaction_getchoices + getFields: >- + #/components/schemas/Connectors_run_connector_subaction_getfields + getIncident: >- + #/components/schemas/Connectors_run_connector_subaction_getincident + issue: >- + #/components/schemas/Connectors_run_connector_subaction_issue + issues: >- + #/components/schemas/Connectors_run_connector_subaction_issues + issueTypes: >- + #/components/schemas/Connectors_run_connector_subaction_issuetypes + pushToService: >- + #/components/schemas/Connectors_run_connector_subaction_pushtoservice + propertyName: subAction + oneOf: + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_addevent + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_closealert + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_closeincident + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_createalert + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getchoices + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getfields + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getincident + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issue + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issues + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issuetypes + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_postmessage + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_pushtoservice + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_validchannelid + title: Subaction parameters required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector + - params + title: Run connector request body properties type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector + Connectors_run_connector_subaction_addevent: + description: The `addEvent` subaction for ServiceNow ITOM connectors. + title: The addEvent subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .pagerduty - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - addEvent type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + additional_info: + description: Additional information about the event. + type: string + description: + description: The details about the event. + type: string + event_class: + description: A specific instance of the source. + type: string + message_key: + description: >- + All actions sharing this key are associated with the same + ServiceNow alert. The default value is `:`. + type: string + metric_name: + description: The name of the metric. + type: string + node: + description: The host that the event was triggered for. + type: string + resource: + description: The name of the resource. + type: string + severity: + description: The severity of the event. + type: string + source: + description: The name of the event source type. + type: string + time_of_event: + description: The time of the event. + type: string + type: + description: The type of event. + type: string required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector + - subAction + Connectors_run_connector_subaction_closealert: + description: The `closeAlert` subaction for Opsgenie connectors. + title: The closeAlert subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .resilient - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - closeAlert type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + alias: + description: >- + The unique identifier used for alert deduplication in Opsgenie. + The alias must match the value used when creating the alert. + type: string + note: + description: Additional information for the alert. + type: string + source: + description: The display name for the source of the alert. + type: string + user: + description: The display name for the owner. + type: string + required: + - alias required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector + - subAction + - subActionParams + Connectors_run_connector_subaction_closeincident: + description: The `closeIncident` subaction for ServiceNow ITSM connectors. + title: The closeIncident subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .sentinelone - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - closeIncident type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector - type: object - properties: - config: - nullable: true + subActionParams: type: object - connector_type_id: - description: The type of connector. - enum: - - .server-log - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. - type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + properties: + incident: + anyOf: + - required: + - correlation_id + - required: + - externalId + type: object + properties: + correlation_id: + default: '{{rule.id}}:{{alert.id}}' + description: > + An identifier that is assigned to the incident when it is + created by the connector. NOTE: If you use the default value + and the rule generates multiple alerts that use the same + alert IDs, the latest open incident for this correlation ID + is closed unless you specify the external ID. + maxLength: 100 + nullable: true + type: string + externalId: + description: >- + The unique identifier (`incidentId`) for the incident in + ServiceNow. + nullable: true + type: string + required: + - incident required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector + - subAction + - subActionParams + Connectors_run_connector_subaction_createalert: + description: The `createAlert` subaction for Opsgenie connectors. + title: The createAlert subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .servicenow - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - createAlert type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + actions: + description: The custom actions available to the alert. + items: + type: string + type: array + alias: + description: The unique identifier used for alert deduplication in Opsgenie. + type: string + description: + description: >- + A description that provides detailed information about the + alert. + type: string + details: + additionalProperties: true + description: The custom properties of the alert. + example: + key1: value1 + key2: value2 + type: object + entity: + description: >- + The domain of the alert. For example, the application or server + name. + type: string + message: + description: The alert message. + type: string + note: + description: Additional information for the alert. + type: string + priority: + description: The priority level for the alert. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + type: string + responders: + description: > + The entities to receive notifications about the alert. If `type` + is `user`, either `id` or `username` is required. If `type` is + `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + description: The identifier for the entity. + type: string + name: + description: The name of the entity. + type: string + type: + description: 'The type of responders, in this case `escalation`.' + enum: + - escalation + - schedule + - team + - user + type: string + username: + description: A valid email address for the user. + type: string + type: array + source: + description: The display name for the source of the alert. + type: string + tags: + description: The tags for the alert. + items: + type: string + type: array + user: + description: The display name for the owner. + type: string + visibleTo: + description: >- + The teams and users that the alert will be visible to without + sending a notification. Only one of `id`, `name`, or `username` + is required. + items: + type: object + properties: + id: + description: The identifier for the entity. + type: string + name: + description: The name of the entity. + type: string + type: + description: Valid values are `team` and `user`. + enum: + - team + - user + type: string + username: + description: >- + The user name. This property is required only when the + `type` is `user`. + type: string + required: + - type + type: array + required: + - message required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector + - subAction + - subActionParams + Connectors_run_connector_subaction_fieldsbyissuetype: + description: The `fieldsByIssueType` subaction for Jira connectors. + title: The fieldsByIssueType subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .servicenow-itom - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - fieldsByIssueType type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + id: + description: The Jira issue type identifier. + example: 10024 + type: string + required: + - id required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector + - subAction + - subActionParams + Connectors_run_connector_subaction_getchoices: + description: >- + The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors. + title: The getChoices subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .servicenow-sir - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - getChoices type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + fields: + description: An array of fields. + items: + type: string + type: array + required: + - fields required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector + - subAction + - subActionParams + Connectors_run_connector_subaction_getfields: + description: >- + The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow + SecOps connectors. + title: The getFields subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .slack_api - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - getFields type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector - type: object + - subAction + Connectors_run_connector_subaction_getincident: + description: >- + The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow + SecOps connectors. properties: - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .slack - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - getIncident type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + externalId: + description: >- + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue + identifier. + example: 71778 + type: string + required: + - externalId required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector + - subAction + - subActionParams + title: The getIncident subaction + type: object + Connectors_run_connector_subaction_issue: + description: The `issue` subaction for Jira connectors. + title: The issue subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .swimlane - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - issue type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + id: + description: The Jira issue identifier. + example: 71778 + type: string + required: + - id required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector + - subAction + Connectors_run_connector_subaction_issues: + description: The `issues` subaction for Jira connectors. + title: The issues subaction type: object properties: - config: - type: object - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .teams - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - issues type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + title: + description: The title of the Jira issue. + type: string + required: + - title required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector + - subAction + - subActionParams + Connectors_run_connector_subaction_issuetypes: + description: The `issueTypes` subaction for Jira connectors. + title: The issueTypes subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .tines - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - issueTypes type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector - type: object + - subAction + Connectors_run_connector_subaction_postmessage: + description: > + Test an action that sends a message to Slack. It is applicable only when + the connector type is `.slack_api`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .torq - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - postMessage type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + channelIds: + description: > + The Slack channel identifier, which must be one of the + `allowedChannels` in the connector configuration. + items: + type: string + maxItems: 1 + type: array + channels: + deprecated: true + description: | + The name of a channel that your Slack app has access to. + items: + type: string + maxItems: 1 + type: array + text: + description: > + The Slack message text. If it is a Slack webhook connector, the + text cannot contain Markdown, images, or other advanced + formatting. If it is a Slack web API connector, it can contain + either plain text or block kit messages. + minLength: 1 + type: string required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector + - subAction + - subActionParams + title: The postMessage subaction + type: object + Connectors_run_connector_subaction_pushtoservice: + description: >- + The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow + SecOps, Swimlane, and Webhook - Case Management connectors. + title: The pushToService subaction type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .webhook - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - pushToService type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector - type: object + subActionParams: + description: The set of configuration properties for the action. + type: object + properties: + comments: + description: >- + Additional information that is sent to Jira, ServiceNow ITSM, + ServiceNow SecOps, or Swimlane. + items: + type: object + properties: + comment: + description: >- + A comment related to the incident. For example, describe + how to troubleshoot the issue. + type: string + commentId: + description: A unique identifier for the comment. + type: integer + type: array + incident: + description: >- + Information necessary to create or update a Jira, ServiceNow + ITSM, ServiveNow SecOps, or Swimlane incident. + type: object + properties: + alertId: + description: The alert identifier for Swimlane connectors. + type: string + caseId: + description: >- + The case identifier for the incident for Swimlane + connectors. + type: string + caseName: + description: The case name for the incident for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + correlation_display: + description: >- + A descriptive label of the alert for correlation purposes + for ServiceNow ITSM and ServiceNow SecOps connectors. + type: string + correlation_id: + description: > + The correlation identifier for the security incident for + ServiceNow ITSM and ServiveNow SecOps connectors. Connectors + using the same correlation ID are associated with the same + ServiceNow incident. This value determines whether a new + ServiceNow incident is created or an existing one is + updated. Modifying this value is optional; if not modified, + the rule ID and alert ID are combined as `{{ruleID}}:{{alert + ID}}` to form the correlation ID value in ServiceNow. The + maximum character length for this value is 100 characters. + NOTE: Using the default configuration of `{{ruleID}}:{{alert + ID}}` ensures that ServiceNow creates a separate incident + record for every generated alert that uses a unique alert + ID. If the rule generates multiple alerts that use the same + alert IDs, ServiceNow creates and continually updates a + single incident record for the alert. + type: string + description: + description: >- + The description of the incident for Jira, ServiceNow ITSM, + ServiceNow SecOps, Swimlane, and Webhook - Case Management + connectors. + type: string + dest_ip: + description: > + A list of destination IP addresses related to the security + incident for ServiceNow SecOps connectors. The IPs are added + as observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + externalId: + description: > + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue + identifier. If present, the incident is updated. Otherwise, + a new incident is created. + type: string + id: + description: >- + The external case identifier for Webhook - Case Management + connectors. + type: string + impact: + description: The impact of the incident for ServiceNow ITSM connectors. + type: string + issueType: + description: >- + The type of incident for Jira connectors. For example, + 10006. To obtain the list of valid values, set `subAction` + to `issueTypes`. + type: integer + labels: + description: > + The labels for the incident for Jira connectors. NOTE: + Labels cannot contain spaces. + items: + type: string + type: array + malware_hash: + description: >- + A list of malware hashes related to the security incident + for ServiceNow SecOps connectors. The hashes are added as + observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + malware_url: + description: >- + A list of malware URLs related to the security incident for + ServiceNow SecOps connectors. The URLs are added as + observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + type: string + otherFields: + additionalProperties: true + description: > + Custom field identifiers and their values for Jira + connectors. + maxProperties: 20 + type: object + parent: + description: >- + The ID or key of the parent issue for Jira connectors. + Applies only to `Sub-task` types of issues. + type: string + priority: + description: >- + The priority of the incident in Jira and ServiceNow SecOps + connectors. + type: string + ruleName: + description: The rule name for Swimlane connectors. + type: string + severity: + description: >- + The severity of the incident for ServiceNow ITSM and + Swimlane connectors. + type: string + short_description: + description: > + A short description of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. It is used for searching the + contents of the knowledge base. + type: string + source_ip: + description: >- + A list of source IP addresses related to the security + incident for ServiceNow SecOps connectors. The IPs are added + as observables to the security incident. + oneOf: + - type: string + - items: + type: string + type: array + status: + description: >- + The status of the incident for Webhook - Case Management + connectors. + type: string + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + summary: + description: A summary of the incident for Jira connectors. + type: string + tags: + description: A list of tags for Webhook - Case Management connectors. + items: + type: string + type: array + title: + description: > + A title for the incident for Jira and Webhook - Case + Management connectors. It is used for searching the contents + of the knowledge base. + type: string + urgency: + description: The urgency of the incident for ServiceNow ITSM connectors. + type: string + required: + - subAction + - subActionParams + Connectors_run_connector_subaction_validchannelid: + description: > + Retrieves information about a valid Slack channel identifier. It is + applicable only when the connector type is `.slack_api`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. + subAction: + description: The action to test. enum: - - .xmatters - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - description: The display name for the connector. + - validChannelId type: string - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' + subActionParams: + type: object + properties: + channelId: + description: The Slack channel identifier. + example: C123ABC456 + type: string + required: + - channelId required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - Connectors_connector_types: - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - title: Connector types - type: string - Connectors_create_connector_request: - description: The properties vary depending on the connector type. - discriminator: - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - propertyName: connector_type_id - oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - title: Create connector request body properties - Connectors_create_connector_request_bedrock: - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. + - subAction + - subActionParams + title: The validChannelId subaction + type: object + Connectors_secrets_properties_bedrock: + description: Defines secrets for connectors when type is `.bedrock`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: - description: The type of connector. - enum: - - .bedrock - example: .bedrock + accessKey: + description: The AWS access key for authentication. type: string - name: - description: The display name for the connector. - example: my-connector + secret: + description: The AWS secret for authentication. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - - config - - connector_type_id - - name - - secrets - title: Create Amazon Bedrock connector request + - accessKey + - secret + title: Connector secrets properties for an Amazon Bedrock connector + type: object + Connectors_secrets_properties_cases_webhook: + title: Connector secrets properties for Webhook - Case Management connector type: object - Connectors_create_connector_request_cases_webhook: - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook + password: + description: >- + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - name: - description: The display name for the connector. - example: my-connector + user: + description: >- + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - required: - - config - - connector_type_id - - name - title: Create Webhook - Case Managment connector request + Connectors_secrets_properties_d3security: + description: Defines secrets for connectors when type is `.d3security`. type: object - Connectors_create_connector_request_d3security: - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: - description: The type of connector. - enum: - - .d3security - example: .d3security - type: string - name: - description: The display name for the connector. - example: my-connector + token: + description: The D3 Security token. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - - config - - connector_type_id - - name - - secrets - title: Create D3 Security connector request - type: object - Connectors_create_connector_request_email: - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. + - token + title: Connector secrets properties for a D3 Security connector + Connectors_secrets_properties_email: + description: Defines secrets for connectors when type is `.email`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - description: The type of connector. - enum: - - .email - example: .email + clientSecret: + description: > + The Microsoft Exchange Client secret for OAuth 2.0 client + credentials authentication. It must be URL-encoded. If `service` is + `exchange_server`, this property is required. + type: string + password: + description: > + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - name: - description: The display name for the connector. - example: my-connector + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - connector_type_id - - name - - secrets - title: Create email connector request + title: Connector secrets properties for an email connector type: object - Connectors_create_connector_request_gemini: - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. + Connectors_secrets_properties_gemini: + description: Defines secrets for connectors when type is `.gemini`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: - description: The type of connector. - enum: - - .gemini - example: .gemini - type: string - name: - description: The display name for the connector. - example: my-connector + credentialsJSON: + description: >- + The service account credentials JSON file. The service account + should have Vertex AI user IAM role assigned to it. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - - config - - connector_type_id - - name - - secrets - title: Create Google Gemini connector request + - credentialsJSON + title: Connector secrets properties for a Google Gemini connector type: object - Connectors_create_connector_request_genai: - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. + Connectors_secrets_properties_genai: + description: Defines secrets for connectors when type is `.gen-ai`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - type: string - name: - description: The display name for the connector. - example: my-connector + apiKey: + description: The OpenAI API key. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' - required: - - config - - connector_type_id - - name - - secrets - title: Create OpenAI connector request + title: Connector secrets properties for an OpenAI connector + type: object + Connectors_secrets_properties_jira: + description: Defines secrets for connectors when type is `.jira`. type: object - Connectors_create_connector_request_index: - description: The index connector indexes a document into Elasticsearch. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: - description: The type of connector. - enum: - - .index - example: .index + apiToken: + description: The Jira API authentication token for HTTP basic authentication. type: string - name: - description: The display name for the connector. - example: my-connector + email: + description: The account email for HTTP Basic authentication. type: string required: - - config - - connector_type_id - - name - title: Create index connector request + - apiToken + - email + title: Connector secrets properties for a Jira connector + Connectors_secrets_properties_opsgenie: + description: Defines secrets for connectors when type is `.opsgenie`. type: object - Connectors_create_connector_request_jira: - description: The Jira connector uses the REST API v2 to create Jira issues. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: - description: The type of connector. - enum: - - .jira - example: .jira + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. type: string - name: - description: The display name for the connector. - example: my-connector + required: + - apiKey + title: Connector secrets properties for an Opsgenie connector + Connectors_secrets_properties_pagerduty: + description: Defines secrets for connectors when type is `.pagerduty`. + properties: + routingKey: + description: > + A 32 character PagerDuty Integration Key for an integration on a + service. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - config - - connector_type_id - - name - - secrets - title: Create Jira connector request + - routingKey + title: Connector secrets properties for a PagerDuty connector + type: object + Connectors_secrets_properties_resilient: + description: Defines secrets for connectors when type is `.resilient`. type: object - Connectors_create_connector_request_opsgenie: - description: The Opsgenie connector uses the Opsgenie alert API. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie + apiKeyId: + description: The authentication key ID for HTTP Basic authentication. type: string - name: - description: The display name for the connector. - example: my-connector + apiKeySecret: + description: The authentication key secret for HTTP Basic authentication. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' required: - - config - - connector_type_id - - name - - secrets - title: Create Opsgenie connector request - type: object - Connectors_create_connector_request_pagerduty: - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. + - apiKeyId + - apiKeySecret + title: Connector secrets properties for IBM Resilient connector + Connectors_secrets_properties_sentinelone: + description: Defines secrets for connectors when type is `.sentinelone`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty - type: string - name: - description: The display name for the connector. - example: my-connector + token: + description: The A SentinelOne API token. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' required: - - config - - connector_type_id - - name - - secrets - title: Create PagerDuty connector request + - token + title: Connector secrets properties for a SentinelOne connector type: object - Connectors_create_connector_request_resilient: + Connectors_secrets_properties_servicenow: description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. + Defines secrets for connectors when type is `.servicenow`, + `.servicenow-sir`, or `.servicenow-itom`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. - enum: - - .resilient - example: .resilient + clientSecret: + description: >- + The client secret assigned to your OAuth application. This property + is required when `isOAuth` is `true`. type: string - name: - description: The display name for the connector. - example: my-connector + password: + description: >- + The password for HTTP basic authentication. This property is + required when `isOAuth` is `false`. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - connector_type_id - - name - - secrets - title: Create IBM Resilient connector request - type: object - Connectors_create_connector_request_sentinelone: - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Create SentinelOne connector request + privateKey: + description: >- + The RSA private key that you created for use in ServiceNow. This + property is required when `isOAuth` is `true`. + type: string + privateKeyPassword: + description: >- + The password for the RSA private key. This property is required when + `isOAuth` is `true` and you set a password on your private key. + type: string + username: + description: >- + The username for HTTP basic authentication. This property is + required when `isOAuth` is `false`. + type: string + title: >- + Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors + type: object + Connectors_secrets_properties_slack_api: + description: Defines secrets for connectors when type is `.slack`. type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - type: string - name: - description: The display name for the connector. - example: my-connector + token: + description: Slack bot user OAuth token. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' required: - - config - - connector_type_id - - name - - secrets - x-technical-preview: true - Connectors_create_connector_request_serverlog: - description: This connector writes an entry to the Kibana server log. + - token + title: Connector secrets properties for a Web API Slack connector + Connectors_secrets_properties_slack_webhook: + description: Defines secrets for connectors when type is `.slack`. + type: object properties: - connector_type_id: - description: The type of connector. - enum: - - .server-log - example: .server-log - type: string - name: - description: The display name for the connector. - example: my-connector + webhookUrl: + description: Slack webhook url. type: string required: - - connector_type_id - - name - title: Create server log connector request - type: object - Connectors_create_connector_request_servicenow: - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. + - webhookUrl + title: Connector secrets properties for a Webhook Slack connector + Connectors_secrets_properties_swimlane: + description: Defines secrets for connectors when type is `.swimlane`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow - example: .servicenow + apiToken: + description: Swimlane API authentication token. type: string - name: - description: The display name for the connector. - example: my-connector + title: Connector secrets properties for a Swimlane connector + type: object + Connectors_secrets_properties_teams: + description: Defines secrets for connectors when type is `.teams`. + properties: + webhookUrl: + description: > + The URL of the incoming webhook. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITSM connector request + - webhookUrl + title: Connector secrets properties for a Microsoft Teams connector type: object - Connectors_create_connector_request_servicenow_itom: - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. + Connectors_secrets_properties_tines: + description: Defines secrets for connectors when type is `.tines`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom + email: + description: The email used to sign in to Tines. type: string - name: - description: The display name for the connector. - example: my-connector + token: + description: The Tines API token. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow ITOM connector request + - email + - token + title: Connector secrets properties for a Tines connector type: object - Connectors_create_connector_request_servicenow_sir: - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. + Connectors_secrets_properties_torq: + description: Defines secrets for connectors when type is `.torq`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - name: - description: The display name for the connector. - example: my-connector + token: + description: The secret of the webhook authentication header. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - config - - connector_type_id - - name - - secrets - title: Create ServiceNow SecOps connector request + - token + title: Connector secrets properties for a Torq connector type: object - Connectors_create_connector_request_slack_api: - description: The Slack connector uses an API method to send Slack messages. + Connectors_secrets_properties_webhook: + description: Defines secrets for connectors when type is `.webhook`. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: - description: The type of connector. - enum: - - .slack_api - example: .slack_api + crt: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT + file. type: string - name: - description: The display name for the connector. - example: my-connector + key: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the KEY file. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request + password: + description: > + The password for HTTP basic authentication or the passphrase for the + SSL certificate files. If `hasAuth` is set to `true` and `authType` + is `webhook-authentication-basic`, this property is required. + type: string + pfx: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + type: string + user: + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true` and `authType` is `webhook-authentication-basic`, this + property is required. + type: string + title: Connector secrets properties for a Webhook connector type: object - Connectors_create_connector_request_slack_webhook: - description: The Slack connector uses Slack Incoming Webhooks. + Connectors_secrets_properties_xmatters: + description: Defines secrets for connectors when type is `.xmatters`. properties: - connector_type_id: - description: The type of connector. - enum: - - .slack - example: .slack + password: + description: > + A user name for HTTP basic authentication. It is applicable only + when `usesBasic` is `true`. type: string - name: - description: The display name for the connector. - example: my-connector + secretsUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters with the + API key included in the URL. It is applicable only when `usesBasic` + is `false`. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - required: - - connector_type_id - - name - - secrets - title: Create Slack connector request + user: + description: > + A password for HTTP basic authentication. It is applicable only when + `usesBasic` is `true`. + type: string + title: Connector secrets properties for an xMatters connector + type: object + Connectors_update_connector_request: + description: The properties vary depending on the connector type. + oneOf: + - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_update_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_update_connector_request_index' + - $ref: '#/components/schemas/Connectors_update_connector_request_jira' + - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_servicenow_itom + - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_update_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_update_connector_request_teams' + - $ref: '#/components/schemas/Connectors_update_connector_request_tines' + - $ref: '#/components/schemas/Connectors_update_connector_request_torq' + - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' + title: Update connector request body properties + Connectors_update_connector_request_bedrock: + title: Update Amazon Bedrock connector request type: object - Connectors_create_connector_request_swimlane: - description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: - description: The type of connector. - enum: - - .swimlane - example: .swimlane - type: string + $ref: '#/components/schemas/Connectors_config_properties_bedrock' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' required: - config - - connector_type_id - - name - - secrets - title: Create Swimlane connector request - type: object - Connectors_create_connector_request_teams: - description: The Microsoft Teams connector uses Incoming Webhooks. - properties: - connector_type_id: - description: The type of connector. - enum: - - .teams - example: .teams - type: string - name: - description: The display name for the connector. - example: my-connector - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - required: - - connector_type_id - name - - secrets - title: Create Microsoft Teams connector request + Connectors_update_connector_request_cases_webhook: + title: Update Webhook - Case Managment connector request type: object - Connectors_create_connector_request_tines: - description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - description: The type of connector. - enum: - - .tines - example: .tines - type: string + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' name: description: The display name for the connector. example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - config - - connector_type_id - name - - secrets - title: Create Tines connector request + Connectors_update_connector_request_d3security: + title: Update D3 Security connector request type: object - Connectors_create_connector_request_torq: - description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - description: The type of connector. - enum: - - .torq - example: .torq - type: string + $ref: '#/components/schemas/Connectors_config_properties_d3security' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' required: - config - - connector_type_id - name - secrets - title: Create Torq connector request + Connectors_update_connector_request_email: + title: Update email connector request type: object - Connectors_create_connector_request_webhook: - description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: - description: The type of connector. - enum: - - .webhook - example: .webhook - type: string + $ref: '#/components/schemas/Connectors_config_properties_email' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + $ref: '#/components/schemas/Connectors_secrets_properties_email' required: - config - - connector_type_id - name - - secrets - title: Create Webhook connector request + Connectors_update_connector_request_gemini: + title: Update Google Gemini connector request type: object - Connectors_create_connector_request_xmatters: - description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. properties: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - description: The type of connector. - enum: - - .xmatters - example: .xmatters - type: string + $ref: '#/components/schemas/Connectors_config_properties_gemini' name: description: The display name for the connector. - example: my-connector type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' required: - config - - connector_type_id - name - - secrets - title: Create xMatters connector request - type: object - Connectors_features: - description: | - The feature that uses the connector. - enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime - type: string - Connectors_is_deprecated: - description: Indicates whether the connector type is deprecated. - example: false - type: boolean - Connectors_is_missing_secrets: - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - type: boolean - Connectors_is_preconfigured: - description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - type: boolean - Connectors_is_system_action: - description: Indicates whether the connector is used for system actions. - example: false - type: boolean - Connectors_referenced_by_count: - description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - type: integer - Connectors_run_connector_params_acknowledge_resolve_pagerduty: - description: Test an action that acknowledges or resolves a PagerDuty alert. - properties: - dedupKey: - description: The deduplication key for the PagerDuty alert. - maxLength: 255 - type: string - eventAction: - description: The type of event. - enum: - - acknowledge - - resolve - type: string - required: - - dedupKey - - eventAction - title: PagerDuty connector parameters - type: object - Connectors_run_connector_params_documents: - description: Test an action that indexes a document into Elasticsearch. - properties: - documents: - description: The documents in JSON format for index connectors. - items: - additionalProperties: true - type: object - type: array - required: - - documents - title: Index connector parameters - type: object - Connectors_run_connector_params_message_email: - anyOf: - - required: - - bcc - - message - - subject - - required: - - cc - - message - - subject - - required: - - to - - message - - subject - description: > - Test an action that sends an email message. There must be at least one - recipient in `to`, `cc`, or `bcc`. - properties: - bcc: - description: > - A list of "blind carbon copy" email addresses. Addresses can be - specified in `user@host-name` format or in name `` - format - items: - type: string - type: array - cc: - description: > - A list of "carbon copy" email addresses. Addresses can be specified - in `user@host-name` format or in name `` format - items: - type: string - type: array - message: - description: The email message text. Markdown format is supported. - type: string - subject: - description: The subject line of the email. - type: string - to: - description: > - A list of email addresses. Addresses can be specified in - `user@host-name` format or in name `` format. - items: - type: string - type: array - title: Email connector parameters + Connectors_update_connector_request_index: + title: Update index connector request type: object - Connectors_run_connector_params_message_serverlog: - description: Test an action that writes an entry to the Kibana server log. properties: - level: - default: info - description: The log level of the message for server log connectors. - enum: - - debug - - error - - fatal - - info - - trace - - warn - type: string - message: - description: The message for server log connectors. + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + name: + description: The display name for the connector. type: string required: - - message - title: Server log connector parameters + - config + - name + Connectors_update_connector_request_jira: + title: Update Jira connector request type: object - Connectors_run_connector_params_message_slack: - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack`. properties: - message: - description: >- - The Slack message text, which cannot contain Markdown, images, or - other advanced formatting. + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' required: - - message - title: Slack connector parameters + - config + - name + - secrets + Connectors_update_connector_request_opsgenie: + title: Update Opsgenie connector request type: object - Connectors_run_connector_params_trigger_pagerduty: - description: Test an action that triggers a PagerDuty alert. properties: - class: - description: The class or type of the event. - example: cpu load - type: string - component: - description: >- - The component of the source machine that is responsible for the - event. - example: eth0 - type: string - customDetails: - description: Additional details to add to the event. - type: object - dedupKey: - description: > - All actions sharing this key will be associated with the same - PagerDuty alert. This value is used to correlate trigger and - resolution. - maxLength: 255 + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + name: + description: The display name for the connector. type: string - eventAction: - description: The type of event. - enum: - - trigger + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' + required: + - config + - name + - secrets + Connectors_update_connector_request_pagerduty: + title: Update PagerDuty connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + name: + description: The display name for the connector. type: string - group: - description: The logical grouping of components of a service. - example: app-stack + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' + required: + - config + - name + - secrets + Connectors_update_connector_request_resilient: + title: Update IBM Resilient connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + name: + description: The display name for the connector. type: string - links: - description: A list of links to add to the event. - items: - type: object - properties: - href: - description: The URL for the link. - type: string - text: - description: A plain text description of the purpose of the link. - type: string - type: array - severity: - default: info - description: The severity of the event on the affected system. - enum: - - critical - - error - - info - - warning + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' + required: + - config + - name + - secrets + Connectors_update_connector_request_sentinelone: + title: Update SentinelOne connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + name: + description: The display name for the connector. type: string - source: - description: > - The affected system, such as a hostname or fully qualified domain - name. Defaults to the Kibana saved object id of the action. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + required: + - config + - name + - secrets + Connectors_update_connector_request_serverlog: + title: Update server log connector request + type: object + properties: + name: + description: The display name for the connector. type: string - summary: - description: A summery of the event. - maxLength: 1024 + required: + - name + Connectors_update_connector_request_servicenow: + title: Update ServiceNow ITSM connector or ServiceNow SecOps request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + name: + description: The display name for the connector. type: string - timestamp: - description: >- - An ISO-8601 timestamp that indicates when the event was detected or - generated. - format: date-time + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + required: + - config + - name + - secrets + Connectors_update_connector_request_servicenow_itom: + title: Create ServiceNow ITOM connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + name: + description: The display name for the connector. type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - eventAction - title: PagerDuty connector parameters + - config + - name + - secrets + Connectors_update_connector_request_slack_api: + title: Update Slack connector request type: object - Connectors_run_connector_request: - description: The properties vary depending on the connector type. properties: - params: - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty - - $ref: '#/components/schemas/Connectors_run_connector_params_documents' - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_email - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_serverlog - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_slack - - $ref: >- - #/components/schemas/Connectors_run_connector_params_trigger_pagerduty - - description: Test an action that involves a subaction. - discriminator: - mapping: - addEvent: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - closeAlert: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - closeIncident: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - createAlert: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - fieldsByIssueType: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - getChoices: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - getFields: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - getIncident: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - issue: >- - #/components/schemas/Connectors_run_connector_subaction_issue - issues: >- - #/components/schemas/Connectors_run_connector_subaction_issues - issueTypes: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - pushToService: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - propertyName: subAction - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issue - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issues - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_postmessage - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_validchannelid - title: Subaction parameters + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' required: - - params - title: Run connector request body properties + - name + - secrets + Connectors_update_connector_request_slack_webhook: + title: Update Slack connector request type: object - Connectors_run_connector_subaction_addevent: - description: The `addEvent` subaction for ServiceNow ITOM connectors. - title: The addEvent subaction + properties: + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + required: + - name + - secrets + Connectors_update_connector_request_swimlane: + title: Update Swimlane connector request type: object properties: - subAction: - description: The action to test. - enum: - - addEvent + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + name: + description: The display name for the connector. + example: my-connector type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - additional_info: - description: Additional information about the event. - type: string - description: - description: The details about the event. - type: string - event_class: - description: A specific instance of the source. - type: string - message_key: - description: >- - All actions sharing this key are associated with the same - ServiceNow alert. The default value is `:`. - type: string - metric_name: - description: The name of the metric. - type: string - node: - description: The host that the event was triggered for. - type: string - resource: - description: The name of the resource. - type: string - severity: - description: The severity of the event. - type: string - source: - description: The name of the event source type. - type: string - time_of_event: - description: The time of the event. - type: string - type: - description: The type of event. - type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' required: - - subAction - Connectors_run_connector_subaction_closealert: - description: The `closeAlert` subaction for Opsgenie connectors. - title: The closeAlert subaction + - config + - name + - secrets + Connectors_update_connector_request_teams: + title: Update Microsoft Teams connector request type: object properties: - subAction: - description: The action to test. - enum: - - closeAlert + name: + description: The display name for the connector. type: string - subActionParams: - type: object - properties: - alias: - description: >- - The unique identifier used for alert deduplication in Opsgenie. - The alias must match the value used when creating the alert. - type: string - note: - description: Additional information for the alert. - type: string - source: - description: The display name for the source of the alert. - type: string - user: - description: The display name for the owner. - type: string - required: - - alias + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' required: - - subAction - - subActionParams - Connectors_run_connector_subaction_closeincident: - description: The `closeIncident` subaction for ServiceNow ITSM connectors. - title: The closeIncident subaction + - name + - secrets + Connectors_update_connector_request_tines: + title: Update Tines connector request type: object properties: - subAction: - description: The action to test. - enum: - - closeIncident + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + name: + description: The display name for the connector. type: string - subActionParams: - type: object - properties: - incident: - anyOf: - - required: - - correlation_id - - required: - - externalId - type: object - properties: - correlation_id: - default: '{{rule.id}}:{{alert.id}}' - description: > - An identifier that is assigned to the incident when it is - created by the connector. NOTE: If you use the default value - and the rule generates multiple alerts that use the same - alert IDs, the latest open incident for this correlation ID - is closed unless you specify the external ID. - maxLength: 100 - nullable: true - type: string - externalId: - description: >- - The unique identifier (`incidentId`) for the incident in - ServiceNow. - nullable: true - type: string - required: - - incident + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' required: - - subAction - - subActionParams - Connectors_run_connector_subaction_createalert: - description: The `createAlert` subaction for Opsgenie connectors. - title: The createAlert subaction + - config + - name + - secrets + Connectors_update_connector_request_torq: + title: Update Torq connector request type: object properties: - subAction: - description: The action to test. + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + required: + - config + - name + - secrets + Connectors_update_connector_request_webhook: + title: Update Webhook connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + required: + - config + - name + - secrets + Connectors_update_connector_request_xmatters: + title: Update xMatters connector request + type: object + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + name: + description: The display name for the connector. + type: string + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + required: + - config + - name + - secrets + Data_views_400_response: + title: Bad request + type: object + properties: + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: enum: - - createAlert + - Not Found + example: Not Found type: string - subActionParams: + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. type: object properties: - actions: - description: The custom actions available to the alert. - items: - type: string - type: array - alias: - description: The unique identifier used for alert deduplication in Opsgenie. - type: string - description: - description: >- - A description that provides detailed information about the - alert. - type: string - details: - additionalProperties: true - description: The custom properties of the alert. - example: - key1: value1 - key2: value2 + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' type: object - entity: - description: >- - The domain of the alert. For example, the application or server - name. - type: string - message: - description: The alert message. - type: string - note: - description: Additional information for the alert. - type: string - priority: - description: The priority level for the alert. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: type: string - responders: - description: > - The entities to receive notifications about the alert. If `type` - is `user`, either `id` or `username` is required. If `type` is - `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - description: The identifier for the entity. - type: string - name: - description: The name of the entity. - type: string - type: - description: 'The type of responders, in this case `escalation`.' - enum: - - escalation - - schedule - - team - - user - type: string - username: - description: A valid email address for the user. - type: string - type: array - source: - description: The display name for the source of the alert. + name: + description: The data view name. type: string - tags: - description: The tags for the alert. - items: - type: string - type: array - user: - description: The display name for the owner. + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: type: string - visibleTo: - description: >- - The teams and users that the alert will be visible to without - sending a notification. Only one of `id`, `name`, or `username` - is required. - items: - type: object - properties: - id: - description: The identifier for the entity. - type: string - name: - description: The name of the entity. - type: string - type: - description: Valid values are `team` and `user`. - enum: - - team - - user - type: string - username: - description: >- - The user name. This property is required only when the - `type` is `user`. - type: string - required: - - type - type: array required: - - message + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean required: - - subAction - - subActionParams - Connectors_run_connector_subaction_fieldsbyissuetype: - description: The `fieldsByIssueType` subaction for Jira connectors. - title: The fieldsByIssueType subaction + - data_view + Data_views_data_view_response_object: + title: Data view response properties type: object properties: - subAction: - description: The action to test. - enum: - - fieldsByIssueType - type: string - subActionParams: + data_view: type: object properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object id: - description: The Jira issue type identifier. - example: 10024 + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f type: string - required: - - id - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_getchoices: - description: >- - The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors. - title: The getChoices subaction + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. type: object properties: - subAction: - description: The action to test. - enum: - - getChoices + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 type: string - subActionParams: - description: The set of configuration properties for the action. + customLabel: + description: Custom label for the field. + type: string + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: type: object properties: - fields: - description: An array of fields. - items: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. + type: string + required: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request + type: object + properties: + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: type: string type: array - required: - - fields + forType: + description: Limit the affected saved objects by type. + type: string + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. + type: string required: - - subAction - - subActionParams - Connectors_run_connector_subaction_getfields: + - fromId + - toId + Data_views_timefieldname: + description: 'The timestamp field name, which you use for time-based data views.' + type: string + Data_views_title: description: >- - The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. - title: The getFields subaction + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: 'When set to `rollup`, identifies the rollup data views.' + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. type: object properties: - subAction: - description: The action to test. - enum: - - getFields - type: string + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object required: - - subAction - Connectors_run_connector_subaction_getincident: + - aggs + - params + Data_views_typemeta_response: description: >- - The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true + type: object properties: - subAction: - description: The action to test. - enum: - - getIncident - type: string - subActionParams: + aggs: + description: A map of rollup restrictions by aggregation type and field name. type: object - properties: - externalId: - description: >- - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. - example: 71778 - type: string - required: - - externalId - required: - - subAction - - subActionParams - title: The getIncident subaction - type: object - Connectors_run_connector_subaction_issue: - description: The `issue` subaction for Jira connectors. - title: The issue subaction + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request type: object properties: - subAction: - description: The action to test. - enum: - - issue - type: string - subActionParams: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. type: object properties: - id: - description: The Jira issue identifier. - example: 71778 + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: type: string - required: - - id + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean required: - - subAction - Connectors_run_connector_subaction_issues: - description: The `issues` subaction for Jira connectors. - title: The issues subaction + - data_view + Fleet_agent: + title: Agent type: object properties: - subAction: - description: The action to test. - enum: - - issues + access_api_key: type: string - subActionParams: + access_api_key_id: + type: string + active: + type: boolean + components: + items: + $ref: '#/components/schemas/Fleet_agent_component' + type: array + default_api_key: + type: string + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + metrics: type: object properties: - title: - description: The title of the Jira issue. - type: string - required: - - title + cpu_avg: + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 + type: number + memory_size_byte_avg: + description: Average agent memory consumption during the last 5 minutes + type: number + policy_id: + type: string + policy_revision: + type: number + status: + $ref: '#/components/schemas/Fleet_agent_status' + type: + $ref: '#/components/schemas/Fleet_agent_type' + unenrolled_at: + type: string + unenrollment_started_at: + type: string + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' required: - - subAction - - subActionParams - Connectors_run_connector_subaction_issuetypes: - description: The `issueTypes` subaction for Jira connectors. - title: The issueTypes subaction + - type + - active + - enrolled_at + - id + - status + Fleet_agent_action: + oneOf: + - properties: + ack_data: + type: string + data: + type: string + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + - properties: + data: + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + type: + type: string + title: Agent action + Fleet_agent_component: + title: Agent component type: object properties: - subAction: - description: The action to test. - enum: - - issueTypes + id: type: string - required: - - subAction - Connectors_run_connector_subaction_postmessage: - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack_api`. - properties: - subAction: - description: The action to test. - enum: - - postMessage + message: type: string - subActionParams: - description: The set of configuration properties for the action. - type: object - properties: - channelIds: - description: > - The Slack channel identifier, which must be one of the - `allowedChannels` in the connector configuration. - items: - type: string - maxItems: 1 - type: array - channels: - deprecated: true - description: | - The name of a channel that your Slack app has access to. - items: - type: string - maxItems: 1 - type: array - text: - description: > - The Slack message text. If it is a Slack webhook connector, the - text cannot contain Markdown, images, or other advanced - formatting. If it is a Slack web API connector, it can contain - either plain text or block kit messages. - minLength: 1 - type: string - required: - - subAction - - subActionParams - title: The postMessage subaction - type: object - Connectors_run_connector_subaction_pushtoservice: - description: >- - The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow - SecOps, Swimlane, and Webhook - Case Management connectors. - title: The pushToService subaction + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + type: string + units: + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' + type: array + Fleet_agent_component_status: + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + title: Agent component status + type: string + Fleet_agent_component_unit: + title: Agent component unit type: object properties: - subAction: - description: The action to test. - enum: - - pushToService + id: type: string - subActionParams: - description: The set of configuration properties for the action. + message: + type: string + payload: type: object - properties: - comments: - description: >- - Additional information that is sent to Jira, ServiceNow ITSM, - ServiceNow SecOps, or Swimlane. - items: - type: object - properties: - comment: - description: >- - A comment related to the incident. For example, describe - how to troubleshoot the issue. - type: string - commentId: - description: A unique identifier for the comment. - type: integer - type: array - incident: - description: >- - Information necessary to create or update a Jira, ServiceNow - ITSM, ServiveNow SecOps, or Swimlane incident. - type: object - properties: - alertId: - description: The alert identifier for Swimlane connectors. - type: string - caseId: - description: >- - The case identifier for the incident for Swimlane - connectors. - type: string - caseName: - description: The case name for the incident for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - correlation_display: - description: >- - A descriptive label of the alert for correlation purposes - for ServiceNow ITSM and ServiceNow SecOps connectors. - type: string - correlation_id: - description: > - The correlation identifier for the security incident for - ServiceNow ITSM and ServiveNow SecOps connectors. Connectors - using the same correlation ID are associated with the same - ServiceNow incident. This value determines whether a new - ServiceNow incident is created or an existing one is - updated. Modifying this value is optional; if not modified, - the rule ID and alert ID are combined as `{{ruleID}}:{{alert - ID}}` to form the correlation ID value in ServiceNow. The - maximum character length for this value is 100 characters. - NOTE: Using the default configuration of `{{ruleID}}:{{alert - ID}}` ensures that ServiceNow creates a separate incident - record for every generated alert that uses a unique alert - ID. If the rule generates multiple alerts that use the same - alert IDs, ServiceNow creates and continually updates a - single incident record for the alert. - type: string - description: - description: >- - The description of the incident for Jira, ServiceNow ITSM, - ServiceNow SecOps, Swimlane, and Webhook - Case Management - connectors. - type: string - dest_ip: - description: > - A list of destination IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - externalId: - description: > - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. If present, the incident is updated. Otherwise, - a new incident is created. - type: string - id: - description: >- - The external case identifier for Webhook - Case Management - connectors. - type: string - impact: - description: The impact of the incident for ServiceNow ITSM connectors. - type: string - issueType: - description: >- - The type of incident for Jira connectors. For example, - 10006. To obtain the list of valid values, set `subAction` - to `issueTypes`. - type: integer - labels: - description: > - The labels for the incident for Jira connectors. NOTE: - Labels cannot contain spaces. - items: - type: string - type: array - malware_hash: - description: >- - A list of malware hashes related to the security incident - for ServiceNow SecOps connectors. The hashes are added as - observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - malware_url: - description: >- - A list of malware URLs related to the security incident for - ServiceNow SecOps connectors. The URLs are added as - observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - type: string - otherFields: - additionalProperties: true - description: > - Custom field identifiers and their values for Jira - connectors. - maxProperties: 20 - type: object - parent: - description: >- - The ID or key of the parent issue for Jira connectors. - Applies only to `Sub-task` types of issues. - type: string - priority: - description: >- - The priority of the incident in Jira and ServiceNow SecOps - connectors. - type: string - ruleName: - description: The rule name for Swimlane connectors. - type: string - severity: - description: >- - The severity of the incident for ServiceNow ITSM and - Swimlane connectors. - type: string - short_description: - description: > - A short description of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. It is used for searching the - contents of the knowledge base. - type: string - source_ip: - description: >- - A list of source IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - items: - type: string - type: array - status: - description: >- - The status of the incident for Webhook - Case Management - connectors. - type: string - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - summary: - description: A summary of the incident for Jira connectors. - type: string - tags: - description: A list of tags for Webhook - Case Management connectors. - items: - type: string - type: array - title: - description: > - A title for the incident for Jira and Webhook - Case - Management connectors. It is used for searching the contents - of the knowledge base. - type: string - urgency: - description: The urgency of the incident for ServiceNow ITSM connectors. - type: string - required: - - subAction - - subActionParams - Connectors_run_connector_subaction_validchannelid: - description: > - Retrieves information about a valid Slack channel identifier. It is - applicable only when the connector type is `.slack_api`. + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + Fleet_agent_component_unit_type: + enum: + - input + - output + title: Agent component unit type + type: string + Fleet_agent_diagnostics: + title: Agent diagnostics + type: object properties: - subAction: - description: The action to test. + actionId: + type: string + createTime: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: enum: - - validChannelId + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS + required: + - id + - name + - createTime + - filePath + - actionId + - status + Fleet_agent_get_by_actions: + items: + items: + type: string + type: array + title: Agents get by action ids + type: array + Fleet_agent_metadata: + title: Agent metadata + type: object + Fleet_agent_policy: + title: Agent Policy + type: object + properties: + advanced_settings: + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs + nullable: true + type: object + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: type: string - subActionParams: + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + nullable: true + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + overrides: + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true type: object - properties: - channelId: - description: The Slack channel identifier. - example: C123ABC456 - type: string - required: - - channelId + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + revision: + type: number + supports_agentless: + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + type: boolean + unenroll_timeout: + type: integer + unprivileged_agents: + type: number + updated_by: + type: string + updated_on: + format: date-time + type: string required: - - subAction - - subActionParams - title: The validChannelId subaction + - id + - status + - name + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request type: object - Connectors_secrets_properties_bedrock: - description: Defines secrets for connectors when type is `.bedrock`. properties: - accessKey: - description: The AWS access key for authentication. + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true type: string - secret: - description: The AWS secret for authentication. + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer required: - - accessKey - - secret - title: Connector secrets properties for an Amazon Bedrock connector + - name + - namespace + Fleet_agent_policy_full: + oneOf: + - type: object + properties: + item: + type: string + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + title: Agent policy full response type: object - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector + Fleet_agent_policy_update_request: + title: Update agent policy request type: object properties: - password: - description: >- - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true type: string - user: - description: >- - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + description: type: string - Connectors_secrets_properties_d3security: - description: Defines secrets for connectors when type is `.d3security`. + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_status: + enum: + - offline + - error + - online + - inactive + - warning + title: Elastic Agent status + type: string + Fleet_agent_type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + title: Agent type + type: string + Fleet_bulk_install_packages_response: + title: Bulk install packages response type: object properties: - token: - description: The D3 Security token. + items: + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + response: + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + required: + - items + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents + type: object + properties: + agents: + oneOf: + - description: 'KQL query string, leave empty to action all agents' + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + rollout_duration_seconds: + description: rolling upgrade window duration in seconds + type: number + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + description: alternative upgrade binary download url + type: string + start_time: + description: start time of upgrade in ISO 8601 format + type: string + version: + description: version to upgrade to type: string required: - - token - title: Connector secrets properties for a D3 Security connector - Connectors_secrets_properties_email: - description: Defines secrets for connectors when type is `.email`. + - agents + - version + Fleet_data_stream: + title: Data stream + type: object properties: - clientSecret: - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. + dashboard: + items: + type: object + properties: + id: + type: string + title: + type: string + type: array + dataset: type: string - password: - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + index: type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. + last_activity_ms: + type: number + namespace: type: string - title: Connector secrets properties for an email connector + package: + type: string + package_version: + type: string + size_in_bytes: + type: number + size_in_bytes_formatted: + type: string + type: + type: string + Fleet_download_sources: + title: Download Source type: object - Connectors_secrets_properties_gemini: - description: Defines secrets for connectors when type is `.gemini`. properties: - credentialsJSON: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + proxy_id: description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. + The ID of the proxy to use for this download source. See the proxies + API for more information. + nullable: true type: string required: - - credentialsJSON - title: Connector secrets properties for a Google Gemini connector + - is_default + - name + - host + Fleet_elasticsearch_asset_type: + enum: + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + title: Elasticsearch asset type + type: string + Fleet_enrollment_api_key: + title: Enrollment API key type: object - Connectors_secrets_properties_genai: - description: Defines secrets for connectors when type is `.gen-ai`. properties: - apiKey: - description: The OpenAI API key. + active: + type: boolean + api_key: type: string - title: Connector secrets properties for an OpenAI connector - type: object - Connectors_secrets_properties_jira: - description: Defines secrets for connectors when type is `.jira`. - type: object - properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. + api_key_id: + type: string + created_at: + type: string + id: type: string - email: - description: The account email for HTTP Basic authentication. + name: + type: string + policy_id: type: string required: - - apiToken - - email - title: Connector secrets properties for a Jira connector - Connectors_secrets_properties_opsgenie: - description: Defines secrets for connectors when type is `.opsgenie`. + - id + - api_key_id + - api_key + - active + - created_at + Fleet_fleet_server_host: + title: Fleet Server Host type: object properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: type: string required: - - apiKey - title: Connector secrets properties for an Opsgenie connector - Connectors_secrets_properties_pagerduty: - description: Defines secrets for connectors when type is `.pagerduty`. + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + Fleet_fleet_settings_enrollment_response: + title: Fleet settings response + type: object properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. - type: string + download_source: + $ref: '#/components/schemas/Fleet_download_sources' + fleet_server: + type: object + properties: + has_active: + type: boolean + host: + $ref: '#/components/schemas/Fleet_fleet_server_host' + host_proxy: + $ref: '#/components/schemas/Fleet_proxies' + policies: + items: + type: object + properties: + download_source_id: + type: string + fleet_server_host_id: + type: string + has_fleet_server: + type: boolean + id: + type: string + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + name: + type: string + required: + - id + - name + - is_managed + type: array + required: + - agent_policies + - has_active required: - - routingKey - title: Connector secrets properties for a PagerDuty connector + - fleet_server + Fleet_fleet_settings_response: + title: Fleet settings response type: object - Connectors_secrets_properties_resilient: - description: Defines secrets for connectors when type is `.resilient`. + properties: + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_setup_response: + title: Fleet Setup response type: object properties: - apiKeyId: - description: The authentication key ID for HTTP Basic authentication. - type: string - apiKeySecret: - description: The authentication key secret for HTTP Basic authentication. - type: string + isInitialized: + type: boolean + nonFatalErrors: + items: + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array required: - - apiKeyId - - apiKeySecret - title: Connector secrets properties for IBM Resilient connector - Connectors_secrets_properties_sentinelone: - description: Defines secrets for connectors when type is `.sentinelone`. + - isInitialized + - nonFatalErrors + Fleet_fleet_status_response: + title: Fleet status response + type: object properties: - token: - description: The A SentinelOne API token. + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: type: string required: - - token - title: Connector secrets properties for a SentinelOne connector + - isReady + - missing_requirements + - missing_optional_features + Fleet_full_agent_policy: + title: Full agent policy type: object - Connectors_secrets_properties_servicenow: - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. properties: - clientSecret: - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. + agent: + nullable: true type: string - password: - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. + fleet: + oneOf: + - type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + id: type: string - privateKey: - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. + inputs: type: string - privateKeyPassword: - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. + output_permissions: + additionalProperties: + type: object + properties: + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + output: + type: integer + type: object + outputs: + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + type: object + revision: + type: number + secret_references: + items: + type: object + properties: + id: + type: string + type: array + required: + - id + - outputs + - inputs + Fleet_full_agent_policy_input: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + revision: + type: number + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + title: Full agent policy input + Fleet_full_agent_policy_input_stream: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + - type + id: + type: string + required: + - id + - data_stream + title: Full agent policy input stream + Fleet_full_agent_policy_output: + title: Full agent policy + type: object + properties: + additionalProperties: + type: object + properties: + text: {} + ca_sha256: + nullable: true type: string - username: - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: type: string - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors + type: {} + required: + - type + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + additionalProperties: + type: object + properties: + data: + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + type: object + properties: + names: + items: + type: string + type: array + privileges: + items: + type: string + type: array + type: array + packagePolicyName: + type: string + title: Full agent policy output permissions + Fleet_get_agent_tags_response: + title: Get Agent Tags response type: object - Connectors_secrets_properties_slack_api: - description: Defines secrets for connectors when type is `.slack`. + properties: + items: + items: + type: string + type: array + Fleet_get_agents_response: + title: Get Agent response type: object properties: - token: - description: Slack bot user OAuth token. - type: string + items: + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + page: + type: number + perPage: + type: number + statusSummary: + type: object + properties: + degraded': + type: number + enrolling: + type: number + error: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + unenrolled: + type: number + unenrolling: + type: number + updating: + type: number + total: + type: number required: - - token - title: Connector secrets properties for a Web API Slack connector - Connectors_secrets_properties_slack_webhook: - description: Defines secrets for connectors when type is `.slack`. - type: object + - items + - total + - page + - perPage + Fleet_get_bulk_assets_response: + deprecated: true properties: - webhookUrl: - description: Slack webhook url. - type: string + items: + items: + type: object + properties: + appLink: + type: string + attributes: + type: object + properties: + description: + type: string + title: + type: string + id: + type: string + type: + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: + type: string + type: array required: - - webhookUrl - title: Connector secrets properties for a Webhook Slack connector - Connectors_secrets_properties_swimlane: - description: Defines secrets for connectors when type is `.swimlane`. - properties: - apiToken: - description: Swimlane API authentication token. - type: string - title: Connector secrets properties for a Swimlane connector + - items + title: Bulk get assets response type: object - Connectors_secrets_properties_teams: - description: Defines secrets for connectors when type is `.teams`. - properties: - webhookUrl: - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - type: string - required: - - webhookUrl - title: Connector secrets properties for a Microsoft Teams connector + Fleet_get_categories_response: + title: Get categories response type: object - Connectors_secrets_properties_tines: - description: Defines secrets for connectors when type is `.tines`. properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. - type: string + items: + items: + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array required: - - email - - token - title: Connector secrets properties for a Tines connector + - items + Fleet_get_packages_response: + title: Get Packages response type: object - Connectors_secrets_properties_torq: - description: Defines secrets for connectors when type is `.torq`. properties: - token: - description: The secret of the webhook authentication header. - type: string + items: + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + response: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array required: - - token - title: Connector secrets properties for a Torq connector + - items + Fleet_installation_info: + title: Installation info object type: object - Connectors_secrets_properties_webhook: - description: Defines secrets for connectors when type is `.webhook`. properties: - crt: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT - file. + created_at: type: string - key: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. + experimental_data_stream_features: + type: array + properties: + data_stream: + type: string + features: + type: object + properties: + doc_value_only_numeric: + nullable: true + type: boolean + doc_value_only_other: + nullable: true + type: boolean + synthetic_source: + nullable: true + type: boolean + tsdb: + nullable: true + type: boolean + install_format_schema_version: type: string - password: - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. + install_kibana_space_id: type: string - pfx: - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + install_source: + enum: + - registry + - upload + - bundled type: string - user: - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. + install_status: + enum: + - installed + - installing + - install_failed type: string - title: Connector secrets properties for a Webhook connector - type: object - Connectors_secrets_properties_xmatters: - description: Defines secrets for connectors when type is `.xmatters`. - properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. + installed_es: + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + installed_kibana: + type: object + properties: + id: + type: string + type: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + latest_executed_state: + description: Latest successfully executed state in package install state machine + type: object + properties: + error: + type: string + name: + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so + type: string + started_at: + type: string + latest_install_failed_attempts: + description: Latest failed install errors + items: + type: object + properties: + created_at: + type: string + error: + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + target_version: + type: string + type: array + name: type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. + namespaces: + items: + type: string + type: array + type: type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. + updated_at: type: string - title: Connector secrets properties for an xMatters connector - type: object - Connectors_update_connector_request: - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - title: Update connector request body properties - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - name: - description: The display name for the connector. + verification_key_id: + nullable: true type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - required: - - config - - name - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - name: - description: The display name for the connector. - example: my-connector + verification_status: + enum: + - verified + - unverified + - unknown + type: string + version: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' required: - - config + - installed_kibana + - installed_es - name - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request - type: object + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_kibana_saved_object_type: + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + title: Kibana saved object asset type + type: string + Fleet_new_package_policy: + description: '' properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: - description: The display name for the connector. + description: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - required: - - config - - name - - secrets - Connectors_update_connector_request_email: - title: Update email connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' + enabled: + type: boolean + inputs: + items: + type: object + properties: + config: + type: object + enabled: + type: boolean + processors: + items: + type: string + type: array + streams: + items: {} + type: array + type: + type: string + vars: + type: object + required: + - type + - enabled + type: array name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - required: - - config - - name - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: - description: The display name for the connector. + namespace: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - required: - - config - - name - Connectors_update_connector_request_index: - title: Update index connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - name: - description: The display name for the connector. + output_id: type: string - required: - - config - - name - Connectors_update_connector_request_jira: - title: Update Jira connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - name: - description: The display name for the connector. + overrides: + type: object + package: + type: object + properties: + name: + type: string + requires_root: + type: boolean + title: + type: string + version: + type: string + required: + - name + - version + policy_id: + deprecated: true type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' + policy_ids: + items: + type: string + type: array required: - - config + - inputs - name - - secrets - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request + title: New package policy type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - name: - description: The display name for the connector. - type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - required: - - config - - name - - secrets - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request + Fleet_output_create_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + title: Output + Fleet_output_create_request_elasticsearch: + title: elasticsearch type: object properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string required: - - config - name - - secrets - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request + Fleet_output_create_request_kafka: + title: kafka type: object properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string name: - description: The display name for the connector. type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - required: - - config - - name - - secrets - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - description: The display name for the connector. + type: object + properties: + password: + type: string + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - required: - - config - - name - - secrets - Connectors_update_connector_request_serverlog: - title: Update server log connector request - type: object - properties: - name: - description: The display name for the connector. + username: type: string - required: - - name - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - name: - description: The display name for the connector. + version: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' required: - - config - name - - secrets - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - name: - description: The display name for the connector. + ca_sha256: + type: string + ca_trusted_fingerprint: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - required: - - config - - name - - secrets - Connectors_update_connector_request_slack_api: - title: Update Slack connector request - type: object - properties: config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. + type: string + proxy_id: type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' + type: object + properties: + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string required: - name - - secrets - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request + - hosts + - type + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch type: object properties: + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + type: object + properties: + service_token: + type: string + service_token: + type: string + type: + enum: + - remote_elasticsearch + type: string required: - name - - secrets - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request + Fleet_output_update_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + title: Output + Fleet_output_update_request_elasticsearch: + title: elasticsearch type: object properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: - description: The display name for the connector. - example: my-connector + type: object + config_yaml: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - required: - - config - - name - - secrets - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request - type: object - properties: + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string required: - name - - secrets - Connectors_update_connector_request_tines: - title: Update Tines connector request + - hosts + - type + Fleet_output_update_request_kafka: + title: kafka type: object properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number config: - $ref: '#/components/schemas/Connectors_config_properties_tines' + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka + type: string + username: + type: string + version: + type: string required: - - config - name - - secrets - Connectors_update_connector_request_torq: - title: Update Torq connector request + Fleet_output_update_request_logstash: + title: logstash type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - description: The display name for the connector. + ca_sha256: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - required: - - config - - name - - secrets - Connectors_update_connector_request_webhook: - title: Update Webhook connector request - type: object - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - description: The display name for the connector. + ca_trusted_fingerprint: type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - required: - - config - - name - - secrets - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request - type: object - properties: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The display name for the connector. type: string - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string required: - - config - name - - secrets - Data_views_400_response: - title: Bad request + Fleet_package_info: + title: Package information type: object properties: - error: - example: Bad Request + assets: + items: + type: string + type: array + categories: + items: + type: string + type: array + conditions: + type: object + properties: + elasticsearch: + type: object + properties: + subscription: + enum: + - basic + - gold + - platinum + - enterprise + type: string + kibana: + type: object + properties: + versions: + type: string + data_streams: + items: + type: object + properties: + ingeset_pipeline: + type: string + name: + type: string + package: + type: string + release: + type: string + title: + type: string + type: + type: string + vars: + items: + type: object + properties: + default: + type: string + name: + type: string + required: + - name + - default + type: array + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + type: array + description: type: string - message: + download: type: string - statusCode: - example: 400 - type: number - required: - - statusCode - - error - - message - Data_views_404_response: - type: object - properties: - error: - enum: - - Not Found - example: Not Found + elasticsearch: + type: object + properties: + privileges: + type: object + properties: + cluster: + items: + type: string + type: array + format_version: type: string - message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found + icons: + items: + type: string + type: array + internal: + type: boolean + name: type: string - statusCode: + path: + type: string + readme: + type: string + release: + deprecated: true + description: >- + release label is deprecated, derive from the version instead + (packages follow semver) enum: - - 404 - example: 404 - type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request - type: object - properties: - data_view: - description: The data view object. + - experimental + - beta + - ga + type: string + screenshots: + items: + type: object + properties: + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + - path + type: array + source: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. + license: + enum: + - Apache-2.0 + - Elastic-2.0 type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + title: + type: string + type: + type: string + version: + type: string + required: + - name + - title + - version + - description + - type + - categories + - conditions + - assets + - format_version + - download + - path + Fleet_package_policy: + allOf: + - type: object + properties: + id: type: string + inputs: + oneOf: + - items: {} + type: array + - type: object + revision: + type: number required: - - title - override: - default: false + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + title: Package policy + Fleet_package_policy_request: + title: Package Policy Request + type: object + properties: + description: + description: Package policy description + example: my description + type: string + force: + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that input, (default to true)' + type: boolean + streams: + additionalProperties: + type: object + properties: + enabled: + description: 'enable or disable that stream, (default to true)' + type: boolean + vars: + description: >- + Stream level variable (see integration documentation for + more information) + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + type: object + vars: + description: >- + Input level variable (see integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + ignore_older: 72h + paths: + - /var/log/nginx/access.log* + preserve_original_event: false + tags: + - nginx-access + type: object + name: + description: Package policy name (should be unique) + example: nginx-123 + type: string + namespace: description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean - required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace + type: string + overrides: + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: + inputs: type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string + package: + type: object + properties: name: - description: The data view name. + description: Package name + example: nginx type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' version: - example: WzQ2LDJd + description: Package version + example: 1.6.0 type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + example: agent-policy-id + type: string + policy_ids: + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id + items: + type: string + type: array + vars: + description: >- + Package root level variable (see integration documentation for more + information) + type: object + required: + - name + - package + Fleet_package_usage_stats: + title: Package usage stats type: object properties: - count: - description: Popularity count for the field. + agent_policy_count: type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. + required: + - agent_policy_count + Fleet_proxies: + title: Fleet Proxy type: object properties: - script: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: type: object - properties: - source: - description: Script for the runtime field. - type: string - type: - description: Mapping type of the runtime field. + url: type: string required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request + - name + - url + Fleet_saved_object_type: + oneOf: + - enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + type: string + - enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model + type: string + title: Saved Object type + Fleet_search_result: + title: Search result type: object properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. + description: type: string - fromId: - description: The saved object reference to change. + download: type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + icons: type: string - toId: - description: New saved object reference value to replace the old value. + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + name: type: string - required: - - fromId - - toId - Data_views_timefieldname: - description: 'The timestamp field name, which you use for time-based data views.' - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: 'When set to `rollup`, identifies the rollup data views.' - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. + path: + type: string + savedObject: + deprecated: true type: object + status: + type: string + title: + type: string + type: + type: string + version: + type: string required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true + - description + - download + - icons + - name + - path + - title + - type + - version + - status + Fleet_settings: + title: Settings type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request + fleet_server_hosts: + deprecated: true + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_upgrade_agent: + title: Upgrade agent type: object properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. + force: + description: 'Force upgrade, skipping validation (should be used with caution)' + type: boolean + skipRateLimitCheck: + description: Skip rate limit check for upgrade type: boolean + source_uri: + type: string + version: + type: string required: - - data_view + - version + Fleet_upgrade_agent_diff: + items: + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + type: array + title: Package policy Upgrade dryrun + type: array + Fleet_upgrade_diff: + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + items: + type: object + properties: + key: + type: string + message: + type: string + type: array + missingVars: + items: + type: string + type: array + type: object + title: Package policy Upgrade dryrun + type: array Kibana_HTTP_APIs_core_status_redactedResponse: additionalProperties: false description: A minimal representation of Kibana's operational status. @@ -15624,10 +21721,26 @@ tags: name: cases - description: Connector APIs enable you to create and manage connectors. name: connectors + - name: Data streams - description: >- Data view APIs enable you to manage data views, formerly known as Kibana index patterns. name: data views + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Agents + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet Kubernetes + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet Server hosts + - name: Fleet service tokens + - name: Fleet uninstall tokens - description: Machine learning name: ml - description: >- diff --git a/oas_docs/overlays/kibana.overlays.serverless.yaml b/oas_docs/overlays/kibana.overlays.serverless.yaml index 6ed2329c24dca..a08e06f866a4c 100644 --- a/oas_docs/overlays/kibana.overlays.serverless.yaml +++ b/oas_docs/overlays/kibana.overlays.serverless.yaml @@ -34,7 +34,7 @@ actions: security: - apiKeyAuth: [] # Mark all operations as beta - - target: '$.paths[*][*]' + - target: "$.paths[*]['get','put','post','delete','options','head','patch','trace']" description: Add x-beta update: x-beta: true diff --git a/oas_docs/scripts/merge_ess_oas.js b/oas_docs/scripts/merge_ess_oas.js index d0769cea67e0a..dfc054a40b926 100644 --- a/oas_docs/scripts/merge_ess_oas.js +++ b/oas_docs/scripts/merge_ess_oas.js @@ -19,6 +19,7 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis.yaml`, `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled.yaml`, + `${REPO_ROOT}/x-pack/plugins/fleet/common/openapi/bundled.yaml`, // Observability Solution `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, diff --git a/oas_docs/scripts/merge_ess_oas_staging.js b/oas_docs/scripts/merge_ess_oas_staging.js index f752319a8b419..022bcbd54e23a 100644 --- a/oas_docs/scripts/merge_ess_oas_staging.js +++ b/oas_docs/scripts/merge_ess_oas_staging.js @@ -19,6 +19,7 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis.yaml`, `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled.yaml`, + `${REPO_ROOT}/x-pack/plugins/fleet/common/openapi/bundled.yaml`, // Observability Solution `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, diff --git a/oas_docs/scripts/merge_serverless_oas.js b/oas_docs/scripts/merge_serverless_oas.js index 9ca63027d180a..67ae00522741e 100644 --- a/oas_docs/scripts/merge_serverless_oas.js +++ b/oas_docs/scripts/merge_serverless_oas.js @@ -18,6 +18,7 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml`, `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled_serverless.yaml`, + `${REPO_ROOT}/x-pack/plugins/fleet/common/openapi/bundled.yaml`, // Observability Solution `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, diff --git a/oas_docs/scripts/merge_serverless_oas_staging.js b/oas_docs/scripts/merge_serverless_oas_staging.js index 56a5e58ea4161..ea932fc08f291 100644 --- a/oas_docs/scripts/merge_serverless_oas_staging.js +++ b/oas_docs/scripts/merge_serverless_oas_staging.js @@ -18,6 +18,7 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/src/plugins/data_views/docs/openapi/bundled.yaml`, `${REPO_ROOT}/x-pack/plugins/ml/common/openapi/ml_apis_serverless.yaml`, `${REPO_ROOT}/packages/core/saved-objects/docs/openapi/bundled_serverless.yaml`, + `${REPO_ROOT}/x-pack/plugins/fleet/common/openapi/bundled.yaml`, // Observability Solution `${REPO_ROOT}/x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml`, diff --git a/x-pack/plugins/fleet/common/openapi/bundled.json b/x-pack/plugins/fleet/common/openapi/bundled.json index 727ef4c30f4fd..af5420aaad64e 100644 --- a/x-pack/plugins/fleet/common/openapi/bundled.json +++ b/x-pack/plugins/fleet/common/openapi/bundled.json @@ -1,6 +1,55 @@ { "openapi": "3.0.0", - "tags": [], + "tags": [ + { + "name": "Data streams" + }, + { + "name": "Elastic Agents" + }, + { + "name": "Elastic Agent actions" + }, + { + "name": "Elastic Agent binary download sources" + }, + { + "name": "Elastic Agent policies" + }, + { + "name": "Elastic Agent status" + }, + { + "name": "Elastic Package Manager (EPM)" + }, + { + "name": "Fleet enrollment API keys" + }, + { + "name": "Fleet internals" + }, + { + "name": "Fleet Server hosts" + }, + { + "name": "Fleet Kubernetes" + }, + { + "name": "Fleet outputs" + }, + { + "name": "Fleet package policies" + }, + { + "name": "Fleet proxies" + }, + { + "name": "Fleet service tokens" + }, + { + "name": "Fleet uninstall tokens" + } + ], "info": { "title": "Fleet", "description": "OpenAPI schema for Fleet API endpoints", @@ -243,7 +292,7 @@ "post": { "summary": "Create service token", "tags": [ - "Service tokens" + "Fleet service tokens" ], "responses": { "200": { @@ -281,7 +330,7 @@ "post": { "summary": "Create service token", "tags": [ - "Service tokens" + "Fleet service tokens" ], "responses": { "200": { @@ -1649,7 +1698,7 @@ "get": { "summary": "Get agent setup info", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -1676,7 +1725,7 @@ "post": { "summary": "Initiate agent setup", "tags": [ - "Agents" + "Elastic Agents" ], "operationId": "setup-agents", "responses": { @@ -1726,7 +1775,7 @@ "get": { "summary": "Get agent status summary", "tags": [ - "Agent status" + "Elastic Agent status" ], "responses": { "200": { @@ -1797,7 +1846,7 @@ "get": { "summary": "Get agent status summary", "tags": [ - "Agent status" + "Elastic Agent status" ], "responses": { "200": { @@ -1888,7 +1937,7 @@ "get": { "summary": "Get incoming agent data", "tags": [ - "Agent status" + "Elastic Agent status" ], "responses": { "200": { @@ -1941,7 +1990,7 @@ "get": { "summary": "List agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2002,7 +2051,7 @@ "post": { "summary": "List agents by action ids", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2052,7 +2101,7 @@ "post": { "summary": "Bulk upgrade agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2106,7 +2155,7 @@ "get": { "summary": "Get agent action status", "tags": [ - "Agent actions" + "Elastic Agent actions" ], "parameters": [ { @@ -2276,7 +2325,7 @@ "get": { "summary": "Get agent by ID", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2311,7 +2360,7 @@ "put": { "summary": "Update agent by ID", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2367,7 +2416,7 @@ "delete": { "summary": "Delete agent by ID", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2417,7 +2466,7 @@ "post": { "summary": "Create agent action", "tags": [ - "Agent actions" + "Elastic Agent actions" ], "responses": { "200": { @@ -2493,7 +2542,7 @@ "post": { "summary": "Cancel agent action", "tags": [ - "Agent actions" + "Elastic Agent actions" ], "responses": { "200": { @@ -2545,7 +2594,7 @@ "get": { "summary": "Get file uploaded by agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2593,7 +2642,7 @@ "delete": { "summary": "Delete file uploaded by agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2640,7 +2689,7 @@ "post": { "summary": "Reassign agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2685,7 +2734,7 @@ "put": { "summary": "Reassign agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2743,7 +2792,7 @@ "post": { "summary": "Unenroll agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2820,7 +2869,7 @@ "post": { "summary": "Upgrade agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2869,7 +2918,7 @@ "get": { "summary": "List agent uploads", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2906,7 +2955,7 @@ "post": { "summary": "Bulk reassign agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2978,7 +3027,7 @@ "post": { "summary": "Bulk unenroll agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3061,7 +3110,7 @@ "post": { "summary": "Bulk update agent tags", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3151,7 +3200,7 @@ "get": { "summary": "List agent tags", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3185,7 +3234,7 @@ "post": { "summary": "Request agent diagnostics", "tags": [ - "Agents" + "Elastic Agents" ], "requestBody": { "content": { @@ -3243,7 +3292,7 @@ "post": { "summary": "Bulk request diagnostics from agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3325,7 +3374,7 @@ "get": { "summary": "List agent policies", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3398,7 +3447,7 @@ "post": { "summary": "Create agent policy", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3452,7 +3501,7 @@ "get": { "summary": "Get agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3484,7 +3533,7 @@ "put": { "summary": "Update agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3540,7 +3589,7 @@ "post": { "summary": "Copy agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "agent-policy-copy", "parameters": [ @@ -3598,7 +3647,7 @@ "get": { "summary": "Get full agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "agent-policy-full", "responses": { @@ -3668,7 +3717,7 @@ "get": { "summary": "Download agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "agent-policy-download", "responses": { @@ -3731,7 +3780,7 @@ "post": { "summary": "Bulk get agent policies", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "requestBody": { "content": { @@ -3796,7 +3845,7 @@ "post": { "summary": "Delete agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "delete-agent-policy", "responses": { @@ -3892,7 +3941,7 @@ "get": { "summary": "List enrollment API keys", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -3946,7 +3995,7 @@ "post": { "summary": "Create enrollment API key", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -3997,7 +4046,7 @@ "get": { "summary": "Get enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4028,7 +4077,7 @@ "delete": { "summary": "Delete enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4069,7 +4118,7 @@ "get": { "summary": "List enrollment API keys", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4122,7 +4171,7 @@ "post": { "summary": "Create enrollment API key", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4172,7 +4221,7 @@ "get": { "summary": "Get enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4202,7 +4251,7 @@ "delete": { "summary": "Delete enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4242,7 +4291,7 @@ "get": { "summary": "List package policies", "tags": [ - "Package policies" + "Fleet package policies" ], "responses": { "200": { @@ -4300,7 +4349,7 @@ "post": { "summary": "Create package policy", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "create-package-policy", "responses": { @@ -4353,7 +4402,7 @@ "post": { "summary": "Bulk get package policies", "tags": [ - "Package policies" + "Fleet package policies" ], "requestBody": { "content": { @@ -4418,7 +4467,7 @@ "post": { "summary": "Delete package policy", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "post-delete-package-policy", "requestBody": { @@ -4488,7 +4537,7 @@ "post": { "summary": "Upgrade package policy to a newer package version", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "upgrade-package-policy", "requestBody": { @@ -4553,7 +4602,7 @@ "post": { "summary": "Dry run package policy upgrade", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "upgrade-package-policy-dry-run", "requestBody": { @@ -4627,7 +4676,7 @@ "get": { "summary": "Get package policy by ID", "tags": [ - "Package policies" + "Fleet package policies" ], "responses": { "200": { @@ -4662,7 +4711,7 @@ "put": { "summary": "Update package policy by ID", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "update-package-policy", "requestBody": { @@ -4713,7 +4762,7 @@ "delete": { "summary": "Delete package policy by ID", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "delete-package-policy", "responses": { @@ -4754,7 +4803,7 @@ "get": { "summary": "List outputs", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4793,7 +4842,7 @@ "post": { "summary": "Create output", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4832,7 +4881,7 @@ "get": { "summary": "Get output by ID", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4869,7 +4918,7 @@ "delete": { "summary": "Delete output by ID", "tags": [ - "Outputs" + "Fleet outputs" ], "operationId": "delete-output", "responses": { @@ -4904,7 +4953,7 @@ "put": { "summary": "Update output by ID", "tags": [ - "Outputs" + "Fleet outputs" ], "operationId": "update-output", "requestBody": { @@ -4947,7 +4996,7 @@ "get": { "summary": "Get latest output health", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4995,7 +5044,7 @@ "post": { "summary": "Generate Logstash API key", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -5029,7 +5078,7 @@ "get": { "summary": "List agent binary download sources", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "responses": { "200": { @@ -5068,7 +5117,7 @@ "post": { "summary": "Create agent binary download source", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "responses": { "200": { @@ -5125,7 +5174,7 @@ "get": { "summary": "Get agent binary download source by ID", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "responses": { "200": { @@ -5165,7 +5214,7 @@ "delete": { "summary": "Delete agent binary download source by ID", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "operationId": "delete-download-source", "responses": { @@ -5200,7 +5249,7 @@ "put": { "summary": "Update agent binary download source by ID", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "operationId": "update-download-source", "requestBody": { @@ -5510,7 +5559,7 @@ "get": { "summary": "List proxies", "tags": [ - "Proxies" + "Fleet proxies" ], "responses": { "200": { @@ -5549,7 +5598,7 @@ "post": { "summary": "Create proxy", "tags": [ - "Proxies" + "Fleet proxies" ], "responses": { "200": { @@ -5614,7 +5663,7 @@ "get": { "summary": "Get proxy by ID", "tags": [ - "Proxies" + "Fleet proxies" ], "responses": { "200": { @@ -5654,7 +5703,7 @@ "delete": { "summary": "Delete proxy by ID", "tags": [ - "Proxies" + "Fleet proxies" ], "operationId": "delete-fleet-proxies", "responses": { @@ -5689,7 +5738,7 @@ "put": { "summary": "Update proxy by ID", "tags": [ - "Proxies" + "Fleet proxies" ], "operationId": "update-fleet-proxies", "requestBody": { @@ -5755,7 +5804,7 @@ "get": { "summary": "Get full K8s agent manifest", "tags": [ - "Kubernetes" + "Fleet Kubernetes" ], "responses": { "200": { @@ -5810,7 +5859,7 @@ "get": { "summary": "List metadata for latest uninstall tokens per agent policy", "tags": [ - "Uninstall tokens" + "Fleet uninstall tokens" ], "responses": { "200": { @@ -5898,7 +5947,7 @@ "get": { "summary": "Get one decrypted uninstall token by its ID", "tags": [ - "Uninstall tokens" + "Fleet uninstall tokens" ], "responses": { "200": { @@ -7054,7 +7103,7 @@ }, "agent_status": { "type": "string", - "title": "Agent status", + "title": "Elastic Agent status", "enum": [ "offline", "error", diff --git a/x-pack/plugins/fleet/common/openapi/bundled.yaml b/x-pack/plugins/fleet/common/openapi/bundled.yaml index 7a19615cfe1da..9bb1027ef35c3 100644 --- a/x-pack/plugins/fleet/common/openapi/bundled.yaml +++ b/x-pack/plugins/fleet/common/openapi/bundled.yaml @@ -1,5 +1,21 @@ openapi: 3.0.0 -tags: [] +tags: + - name: Data streams + - name: Elastic Agents + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet Server hosts + - name: Fleet Kubernetes + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet service tokens + - name: Fleet uninstall tokens info: title: Fleet description: OpenAPI schema for Fleet API endpoints @@ -155,7 +171,7 @@ paths: post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK @@ -178,7 +194,7 @@ paths: post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK @@ -1044,7 +1060,7 @@ paths: get: summary: Get agent setup info tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1060,7 +1076,7 @@ paths: post: summary: Initiate agent setup tags: - - Agents + - Elastic Agents operationId: setup-agents responses: '200': @@ -1090,7 +1106,7 @@ paths: get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK @@ -1138,7 +1154,7 @@ paths: get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK @@ -1200,7 +1216,7 @@ paths: get: summary: Get incoming agent data tags: - - Agent status + - Elastic Agent status responses: '200': description: OK @@ -1233,7 +1249,7 @@ paths: get: summary: List agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1263,7 +1279,7 @@ paths: post: summary: List agents by action ids tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1293,7 +1309,7 @@ paths: post: summary: Bulk upgrade agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1327,7 +1343,7 @@ paths: get: summary: Get agent action status tags: - - Agent actions + - Elastic Agent actions parameters: - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_index' @@ -1448,7 +1464,7 @@ paths: get: summary: Get agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1469,7 +1485,7 @@ paths: put: summary: Update agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1503,7 +1519,7 @@ paths: delete: summary: Delete agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1533,7 +1549,7 @@ paths: post: summary: Create agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK @@ -1579,7 +1595,7 @@ paths: post: summary: Cancel agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK @@ -1610,7 +1626,7 @@ paths: get: summary: Get file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1640,7 +1656,7 @@ paths: delete: summary: Delete file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1669,7 +1685,7 @@ paths: post: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1696,7 +1712,7 @@ paths: put: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1731,7 +1747,7 @@ paths: post: summary: Unenroll agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1777,7 +1793,7 @@ paths: post: summary: Upgrade agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1806,7 +1822,7 @@ paths: get: summary: List agent uploads tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1829,7 +1845,7 @@ paths: post: summary: Bulk reassign agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1872,7 +1888,7 @@ paths: post: summary: Bulk unenroll agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1925,7 +1941,7 @@ paths: post: summary: Bulk update agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1979,7 +1995,7 @@ paths: get: summary: List agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -2000,7 +2016,7 @@ paths: post: summary: Request agent diagnostics tags: - - Agents + - Elastic Agents requestBody: content: application/json: @@ -2033,7 +2049,7 @@ paths: post: summary: Bulk request diagnostics from agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -2080,7 +2096,7 @@ paths: get: summary: List agent policies tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2131,7 +2147,7 @@ paths: post: summary: Create agent policy tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2163,7 +2179,7 @@ paths: get: summary: Get agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2184,7 +2200,7 @@ paths: put: summary: Update agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2217,7 +2233,7 @@ paths: post: summary: Copy agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-copy parameters: - $ref: '#/components/parameters/kbn_xsrf' @@ -2252,7 +2268,7 @@ paths: get: summary: Get full agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-full responses: '200': @@ -2293,7 +2309,7 @@ paths: get: summary: Download agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-download responses: '200': @@ -2332,7 +2348,7 @@ paths: post: summary: Bulk get agent policies tags: - - Agent policies + - Elastic Agent policies requestBody: content: application/json: @@ -2374,7 +2390,7 @@ paths: post: summary: Delete agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: delete-agent-policy responses: '200': @@ -2436,7 +2452,7 @@ paths: get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2473,7 +2489,7 @@ paths: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2504,7 +2520,7 @@ paths: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2524,7 +2540,7 @@ paths: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2549,7 +2565,7 @@ paths: get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2585,7 +2601,7 @@ paths: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2615,7 +2631,7 @@ paths: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2634,7 +2650,7 @@ paths: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2658,7 +2674,7 @@ paths: get: summary: List package policies tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -2692,7 +2708,7 @@ paths: post: summary: Create package policy tags: - - Package policies + - Fleet package policies operationId: create-package-policy responses: '200': @@ -2725,7 +2741,7 @@ paths: post: summary: Bulk get package policies tags: - - Package policies + - Fleet package policies requestBody: content: application/json: @@ -2765,7 +2781,7 @@ paths: post: summary: Delete package policy tags: - - Package policies + - Fleet package policies operationId: post-delete-package-policy requestBody: content: @@ -2808,7 +2824,7 @@ paths: post: summary: Upgrade package policy to a newer package version tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy requestBody: content: @@ -2849,7 +2865,7 @@ paths: post: summary: Dry run package policy upgrade tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy-dry-run requestBody: content: @@ -2895,7 +2911,7 @@ paths: get: summary: Get package policy by ID tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -2916,7 +2932,7 @@ paths: put: summary: Update package policy by ID tags: - - Package policies + - Fleet package policies operationId: update-package-policy requestBody: content: @@ -2946,7 +2962,7 @@ paths: delete: summary: Delete package policy by ID tags: - - Package policies + - Fleet package policies operationId: delete-package-policy responses: '200': @@ -2971,7 +2987,7 @@ paths: get: summary: List outputs tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -2996,7 +3012,7 @@ paths: post: summary: Create output tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3020,7 +3036,7 @@ paths: get: summary: Get output by ID tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3043,7 +3059,7 @@ paths: delete: summary: Delete output by ID tags: - - Outputs + - Fleet outputs operationId: delete-output responses: '200': @@ -3064,7 +3080,7 @@ paths: put: summary: Update output by ID tags: - - Outputs + - Fleet outputs operationId: update-output requestBody: content: @@ -3089,7 +3105,7 @@ paths: get: summary: Get latest output health tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3120,7 +3136,7 @@ paths: post: summary: Generate Logstash API key tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3140,7 +3156,7 @@ paths: get: summary: List agent binary download sources tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -3165,7 +3181,7 @@ paths: post: summary: Create agent binary download source tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -3201,7 +3217,7 @@ paths: get: summary: Get agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -3226,7 +3242,7 @@ paths: delete: summary: Delete agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: delete-download-source responses: '200': @@ -3247,7 +3263,7 @@ paths: put: summary: Update agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: update-download-source requestBody: content: @@ -3444,7 +3460,7 @@ paths: get: summary: List proxies tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -3469,7 +3485,7 @@ paths: post: summary: Create proxy tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -3510,7 +3526,7 @@ paths: get: summary: Get proxy by ID tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -3535,7 +3551,7 @@ paths: delete: summary: Delete proxy by ID tags: - - Proxies + - Fleet proxies operationId: delete-fleet-proxies responses: '200': @@ -3556,7 +3572,7 @@ paths: put: summary: Update proxy by ID tags: - - Proxies + - Fleet proxies operationId: update-fleet-proxies requestBody: content: @@ -3596,7 +3612,7 @@ paths: get: summary: Get full K8s agent manifest tags: - - Kubernetes + - Fleet Kubernetes responses: '200': description: OK @@ -3630,7 +3646,7 @@ paths: get: summary: List metadata for latest uninstall tokens per agent policy tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK @@ -3688,7 +3704,7 @@ paths: get: summary: Get one decrypted uninstall token by its ID tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK @@ -4504,7 +4520,7 @@ components: type: object agent_status: type: string - title: Agent status + title: Elastic Agent status enum: - offline - error diff --git a/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml b/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml index da6df3a1b776d..14eacb2162b04 100644 --- a/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml +++ b/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml @@ -1,5 +1,5 @@ type: string -title: Agent status +title: Elastic Agent status enum: - offline - error diff --git a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml index 04203cc5d2e6b..2de74e31a9a35 100644 --- a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml +++ b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml @@ -1,5 +1,21 @@ openapi: 3.0.0 -tags: [] +tags: + - name: Data streams + - name: Elastic Agents + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet Server hosts + - name: Fleet Kubernetes + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet service tokens + - name: Fleet uninstall tokens info: title: Fleet description: OpenAPI schema for Fleet API endpoints @@ -183,7 +199,6 @@ paths: $ref: paths/uninstall_tokens.yaml /uninstall_tokens/{uninstallTokenId}: $ref: paths/uninstall_tokens@{uninstall_token_id}.yaml - components: securitySchemes: basicAuth: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml index 89a69c9adfdaf..8b6857727a0d7 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml @@ -1,7 +1,7 @@ get: summary: List agent binary download sources tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -26,7 +26,7 @@ get: post: summary: Create agent binary download source tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml index afb7771283e59..1c10656883686 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -26,7 +26,7 @@ parameters: delete: summary: Delete agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: delete-download-source responses: '200': @@ -47,7 +47,7 @@ delete: put: summary: Update agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: update-download-source requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml index cbf29f3859519..542ded8b91c18 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml @@ -1,7 +1,7 @@ get: summary: List agent policies tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -47,7 +47,7 @@ get: post: summary: Create agent policy tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml index ace09ef721677..b0846dc695ad7 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml @@ -1,7 +1,7 @@ post: summary: Bulk get agent policies tags: - - Agent policies + - Elastic Agent policies requestBody: content: application/json: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml index 284eaad198c0f..6a4ae2488c3e4 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml @@ -1,7 +1,7 @@ post: summary: Delete agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: delete-agent-policy responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml index 55d644ab0aab2..e6e73779691ed 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -28,7 +28,7 @@ get: put: summary: Update agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml index dab79eef58dff..63df499c4bf2a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Copy agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-copy parameters: - $ref: ../components/headers/kbn_xsrf.yaml diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml index 1748950fdaf09..69cc96d572be9 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml @@ -1,7 +1,7 @@ get: summary: Download agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-download responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml index dc5a1b996b2e4..ea3f6ac5923a6 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml @@ -1,7 +1,7 @@ get: summary: Get full agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-full responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml index d382989e15289..eecff760d035a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml @@ -1,7 +1,7 @@ get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml index 7e90097c3b4dd..ebf255fa22394 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml @@ -1,7 +1,7 @@ get: summary: Get incoming agent data tags: - - Agent status + - Elastic Agent status responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml index fe44311fa9801..8ebc02a06d3d5 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml @@ -1,7 +1,7 @@ get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml index 85a6f6c7ab30a..5961e0a3e0974 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml @@ -1,7 +1,7 @@ get: summary: List agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents.yaml index 0bad4c2de354f..224c15b2ec5d0 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents.yaml @@ -1,7 +1,7 @@ get: summary: List agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -31,7 +31,7 @@ get: post: summary: List agents by action ids tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml index c0e81da8331d5..c55d924564cf3 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml @@ -1,7 +1,7 @@ get: summary: Get agent action status tags: - - Agent actions + - Elastic Agent actions parameters: - $ref: ../components/parameters/page_size.yaml - $ref: ../components/parameters/page_index.yaml diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml index b93b2bd6b9a08..7876e51ea341c 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml @@ -1,7 +1,7 @@ post: summary: Bulk reassign agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml index 2ef2d1c1ff5d5..8d8e03539650d 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml @@ -1,7 +1,7 @@ post: summary: Bulk request diagnostics from agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml index a765e4868442b..b0e40b1f70408 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml @@ -1,7 +1,7 @@ post: summary: Bulk unenroll agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml index ff4c6597b6be0..075068d1faa41 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml @@ -1,7 +1,7 @@ post: summary: Bulk update agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml index ccb55c7c62b17..5bb61e7f841b9 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml @@ -1,7 +1,7 @@ post: summary: Bulk upgrade agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml index 36ae723527f9b..bae7b2ababf08 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml @@ -1,7 +1,7 @@ get: summary: List current bulk upgrade operations tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml index 4507cb8ce456d..85448279111aa 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml @@ -7,7 +7,7 @@ parameters: delete: summary: Delete file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml index 15f6dd8a421d1..057fae5672007 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml @@ -12,7 +12,7 @@ parameters: get: summary: Get file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml index 214f3a8e68240..1a623eb9cf3c3 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml @@ -1,7 +1,7 @@ get: summary: Get agent setup info tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -17,7 +17,7 @@ get: post: summary: Initiate agent setup tags: - - Agents + - Elastic Agents operationId: setup-agents responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml index 93242e5912a17..108ea113c8e5e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -28,7 +28,7 @@ get: put: summary: Update agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -62,7 +62,7 @@ put: delete: summary: Delete agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml index cd327e453b9a7..4443bb4573985 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Create agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml index f91acd133355d..5b939e8c5fdf4 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml @@ -12,7 +12,7 @@ parameters: post: summary: Cancel agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml index c210cee12d424..3f6ce412fc51e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -34,7 +34,7 @@ post: put: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml index eba9a695d1cbc..4ecfe08e5b783 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Request agent diagnostics tags: - - Agents + - Elastic Agents requestBody: content: application/json: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml index c30bebfad328a..8a44b0219ed8a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Unenroll agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml index d824d4a54f985..eb23e39018f2e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Upgrade agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml index f92acc7fe5086..1e751bc338c52 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml @@ -7,7 +7,7 @@ parameters: get: summary: List agent uploads tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml index 3351b63026e57..625ad82e3f3f2 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml @@ -1,7 +1,7 @@ get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -37,7 +37,7 @@ get: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml index d64b1053f0dc4..f3bdc459d6ccf 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -26,7 +26,7 @@ get: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml index c0f5be7521e8a..ff3a6e8962557 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -27,7 +27,7 @@ get: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml index 19022a0b08223..9ac906cb1dc0f 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml @@ -1,7 +1,7 @@ get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -38,7 +38,7 @@ get: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml b/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml index 41110808cd62d..ccd20bbb8dd7b 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml @@ -1,7 +1,7 @@ get: summary: Get full K8s agent manifest tags: - - Kubernetes + - Fleet Kubernetes responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml b/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml index 74e3bdde4cac8..3fcec0937916f 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml @@ -1,7 +1,7 @@ post: summary: Generate Logstash API key tags: - - Outputs + - Fleet outputs responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml index b53936b8859ea..9b7dbb1888963 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get latest output health tags: - - Outputs + - Fleet outputs responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml b/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml index 85ce75e2762d2..39d527d6e1bb4 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml @@ -1,7 +1,7 @@ get: summary: List outputs tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -26,7 +26,7 @@ get: post: summary: Create output tags: - - Outputs + - Fleet outputs responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml index ec2ce9dc0be71..c10d93a8483dd 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get output by ID tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -24,7 +24,7 @@ parameters: delete: summary: Delete output by ID tags: - - Outputs + - Fleet outputs operationId: delete-output responses: '200': @@ -45,7 +45,7 @@ delete: put: summary: Update output by ID tags: - - Outputs + - Fleet outputs operationId: update-output requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml index 8cfef762478e9..e7f54ab25c193 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml @@ -1,7 +1,7 @@ get: summary: List package policies tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -35,7 +35,7 @@ parameters: [] post: summary: Create package policy tags: - - Package policies + - Fleet package policies operationId: create-package-policy responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml index 704cd041e40a6..7ce575c740fc2 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml @@ -1,7 +1,7 @@ post: summary: Bulk get package policies tags: - - Package policies + - Fleet package policies requestBody: content: application/json: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml index f21111c23757a..789e8fb94b15b 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml @@ -1,7 +1,7 @@ post: summary: Delete package policy tags: - - Package policies + - Fleet package policies operationId: post-delete-package-policy requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml index 1837675a15f22..b9efafda38dce 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml @@ -1,7 +1,7 @@ post: summary: Upgrade package policy to a newer package version tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml index 5019aba15898d..a6899cc927900 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml @@ -1,7 +1,7 @@ post: summary: Dry run package policy upgrade tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy-dry-run requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml index 92f63dc1f6267..a0dc916bebde9 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get package policy by ID tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -28,7 +28,7 @@ get: put: summary: Update package policy by ID tags: - - Package policies + - Fleet package policies operationId: update-package-policy requestBody: content: @@ -58,7 +58,7 @@ put: delete: summary: Delete package policy by ID tags: - - Package policies + - Fleet package policies operationId: delete-package-policy responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml b/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml index 6c2844a9ac3ef..e787fba82d782 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml @@ -1,7 +1,7 @@ get: summary: List proxies tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -26,7 +26,7 @@ get: post: summary: Create proxy tags: - - Proxies + - Fleet proxies responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml index 3a0a10cb35662..037adb73bbbf3 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get proxy by ID tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -26,7 +26,7 @@ parameters: delete: summary: Delete proxy by ID tags: - - Proxies + - Fleet proxies operationId: delete-fleet-proxies responses: '200': @@ -47,7 +47,7 @@ delete: put: summary: Update proxy by ID tags: - - Proxies + - Fleet proxies operationId: update-fleet-proxies requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml b/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml index e76f18c5b57d7..8a3c1c94e5b5e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml @@ -1,7 +1,7 @@ post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml index 73069830be9e1..9690278f24f5a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml @@ -1,7 +1,7 @@ post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml index daa6727007b2d..bee6157175777 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml @@ -1,7 +1,7 @@ get: summary: List metadata for latest uninstall tokens per agent policy tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml index 549a2c61f542d..7cae06ba6be2d 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get one decrypted uninstall token by its ID tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK