diff --git a/oas_docs/.spectral.yaml b/oas_docs/.spectral.yaml index 6f09fac49a582..dce3d8e35a0eb 100644 --- a/oas_docs/.spectral.yaml +++ b/oas_docs/.spectral.yaml @@ -70,13 +70,13 @@ rules: message: "Each operation should have a summary" severity: error recommended: true - given: $.paths[*][*] + given: $.paths[*][get,put,post,delete,options,head,patch,trace] then: field: summary function: defined operation-summary-length: description: Operation summary should be between 5 and 45 characters - given: "$.paths[*][*]" + given: '$.paths[*][get,put,post,delete,options,head,patch,trace]' then: field: summary function: length diff --git a/oas_docs/makefile b/oas_docs/makefile index 29077deb9057f..33b49b4f06b8b 100644 --- a/oas_docs/makefile +++ b/oas_docs/makefile @@ -15,11 +15,11 @@ .PHONY: api-docs api-docs: ## Generate kibana.yaml - @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title + @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "../x-pack/plugins/fleet/common/openapi/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title .PHONY: api-docs-stateful api-docs-stateful: ## Generate only kibana.yaml - @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title + @npx @redocly/cli join "kibana.info.yaml" "../x-pack/plugins/alerting/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/apm/docs/openapi/apm.yaml" "../x-pack/plugins/cases/docs/openapi/bundled.yaml" "../x-pack/plugins/actions/docs/openapi/bundled.yaml" "../src/plugins/data_views/docs/openapi/bundled.yaml" "../x-pack/plugins/ml/common/openapi/ml_apis.yaml" "../packages/core/saved-objects/docs/openapi/bundled.yaml" "../x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml" "../x-pack/plugins/fleet/common/openapi/bundled.yaml" "bundle.json" -o "output/kibana.yaml" --prefix-components-with-info-prop title # Temporarily omit "../x-pack/plugins/fleet/common/openapi/bundled.yaml" due to internals tag and tag sorting .PHONY: api-docs-lint diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 0bab4c1159351..b859337269495 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -59,6 +59,8 @@ servers: default: localhost:5601 - url: http://localhost:5601 description: local + - url: http://KIBANA_HOST:5601/api/fleet + description: Public and supported Fleet API - url: http://localhost:5622 tags: - name: alerting @@ -97,6 +99,38 @@ tags: - name: slo description: SLO APIs enable you to define, manage and track service-level objectives x-displayName: slo + - name: Data streams + x-displayName: Data streams + - name: Elastic Agents + x-displayName: Elastic Agents + - name: Elastic Agent actions + x-displayName: Elastic Agent actions + - name: Elastic Agent binary download sources + x-displayName: Elastic Agent binary download sources + - name: Elastic Agent policies + x-displayName: Elastic Agent policies + - name: Elastic Agent status + x-displayName: Elastic Agent status + - name: Elastic Package Manager (EPM) + x-displayName: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + x-displayName: Fleet enrollment API keys + - name: Fleet internals + x-displayName: Fleet internals + - name: Fleet Server hosts + x-displayName: Fleet Server hosts + - name: Fleet Kubernetes + x-displayName: Fleet Kubernetes + - name: Fleet outputs + x-displayName: Fleet outputs + - name: Fleet package policies + x-displayName: Fleet package policies + - name: Fleet proxies + x-displayName: Fleet proxies + - name: Fleet service tokens + x-displayName: Fleet service tokens + - name: Fleet uninstall tokens + x-displayName: Fleet uninstall tokens - name: system x-displayName: system paths: @@ -5944,164 +5978,4079 @@ paths: $ref: '#/components/schemas/SLOs_403_response' servers: - url: https://localhost:5601 - /api/status: + /health_check: + post: + summary: Fleet Server health check + tags: + - Fleet internals + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + status: + type: string + id: + type: string + description: Fleet Server host id + host: + type: string + deprecated: true + '400': + $ref: '#/components/responses/Fleet_error' + operationId: fleet-server-health-check + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + host: + type: string + deprecated: true + required: + - id + security: + - Fleet_basicAuth: [] + /setup: + post: + summary: Initiate Fleet setup + tags: + - Fleet internals + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + '400': + $ref: '#/components/responses/Fleet_error' + '500': + description: Internal Server Error + content: + application/json: + schema: + type: object + properties: + message: + type: string + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /settings: get: - operationId: /api/status#0 + summary: Get settings + tags: + - Fleet internals + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-settings + security: + - Fleet_basicAuth: [] + put: + summary: Update settings + tags: + - Fleet internals + requestBody: + content: + application/json: + schema: + type: object + properties: + fleet_server_hosts: + type: array + description: Protocol and path must be the same for each URL + items: + type: string + has_seen_add_data_notice: + type: boolean + additional_yaml_config: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: update-settings + security: + - Fleet_basicAuth: [] + /settings/enrollment: + servers: + - url: http://KIBANA_HOST:5601/internal/fleet + description: Used for Fleet internals and not supported + get: + summary: Get enrollment settings + tags: + - Fleet internals parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format + - in: query + name: agentPolicyId required: false schema: - type: boolean + type: string + description: >- + An agent policy ID to scope the enrollment settings to. For example, + that policy's Fleet Server host, its proxy, download location, etc. + If not provided, the default Fleet Server policy is used (if any). responses: '200': + description: OK content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - '503': + $ref: '#/components/schemas/Fleet_fleet_settings_enrollment_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-enrollment-settings + security: + - Fleet_basicAuth: [] + /service-tokens: + post: + summary: Create service token + tags: + - Fleet service tokens + responses: + '200': + description: OK content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - summary: Get Kibana's current status + type: object + properties: + name: + type: string + value: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: generate-service-token-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + deprecated: true + security: + - Fleet_basicAuth: [] + /service_tokens: + post: + summary: Create service token tags: - - system + - Fleet service tokens + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + name: + type: string + value: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' security: - - Kibana_HTTP_APIs_basicAuth: [] -components: - parameters: - Alerting_kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - description: Cross-site request forgery protection - required: true - Alerting_rule_id: - in: path - name: ruleId - description: An identifier for the rule. - required: true - schema: - type: string - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 - Alerting_alert_id: - in: path - name: alertId - description: >- - An identifier for the alert. The identifier is generated by the rule and - might be any arbitrary string. - required: true - schema: - type: string - example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 - Cases_kbn_xsrf: - schema: - type: string - in: header - name: kbn-xsrf - description: Cross-site request forgery protection - required: true - Cases_ids: - name: ids - description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. - in: query - required: true - schema: - type: array - items: - type: string - minItems: 1 - maxItems: 100 - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - Cases_assignees: - in: query - name: assignees - description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. - schema: - oneOf: - - type: string - - type: array - items: - type: string - maxItems: 100 - Cases_category: - in: query - name: category - description: Filters the returned cases by category. - schema: - oneOf: - - type: string - example: my-category - - type: array - items: - type: string - maxItems: 100 - Cases_defaultSearchOperator: - in: query - name: defaultSearchOperator - description: he default operator to use for the simple_query_string. - schema: - type: string - default: OR - example: OR - Cases_from: - in: query - name: from - description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. - schema: - type: string - example: now-1d - Cases_owner: - in: query - name: owner - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. - schema: - oneOf: - - $ref: '#/components/schemas/Cases_owners' - - type: array - items: - $ref: '#/components/schemas/Cases_owners' - example: cases - Cases_page_index: + - Fleet_basicAuth: [] + /epm/verification_key_id: + get: + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + body: + type: object + properties: + id: + type: string + nullable: true + description: >- + the key ID of the GPG key used to verify package + signatures + statusCode: + type: number + headers: + type: object + '400': + $ref: '#/components/responses/Fleet_error' + operationId: packages-get-verification-key-id + security: + - Fleet_basicAuth: [] + parameters: [] + /epm/bulk_assets: + post: + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-get-assets + requestBody: + content: + application/json: + schema: + type: object + properties: + assetIds: + type: array + items: + type: object + properties: + type: + type: string + id: + type: string + description: list of items necessary to fetch assets + required: + - assetIds + security: + - Fleet_basicAuth: [] + /epm/categories: + get: + summary: List package categories + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_get_categories_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-package-categories + security: + - Fleet_basicAuth: [] + parameters: + - in: query + name: prerelease + schema: + type: boolean + default: false + description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + - in: query + name: experimental + deprecated: true + schema: + type: boolean + default: false + - in: query + name: include_policy_templates + schema: + type: boolean + default: false + /epm/packages/limited: + get: + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: list-limited-packages + security: + - Fleet_basicAuth: [] + parameters: [] + /epm/packages: + get: + summary: List packages + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: list-all-packages + parameters: + - in: query + name: excludeInstallStatus + schema: + type: boolean + default: false + description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + - in: query + name: prerelease + schema: + type: boolean + default: false + description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + - in: query + name: experimental + deprecated: true + schema: + type: boolean + default: false + - in: query + name: category + schema: + type: string + security: + - Fleet_basicAuth: [] + post: + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + _meta: + type: object + properties: + install_source: + type: string + enum: + - upload + - registry + - bundled + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + operationId: install-package-by-upload + description: '' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: query + name: ignoreMappingUpdateErrors + schema: + type: boolean + default: false + description: avoid erroring out on unexpected mapping update errors + - in: query + name: skipDataStreamRollover + schema: + type: boolean + default: false + description: >- + Skip data stream rollover during index template mapping or settings + update + requestBody: + content: + application/zip: + schema: + type: string + format: binary + application/gzip: + schema: + type: string + format: binary + security: + - Fleet_basicAuth: [] + /epm/packages/_bulk: + post: + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-install-packages + parameters: + - in: query + name: prerelease + schema: + type: boolean + default: false + description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + requestBody: + content: + application/json: + schema: + type: object + properties: + packages: + type: array + items: + oneOf: + - type: string + description: package name + - type: object + properties: + name: + type: string + description: package name + version: + type: string + description: package version + description: list of packages to install + force: + type: boolean + description: force install to ignore package verification errors + required: + - packages + security: + - Fleet_basicAuth: [] + /epm/packages/{pkgkey}: + get: + summary: Get package + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + status: + type: string + enum: + - installed + - installing + - install_failed + - not_installed + savedObject: + type: string + required: + - status + - savedObject + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-package-deprecated + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: pkgkey + in: path + required: true + - in: query + name: prerelease + schema: + type: boolean + default: false + description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + deprecated: true + post: + summary: Install package + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + response: + type: array + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + required: + - response + '400': + $ref: '#/components/responses/Fleet_error' + operationId: install-package-deprecated + description: '' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - schema: + type: string + name: pkgkey + in: path + required: true + - in: query + name: ignoreMappingUpdateErrors + schema: + type: boolean + default: false + description: avoid erroring out on unexpected mapping update errors + - in: query + name: skipDataStreamRollover + schema: + type: boolean + default: false + description: >- + Skip data stream rollover during index template mapping or settings + update + requestBody: + content: + application/json: + schema: + type: object + properties: + force: + type: boolean + deprecated: true + security: + - Fleet_basicAuth: [] + delete: + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + response: + type: array + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + required: + - response + '400': + $ref: '#/components/responses/Fleet_error' + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - schema: + type: string + name: pkgkey + in: path + required: true + requestBody: + content: + application/json: + schema: + type: object + properties: + force: + type: boolean + deprecated: true + security: + - Fleet_basicAuth: [] + /epm/packages/{pkgName}/{pkgVersion}: + get: + summary: Get package + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + status: + type: string + enum: + - installed + - installing + - install_failed + - not_installed + savedObject: + type: object + deprecated: true + latestVersion: + type: string + keepPoliciesUpToDate: + type: boolean + notice: + type: string + licensePath: + type: string + required: + - status + - savedObject + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-package + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: pkgName + in: path + required: true + - schema: + type: string + name: pkgVersion + in: path + required: true + - schema: + type: boolean + name: ignoreUnverified + description: Ignore if the package is fails signature verification + in: query + - schema: + type: boolean + name: full + description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + - in: query + name: prerelease + schema: + type: boolean + default: false + description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + post: + summary: Install package + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + _meta: + type: object + properties: + install_source: + type: string + enum: + - registry + - upload + - bundled + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: install-package + description: '' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: query + name: ignoreMappingUpdateErrors + schema: + type: boolean + default: false + description: avoid erroring out on unexpected mapping update errors + - in: query + name: skipDataStreamRollover + schema: + type: boolean + default: false + description: >- + Skip data stream rollover during index template mapping or settings + update + requestBody: + content: + application/json: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean + security: + - Fleet_basicAuth: [] + put: + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: update-package + description: '' + requestBody: + content: + application/json: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + security: + - Fleet_basicAuth: [] + delete: + summary: Delete package + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - schema: + type: boolean + name: force + description: delete package even if policies used by agents + in: query + requestBody: + content: + application/json: + schema: + type: object + deprecated: true + properties: + force: + type: boolean + security: + - Fleet_basicAuth: [] + /epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + post: + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + transformId: + type: string + success: + type: boolean + error: + type: string + required: + - transformId + - error + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: reauthorize-transforms + description: '' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - schema: + type: string + name: pkgName + in: path + required: true + - schema: + type: string + name: pkgVersion + in: path + required: true + - in: query + name: prerelease + schema: + type: boolean + default: false + description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + requestBody: + content: + application/json: + schema: + type: object + properties: + transforms: + type: array + items: + type: object + properties: + transformId: + type: string + security: + - Fleet_basicAuth: [] + /epm/packages/{pkgName}/{pkgVersion}/{filePath}: + get: + summary: Get package file + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + body: + type: object + statusCode: + type: number + headers: + type: object + '400': + $ref: '#/components/responses/Fleet_error' + operationId: packages-get-file + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: pkgName + in: path + required: true + - schema: + type: string + name: pkgVersion + in: path + required: true + - schema: + type: string + name: filePath + in: path + required: true + /epm/packages/{pkgName}/stats: + get: + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' + required: + - response + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-package-stats + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: pkgName + in: path + required: true + /epm/templates/{pkgName}/{pkgVersion}/inputs: + get: + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-inputs-template + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: pkgName + in: path + required: true + - schema: + type: string + name: pkgVersion + in: path + required: true + - schema: + type: string + enum: + - json + - yaml + - yml + name: format + description: Format of response - json or yaml + in: query + - schema: + type: boolean + name: prerelease + description: Specify if version is prerelease + in: query + - schema: + type: boolean + name: ignoreUnverified + description: Ignore if the package is fails signature verification + in: query + /agents/setup: + get: + summary: Get agent setup info + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_fleet_status_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agents-setup-status + security: + - Fleet_basicAuth: [] + post: + summary: Initiate agent setup + tags: + - Elastic Agents + operationId: setup-agents + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + content: + application/json: + schema: + type: object + properties: + admin_username: + type: string + admin_password: + type: string + required: + - admin_username + - admin_password + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /agent-status: + get: + summary: Get agent status summary + tags: + - Elastic Agent status + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agent-status-deprecated + parameters: + - schema: + type: string + name: policyId + in: query + required: false + deprecated: true + security: + - Fleet_basicAuth: [] + /agent_status: + get: + summary: Get agent status summary + tags: + - Elastic Agent status + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + unenrolled: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + deprecated: true + updating: + type: integer + all: + type: integer + active: + type: integer + required: + - active + - all + - error + - events + - inactive + - offline + - online + - other + - total + - updating + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agent-status + parameters: + - schema: + type: string + name: policyId + in: query + required: false + - schema: + type: string + name: kuery + in: query + required: false + deprecated: true + security: + - Fleet_basicAuth: [] + /agent_status/data: + get: + summary: Get incoming agent data + tags: + - Elastic Agent status + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + additionalProperties: + type: object + properties: + data: + type: boolean + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agent-data + parameters: + - schema: + type: array + items: + type: string + name: agentsIds + in: query + required: true + security: + - Fleet_basicAuth: [] + /agents: + get: + summary: List agents + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agents + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - name: getStatusSummary + in: query + required: false + schema: + type: boolean + security: + - Fleet_basicAuth: [] + post: + summary: List agents by action ids + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + actionIds: + type: array + items: + type: string + required: + - policy_id + security: + - Fleet_basicAuth: [] + /agents/bulk_upgrade: + post: + summary: Bulk upgrade agents + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-upgrade-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' + example: + version: 8.4.0 + source_uri: https://artifacts.elastic.co/downloads/beats/elastic-agent + rollout_duration_seconds: 3600 + agents: + - agent1 + - agent2 + start_time: '2022-08-03T14:00:00.000Z' + security: + - Fleet_basicAuth: [] + /agents/action_status: + get: + summary: Get agent action status + tags: + - Elastic Agent actions + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - schema: + type: integer + default: 5 + in: query + name: errorSize + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + actionId: + type: string + status: + type: string + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + nbAgentsActioned: + type: number + description: number of agents actioned + nbAgentsActionCreated: + type: number + description: number of agents included in action from kibana + nbAgentsAck: + type: number + description: number of agents that acknowledged the action + nbAgentsFailed: + type: number + description: number of agents that failed to execute the action + version: + type: string + description: agent version number (UPGRADE action) + startTime: + type: string + description: start time of action (scheduled actions) + type: + type: string + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION + expiration: + type: string + completionTime: + type: string + cancellationTime: + type: string + newPolicyId: + type: string + description: new policy id (POLICY_REASSIGN action) + policyId: + type: string + description: policy id (POLICY_CHANGE action) + revision: + type: string + description: new policy revision (POLICY_CHANGE action) + creationTime: + type: string + description: creation time of action + latestErrors: + type: array + description: >- + latest errors that happened when the agents executed + the action + items: + type: object + properties: + agentId: + type: string + error: + type: string + timestamp: + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: agents-action-status + security: + - Fleet_basicAuth: [] + /agents/{agentId}: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + get: + summary: Get agent by ID + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agent + parameters: + - $ref: '#/components/parameters/Fleet_with_metrics' + security: + - Fleet_basicAuth: [] + put: + summary: Update agent by ID + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: update-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + user_provided_metadata: + type: object + tags: + type: array + items: + type: string + security: + - Fleet_basicAuth: [] + delete: + summary: Delete agent by ID + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + action: + type: string + enum: + - deleted + required: + - action + '400': + $ref: '#/components/responses/Fleet_error' + operationId: delete-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /agents/{agentId}/actions: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + post: + summary: Create agent action + tags: + - Elastic Agent actions + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + body: + type: array + items: + type: number + statusCode: + type: number + headers: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: new-agent-action + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + action: + $ref: '#/components/schemas/Fleet_agent_action' + security: + - Fleet_basicAuth: [] + /agents/{agentId}/actions/{actionId}/cancel: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + - schema: + type: string + name: actionId + in: path + required: true + post: + summary: Cancel agent action + tags: + - Elastic Agent actions + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_action' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: agent-action-cancel + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /agents/files/{fileId}/{fileName}: + parameters: + - schema: + type: string + name: fileId + in: path + required: true + - schema: + type: string + name: fileName + in: path + required: true + get: + summary: Get file uploaded by agent + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agent-upload-file + security: + - Fleet_basicAuth: [] + /agents/files/{fileId}: + parameters: + - schema: + type: string + name: fileId + in: path + required: true + delete: + summary: Delete file uploaded by agent + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + body: + type: object + properties: + id: + type: string + deleted: + type: boolean + '400': + $ref: '#/components/responses/Fleet_error' + operationId: delete-agent-upload-file + security: + - Fleet_basicAuth: [] + /agents/{agentId}/reassign: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + post: + summary: Reassign agent + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + '400': + $ref: '#/components/responses/Fleet_error' + operationId: reassign-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + policy_id: + type: string + required: + - policy_id + security: + - Fleet_basicAuth: [] + put: + summary: Reassign agent + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + '400': + $ref: '#/components/responses/Fleet_error' + operationId: reassign-agent-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + policy_id: + type: string + required: + - policy_id + deprecated: true + security: + - Fleet_basicAuth: [] + /agents/{agentId}/unenroll: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + post: + summary: Unenroll agent + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + '400': + description: BAD REQUEST + content: + application/json: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + enum: + - 400 + operationId: unenroll-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + revoke: + type: boolean + force: + type: boolean + security: + - Fleet_basicAuth: [] + /agents/{agentId}/upgrade: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + post: + summary: Upgrade agent + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: upgrade-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + security: + - Fleet_basicAuth: [] + /agents/{agentId}/uploads: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + get: + summary: List agent uploads + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + body: + type: object + properties: + item: + type: array + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: list-agent-uploads + security: + - Fleet_basicAuth: [] + /agents/bulk_reassign: + post: + summary: Bulk reassign agents + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-reassign-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + policy_id: + type: string + description: new agent policy id + agents: + oneOf: + - type: string + description: KQL query string, leave empty to action all agents + - type: array + items: + type: string + description: list of agent IDs + required: + - policy_id + - agents + example: + policy_id: policy_id + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + security: + - Fleet_basicAuth: [] + /agents/bulk_unenroll: + post: + summary: Bulk unenroll agents + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-unenroll-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + agents: + oneOf: + - type: string + description: KQL query string, leave empty to action all agents + - type: array + items: + type: string + description: list of agent IDs + revoke: + type: boolean + description: Revokes API keys of agents + force: + type: boolean + description: Unenrolls hosted agents too + includeInactive: + type: boolean + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + required: + - agents + example: + revoke: true + force: false + agents: + - agent1 + - agent2 + security: + - Fleet_basicAuth: [] + /agents/bulk_update_agent_tags: + post: + summary: Bulk update agent tags + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-update-agent-tags + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + agents: + oneOf: + - type: string + description: KQL query string, leave empty to action all agents + - type: array + items: + type: string + description: list of agent IDs + tagsToAdd: + type: array + items: + type: string + tagsToRemove: + type: array + items: + type: string + batchSize: + type: number + required: + - agents + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag + security: + - Fleet_basicAuth: [] + /agents/tags: + get: + summary: List agent tags + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-agent-tags + security: + - Fleet_basicAuth: [] + /agents/{agentId}/request_diagnostics: + parameters: + - schema: + type: string + name: agentId + in: path + required: true + post: + summary: Request agent diagnostics + tags: + - Elastic Agents + requestBody: + content: + application/json: + schema: + type: object + properties: + additional_metrics: + type: array + items: + oneOf: + - type: string + enum: + - CPU + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: request-diagnostics-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /agents/bulk_request_diagnostics: + post: + summary: Bulk request diagnostics from agents + tags: + - Elastic Agents + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + actionId: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-request-diagnostics + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + batchSize: + type: number + agents: + oneOf: + - type: string + description: KQL query string, leave empty to action all agents + - type: array + items: + type: string + description: list of agent IDs + additional_metrics: + type: array + items: + oneOf: + - type: string + enum: + - CPU + required: + - agents + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + security: + - Fleet_basicAuth: [] + /agent_policies: + get: + summary: List agent policies + tags: + - Elastic Agent policies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_agent_policy' + total: + type: number + page: + type: number + perPage: + type: number + required: + - items + - total + - page + - perPage + '400': + $ref: '#/components/responses/Fleet_error' + operationId: agent-policy-list + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - schema: + type: boolean + in: query + name: full + description: >- + When set to true, retrieve the related package policies for each + agent policy. + - schema: + type: boolean + in: query + name: noAgentCount + description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. + description: '' + security: + - Fleet_basicAuth: [] + post: + summary: Create agent policy + tags: + - Elastic Agent policies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: create-agent-policy + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_create_request' + security: [] + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + /agent_policies/{agentPolicyId}: + parameters: + - schema: + type: string + name: agentPolicyId + in: path + required: true + get: + summary: Get agent policy by ID + tags: + - Elastic Agent policies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: agent-policy-info + description: Get one agent policy + parameters: [] + security: + - Fleet_basicAuth: [] + put: + summary: Update agent policy by ID + tags: + - Elastic Agent policies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: update-agent-policy + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /agent_policies/{agentPolicyId}/copy: + parameters: + - schema: + type: string + name: agentPolicyId + in: path + required: true + post: + summary: Copy agent policy by ID + tags: + - Elastic Agent policies + operationId: agent-policy-copy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: + type: string + required: + - name + description: '' + security: + - Fleet_basicAuth: [] + /agent_policies/{agentPolicyId}/full: + get: + summary: Get full agent policy by ID + tags: + - Elastic Agent policies + operationId: agent-policy-full + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: agentPolicyId + in: path + required: true + - schema: + type: string + name: download + in: query + required: false + - schema: + type: string + name: standalone + in: query + required: false + - schema: + type: string + name: kubernetes + in: query + required: false + /agent_policies/{agentPolicyId}/download: + get: + summary: Download agent policy by ID + tags: + - Elastic Agent policies + operationId: agent-policy-download + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: agentPolicyId + in: path + required: true + - schema: + type: string + name: download + in: query + required: false + - schema: + type: string + name: standalone + in: query + required: false + - schema: + type: string + name: kubernetes + in: query + required: false + /agent_policies/_bulk_get: + post: + summary: Bulk get agent policies + tags: + - Elastic Agent policies + requestBody: + content: + application/json: + schema: + type: object + properties: + ids: + type: array + items: + type: string + description: list of agent policy ids + full: + type: boolean + description: get full policies with package policies populated + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-get-agent-policies + security: [] + parameters: [] + /agent_policies/delete: + post: + summary: Delete agent policy by ID + tags: + - Elastic Agent policies + operationId: delete-agent-policy + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + id: + type: string + success: + type: boolean + required: + - id + - success + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + content: + application/json: + schema: + type: object + properties: + agentPolicyId: + type: string + force: + type: boolean + description: >- + bypass validation checks that can prevent agent policy + deletion + required: + - agentPolicyId + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + parameters: [] + /data_streams: + get: + summary: List data streams + tags: + - Data streams + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + data_streams: + type: array + items: + $ref: '#/components/schemas/Fleet_data_stream' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: data-streams-list + security: + - Fleet_basicAuth: [] + parameters: [] + /enrollment-api-keys: + get: + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + list: + type: array + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + deprecated: true + items: + type: array + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-enrollment-api-keys-deprecated + parameters: [] + deprecated: true + security: + - Fleet_basicAuth: [] + post: + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + action: + type: string + enum: + - created + '400': + $ref: '#/components/responses/Fleet_error' + operationId: create-enrollment-api-keys-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + deprecated: true + security: + - Fleet_basicAuth: [] + /enrollment-api-keys/{keyId}: + parameters: + - schema: + type: string + name: keyId + in: path + required: true + get: + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-enrollment-api-key-deprecated + deprecated: true + security: + - Fleet_basicAuth: [] + delete: + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + action: + type: string + enum: + - deleted + required: + - action + '400': + $ref: '#/components/responses/Fleet_error' + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + deprecated: true + security: + - Fleet_basicAuth: [] + /enrollment_api_keys: + get: + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + list: + type: array + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + deprecated: true + items: + type: array + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-enrollment-api-keys + parameters: [] + security: + - Fleet_basicAuth: [] + post: + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + action: + type: string + enum: + - created + '400': + $ref: '#/components/responses/Fleet_error' + operationId: create-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /enrollment_api_keys/{keyId}: + parameters: + - schema: + type: string + name: keyId + in: path + required: true + get: + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-enrollment-api-key + security: + - Fleet_basicAuth: [] + delete: + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + action: + type: string + enum: + - deleted + required: + - action + '400': + $ref: '#/components/responses/Fleet_error' + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /package_policies: + get: + summary: List package policies + tags: + - Fleet package policies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_package_policy' + total: + type: number + page: + type: number + perPage: + type: number + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-package-policies + security: [] + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + parameters: [] + post: + summary: Create package policy + tags: + - Fleet package policies + operationId: create-package-policy + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + requestBody: + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + security: + - Fleet_basicAuth: [] + /package_policies/_bulk_get: + post: + summary: Bulk get package policies + tags: + - Fleet package policies + requestBody: + content: + application/json: + schema: + type: object + properties: + ids: + type: array + items: + type: string + description: list of package policy ids + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - items + '400': + $ref: '#/components/responses/Fleet_error' + operationId: bulk-get-package-policies + security: [] + parameters: + - $ref: '#/components/parameters/Fleet_format' + /package_policies/delete: + post: + summary: Delete package policy + tags: + - Fleet package policies + operationId: post-delete-package-policy + requestBody: + content: + application/json: + schema: + type: object + properties: + packagePolicyIds: + type: array + items: + type: string + force: + type: boolean + required: + - packagePolicyIds + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /package_policies/upgrade: + post: + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + operationId: upgrade-package-policy + requestBody: + content: + application/json: + schema: + type: object + properties: + packagePolicyIds: + type: array + items: + type: string + required: + - packagePolicyIds + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + /package_policies/upgrade/dryrun: + post: + summary: Dry run package policy upgrade + tags: + - Fleet package policies + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json: + schema: + type: object + properties: + packagePolicyIds: + type: array + items: + type: string + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + type: object + properties: + hasErrors: + type: boolean + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + required: + - hasErrors + '400': + $ref: '#/components/responses/Fleet_error' + security: + - Fleet_basicAuth: [] + /package_policies/{packagePolicyId}: + parameters: + - schema: + type: string + name: packagePolicyId + in: path + required: true + get: + summary: Get package policy by ID + tags: + - Fleet package policies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' + security: + - Fleet_basicAuth: [] + put: + summary: Update package policy by ID + tags: + - Fleet package policies + operationId: update-package-policy + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + sucess: + type: boolean + required: + - item + - sucess + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + security: + - Fleet_basicAuth: [] + delete: + summary: Delete package policy by ID + tags: + - Fleet package policies + operationId: delete-package-policy + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + id: + type: string + required: + - id + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - schema: + type: boolean + name: force + in: query + security: + - Fleet_basicAuth: [] + /outputs: + get: + summary: List outputs + tags: + - Fleet outputs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_output_create_request' + total: + type: integer + page: + type: integer + perPage: + type: integer + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-outputs + security: + - Fleet_basicAuth: [] + post: + summary: Create output + tags: + - Fleet outputs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + operationId: post-outputs + security: + - Fleet_basicAuth: [] + /outputs/{outputId}: + get: + summary: Get output by ID + tags: + - Fleet outputs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-output + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: outputId + in: path + required: true + delete: + summary: Delete output by ID + tags: + - Fleet outputs + operationId: delete-output + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + id: + type: string + required: + - id + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + put: + summary: Update output by ID + tags: + - Fleet outputs + operationId: update-output + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /outputs/{outputId}/health: + get: + summary: Get latest output health + tags: + - Fleet outputs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + state: + type: string + description: state of output, HEALTHY or DEGRADED + message: + type: string + description: long message if unhealthy + timestamp: + type: string + description: timestamp of reported state + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-output-health + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: outputId + in: path + required: true + /logstash_api_keys: + post: + summary: Generate Logstash API key + tags: + - Fleet outputs + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + api_key: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /agent_download_sources: + get: + summary: List agent binary download sources + tags: + - Elastic Agent binary download sources + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_download_sources' + total: + type: integer + page: + type: integer + perPage: + type: integer + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-download-sources + security: + - Fleet_basicAuth: [] + post: + summary: Create agent binary download source + tags: + - Elastic Agent binary download sources + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + content: + application/json: + schema: + type: object + properties: + id: + type: string + name: + type: string + is_default: + type: boolean + host: + type: string + required: + - name + - host + - is_default + operationId: post-download-sources + security: + - Fleet_basicAuth: [] + /agent_download_sources/{sourceId}: + get: + summary: Get agent binary download source by ID + tags: + - Elastic Agent binary download sources + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-one-download-source + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: sourceId + in: path + required: true + delete: + summary: Delete agent binary download source by ID + tags: + - Elastic Agent binary download sources + operationId: delete-download-source + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + id: + type: string + required: + - id + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + put: + summary: Update agent binary download source by ID + tags: + - Elastic Agent binary download sources + operationId: update-download-source + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + is_default: + type: boolean + host: + type: string + required: + - name + - is_default + - host + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /fleet_server_hosts: + get: + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + total: + type: integer + page: + type: integer + perPage: + type: integer + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-fleet-server-hosts + security: + - Fleet_basicAuth: [] + post: + summary: Create Fleet Server host + tags: + - Fleet Server hosts + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + content: + application/json: + schema: + type: object + properties: + id: + type: string + name: + type: string + is_default: + type: boolean + is_internal: + type: boolean + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + host_urls: + type: array + items: + type: string + required: + - name + - host_urls + operationId: post-fleet-server-hosts + security: + - Fleet_basicAuth: [] + /fleet_server_hosts/{itemId}: + get: + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-one-fleet-server-hosts + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: itemId + in: path + required: true + delete: + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + operationId: delete-fleet-server-hosts + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + id: + type: string + required: + - id + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + put: + summary: Update Fleet Server host by ID + tags: + - Fleet Server hosts + operationId: update-fleet-server-hosts + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + is_default: + type: boolean + is_internal: + type: boolean + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + nullable: true + host_urls: + type: array + items: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /proxies: + get: + summary: List proxies + tags: + - Fleet proxies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + $ref: '#/components/schemas/Fleet_proxies' + total: + type: integer + page: + type: integer + perPage: + type: integer + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-fleet-proxies + security: + - Fleet_basicAuth: [] + post: + summary: Create proxy + tags: + - Fleet proxies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + '400': + $ref: '#/components/responses/Fleet_error' + requestBody: + content: + application/json: + schema: + type: object + properties: + id: + type: string + name: + type: string + url: + type: string + proxy_headers: + type: object + certificate_authorities: + type: string + certificate: + type: string + certificate_key: + type: string + required: + - name + - url + operationId: post-fleet-proxies + security: + - Fleet_basicAuth: [] + /proxies/{itemId}: + get: + summary: Get proxy by ID + tags: + - Fleet proxies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-one-fleet-proxies + security: + - Fleet_basicAuth: [] + parameters: + - schema: + type: string + name: itemId + in: path + required: true + delete: + summary: Delete proxy by ID + tags: + - Fleet proxies + operationId: delete-fleet-proxies + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + id: + type: string + required: + - id + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + put: + summary: Update proxy by ID + tags: + - Fleet proxies + operationId: update-fleet-proxies + requestBody: + content: + application/json: + schema: + type: object + properties: + name: + type: string + url: + type: string + proxy_headers: + type: object + certificate_authorities: + type: string + certificate: + type: string + certificate_key: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + security: + - Fleet_basicAuth: [] + /kubernetes: + get: + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + type: string + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-full-k8s-manifest + parameters: + - schema: + type: boolean + name: download + in: query + required: false + - schema: + type: string + name: fleetServer + in: query + required: false + - schema: + type: string + name: enrolToken + in: query + required: false + security: + - Fleet_basicAuth: [] + /uninstall_tokens: + get: + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + items: + type: array + items: + type: object + properties: + id: + type: string + policy_id: + type: string + created_at: + type: string + required: + - id + - policy_id + - created_at + total: + type: number + page: + type: number + perPage: + type: number + required: + - items + - total + - page + - perPage + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-uninstall-tokens + parameters: + - name: perPage + in: query + description: The number of items to return + required: false + schema: + type: integer + default: 20 + minimum: 5 + - $ref: '#/components/parameters/Fleet_page_index' + - name: policyId + in: query + description: Partial match filtering for policy IDs + required: false + schema: + type: string + security: + - Fleet_basicAuth: [] + /uninstall_tokens/{uninstallTokenId}: + get: + summary: Get one decrypted uninstall token by its ID + tags: + - Fleet uninstall tokens + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + properties: + item: + type: object + properties: + id: + type: string + token: + type: string + policy_id: + type: string + created_at: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item + '400': + $ref: '#/components/responses/Fleet_error' + operationId: get-uninstall-token + parameters: + - name: uninstallTokenId + in: path + required: true + schema: + type: string + security: + - Fleet_basicAuth: [] + /api/status: + get: + operationId: /api/status#0 + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + security: + - Kibana_HTTP_APIs_basicAuth: [] +components: + parameters: + Alerting_kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + description: Cross-site request forgery protection + required: true + Alerting_rule_id: + in: path + name: ruleId + description: An identifier for the rule. + required: true + schema: + type: string + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + Alerting_alert_id: + in: path + name: alertId + description: >- + An identifier for the alert. The identifier is generated by the rule and + might be any arbitrary string. + required: true + schema: + type: string + example: ac4e6b90-6be7-11eb-ba0d-9b1c1f912d74 + Cases_kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + description: Cross-site request forgery protection + required: true + Cases_ids: + name: ids + description: > + The cases that you want to removed. All non-ASCII characters must be URL + encoded. + in: query + required: true + schema: + type: array + items: + type: string + minItems: 1 + maxItems: 100 + example: d4e7abb0-b462-11ec-9a8d-698504725a43 + Cases_assignees: + in: query + name: assignees + description: > + Filters the returned cases by assignees. Valid values are `none` or + unique identifiers for the user profiles. These identifiers can be found + by using the suggest user profile API. + schema: + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 100 + Cases_category: + in: query + name: category + description: Filters the returned cases by category. + schema: + oneOf: + - type: string + example: my-category + - type: array + items: + type: string + maxItems: 100 + Cases_defaultSearchOperator: + in: query + name: defaultSearchOperator + description: he default operator to use for the simple_query_string. + schema: + type: string + default: OR + example: OR + Cases_from: + in: query + name: from + description: > + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + schema: + type: string + example: now-1d + Cases_owner: + in: query + name: owner + description: > + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + schema: + oneOf: + - $ref: '#/components/schemas/Cases_owners' + - type: array + items: + $ref: '#/components/schemas/Cases_owners' + example: cases + Cases_page_index: in: query name: page description: The page number to return. @@ -6402,7 +10351,80 @@ components: required: true schema: type: string - example: 9c235211-6834-11ea-a78c-6feb38a34414 + example: 9c235211-6834-11ea-a78c-6feb38a34414 + Fleet_kbn_xsrf: + schema: + type: string + in: header + name: kbn-xsrf + required: true + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + Fleet_page_size: + name: perPage + in: query + description: The number of items to return + required: false + schema: + type: integer + default: 20 + Fleet_page_index: + name: page + in: query + required: false + schema: + type: integer + default: 1 + Fleet_kuery: + name: kuery + in: query + required: false + schema: + type: string + Fleet_show_inactive: + name: showInactive + in: query + required: false + schema: + type: boolean + Fleet_show_upgradeable: + name: showUpgradeable + in: query + required: false + schema: + type: boolean + Fleet_sort_field: + name: sortField + in: query + required: false + schema: + type: string + deprecated: true + Fleet_sort_order: + name: sortOrder + in: query + required: false + schema: + type: string + enum: + - asc + - desc + Fleet_with_metrics: + name: withMetrics + in: query + description: Return agent metrics, false by default + required: false + schema: + type: boolean + Fleet_format: + name: format + in: query + description: Simplified or legacy format for package inputs + required: false + schema: + type: string + enum: + - simplified + - legacy schemas: Alerting_create_anomaly_detection_alert_rule_request: title: Create anomaly detection rule request @@ -7669,10 +11691,256 @@ components: $ref: '#/components/schemas/Alerting_tags' throttle: $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_siem_query_rule_request: - title: Create custom query rule request - description: | - A rule that uses KQL or Lucene to detect issues across indices. + Alerting_create_siem_query_rule_request: + title: Create custom query rule request + description: | + A rule that uses KQL or Lucene to detect issues across indices. + type: object + required: + - consumer + - name + - params + - rule_type_id + - schedule + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + consumer: + $ref: '#/components/schemas/Alerting_consumer' + enabled: + $ref: '#/components/schemas/Alerting_enabled_rule' + name: + $ref: '#/components/schemas/Alerting_name_rule' + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + type: object + description: The parameters for a custom query rule. + additionalProperties: true + rule_type_id: + type: string + description: >- + The ID of the rule type that you want to call when the rule is + scheduled to run. + enum: + - siem.queryRule + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_create_siem_saved_query_rule_request: + title: Create saved query rule request + description: > + A rule that searches the defined indices and creates an alert when a + document matches the saved search. + type: object + required: + - consumer + - name + - params + - rule_type_id + - schedule + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + consumer: + $ref: '#/components/schemas/Alerting_consumer' + enabled: + $ref: '#/components/schemas/Alerting_enabled_rule' + name: + $ref: '#/components/schemas/Alerting_name_rule' + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + type: object + description: The parameters for a saved query rule. + additionalProperties: true + rule_type_id: + type: string + description: >- + The ID of the rule type that you want to call when the rule is + scheduled to run. + enum: + - siem.savedQueryRule + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_create_siem_threshold_rule_request: + title: Create threshold rule request + description: > + A rule that aggregates query results to detect when the number of + matches exceeds a threshold. + type: object + required: + - consumer + - name + - params + - rule_type_id + - schedule + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + consumer: + $ref: '#/components/schemas/Alerting_consumer' + enabled: + $ref: '#/components/schemas/Alerting_enabled_rule' + name: + $ref: '#/components/schemas/Alerting_name_rule' + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + type: object + description: The parameters for a threshold rule. + additionalProperties: true + rule_type_id: + type: string + description: >- + The ID of the rule type that you want to call when the rule is + scheduled to run. + enum: + - siem.thresholdRule + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_create_slo_burn_rate_rule_request: + title: Create slo burn rate rule request + description: > + A rule that detects when the burn rate is above a defined threshold for + two different lookback periods. The two periods are a long period and a + short period that is 1/12th of the long period. For each lookback + period, the burn rate is computed as the error rate divided by the error + budget. When the burn rates for both periods surpass the threshold, an + alert occurs. + type: object + required: + - consumer + - name + - params + - rule_type_id + - schedule + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' + consumer: + $ref: '#/components/schemas/Alerting_consumer' + enabled: + $ref: '#/components/schemas/Alerting_enabled_rule' + name: + $ref: '#/components/schemas/Alerting_name_rule' + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + $ref: '#/components/schemas/Alerting_params_property_slo_burn_rate' + rule_type_id: + type: string + description: >- + The ID of the rule type that you want to call when the rule is + scheduled to run. + enum: + - slo.rules.burnRate + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_create_synthetics_monitor_status_rule_request: + title: Create synthetics monitor status rule request + description: >- + A rule that detects when a monitor is down or an availability threshold + is breached. + type: object + required: + - consumer + - name + - params + - rule_type_id + - schedule + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' + consumer: + $ref: '#/components/schemas/Alerting_consumer' + enabled: + $ref: '#/components/schemas/Alerting_enabled_rule' + name: + $ref: '#/components/schemas/Alerting_name_rule' + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + type: object + description: The parameters for the synthetics monitor status rule. + additionalProperties: true + rule_type_id: + type: string + description: >- + The ID of the rule type that you want to call when the rule is + scheduled to run. + enum: + - xpack.synthetics.alerts.monitorStatus + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_create_synthetics_uptime_duration_anomaly_rule_request: + title: Create synthetics uptime duration anomaly rule request + description: > + A rule that detects response durations for all of the geographic + locations of each monitor. When a monitor runs for an unusual amount of + time, at a particular time, an anomaly is recorded. + type: object + required: + - consumer + - name + - params + - rule_type_id + - schedule + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' + consumer: + $ref: '#/components/schemas/Alerting_consumer' + enabled: + $ref: '#/components/schemas/Alerting_enabled_rule' + name: + $ref: '#/components/schemas/Alerting_name_rule' + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + type: object + description: The parameters for the uptime duration anomaly rule. + additionalProperties: true + rule_type_id: + type: string + description: >- + The ID of the rule type that you want to call when the rule is + scheduled to run. + enum: + - xpack.uptime.alerts.durationAnomaly + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_create_synthetics_uptime_tls_rule_request: + title: Create synthetics uptime TLS rule request type: object required: - consumer @@ -7692,27 +11960,25 @@ components: notify_when: $ref: '#/components/schemas/Alerting_notify_when' params: - type: object - description: The parameters for a custom query rule. - additionalProperties: true + $ref: '#/components/schemas/Alerting_params_property_synthetics_uptime_tls' rule_type_id: type: string description: >- The ID of the rule type that you want to call when the rule is scheduled to run. enum: - - siem.queryRule + - xpack.uptime.alerts.tls schedule: $ref: '#/components/schemas/Alerting_schedule' tags: $ref: '#/components/schemas/Alerting_tags' throttle: $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_siem_saved_query_rule_request: - title: Create saved query rule request + Alerting_create_synthetics_uptime_tls_certificate_rule_request: + title: Create TLS certificate rule request description: > - A rule that searches the defined indices and creates an alert when a - document matches the saved search. + A rule that detects when a monitor has a TLS certificate expiring or + when it exceeds an age limit. type: object required: - consumer @@ -7723,6 +11989,8 @@ components: properties: actions: $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' consumer: $ref: '#/components/schemas/Alerting_consumer' enabled: @@ -7733,7 +12001,7 @@ components: $ref: '#/components/schemas/Alerting_notify_when' params: type: object - description: The parameters for a saved query rule. + description: The parameters for a TLS certificate rule. additionalProperties: true rule_type_id: type: string @@ -7741,18 +12009,18 @@ components: The ID of the rule type that you want to call when the rule is scheduled to run. enum: - - siem.savedQueryRule + - xpack.uptime.alerts.tlsCertificate schedule: $ref: '#/components/schemas/Alerting_schedule' tags: $ref: '#/components/schemas/Alerting_tags' throttle: $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_siem_threshold_rule_request: - title: Create threshold rule request + Alerting_create_transform_health_rule_request: + title: Create transform health rule request description: > - A rule that aggregates query results to detect when the number of - matches exceeds a threshold. + A rule that monitors transforms health and alerts if an operational + issue occurred. type: object required: - consumer @@ -7763,6 +12031,8 @@ components: properties: actions: $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' consumer: $ref: '#/components/schemas/Alerting_consumer' enabled: @@ -7773,7 +12043,7 @@ components: $ref: '#/components/schemas/Alerting_notify_when' params: type: object - description: The parameters for a threshold rule. + description: The parameters for a transform health rule. additionalProperties: true rule_type_id: type: string @@ -7781,22 +12051,16 @@ components: The ID of the rule type that you want to call when the rule is scheduled to run. enum: - - siem.thresholdRule + - transform_health schedule: $ref: '#/components/schemas/Alerting_schedule' tags: $ref: '#/components/schemas/Alerting_tags' throttle: $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_slo_burn_rate_rule_request: - title: Create slo burn rate rule request - description: > - A rule that detects when the burn rate is above a defined threshold for - two different lookback periods. The two periods are a long period and a - short period that is 1/12th of the long period. For each lookback - period, the burn rate is computed as the error rate divided by the error - budget. When the burn rates for both periods surpass the threshold, an - alert occurs. + Alerting_create_uptime_monitor_status_rule_request: + title: Create uptime monitor status rule request + description: A rule that detects monitor errors and outages. type: object required: - consumer @@ -7818,2871 +12082,3835 @@ components: notify_when: $ref: '#/components/schemas/Alerting_notify_when' params: - $ref: '#/components/schemas/Alerting_params_property_slo_burn_rate' + $ref: >- + #/components/schemas/Alerting_params_property_synthetics_monitor_status rule_type_id: type: string description: >- The ID of the rule type that you want to call when the rule is scheduled to run. enum: - - slo.rules.burnRate + - xpack.uptime.alerts.monitorStatus schedule: $ref: '#/components/schemas/Alerting_schedule' tags: $ref: '#/components/schemas/Alerting_tags' throttle: $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_synthetics_monitor_status_rule_request: - title: Create synthetics monitor status rule request + Alerting_filter: + type: object description: >- - A rule that detects when a monitor is down or an availability threshold - is breached. + A filter written in Elasticsearch Query Domain Specific Language (DSL) + as defined in the `kbn-es-query` package. + properties: + meta: + type: object + properties: + alias: + type: string + nullable: true + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: + type: object + type: + type: string + value: + type: string + query: + type: object + $state: + type: object + Alerting_notify_when_action: + type: string + description: > + Indicates how often alerts generate actions. Valid values include: + `onActionGroupChange`: Actions run when the alert status changes; + `onActiveAlert`: Actions run when the alert becomes active and at each + check interval while the rule conditions are met; `onThrottleInterval`: + Actions run when the alert becomes active and at the interval specified + in the throttle property while the rule conditions are met. NOTE: You + cannot specify `notify_when` at both the rule and action level. The + recommended method is to set it for each action. If you set it at the + rule level then update the rule in Kibana, it is automatically changed + to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + example: onActiveAlert + Alerting_throttle_action: + type: string + nullable: true + description: > + The throttle interval, which defines how often an alert generates + repeated actions. It is specified in seconds, minutes, hours, or days + and is applicable only if `notify_when` is set to `onThrottleInterval`. + NOTE: You cannot specify the throttle interval at both the rule and + action level. The recommended method is to set it for each action. If + you set it at the rule level then update the rule in Kibana, it is + automatically changed to use action-specific values. + default: null + example: 10m + Alerting_actions: + type: array + default: [] + nullable: true + items: + type: object + required: + - group + - id + - params + description: | + An action that runs under defined conditions. + properties: + alerts_filter: + type: object + description: > + Conditions that affect whether the action runs. If you specify + multiple conditions, all conditions must be met for the action to + run. For example, if an alert occurs within the specified time + frame and matches the query, the action runs. + properties: + query: + type: object + description: >- + Defines a query filter that determines whether the action + runs. + properties: + kql: + type: string + description: A filter written in Kibana Query Language (KQL). + filters: + type: array + items: + $ref: '#/components/schemas/Alerting_filter' + timeframe: + type: object + description: Defines a period that limits whether the action runs. + properties: + days: + type: array + description: >- + Defines the days of the week that the action can run, + represented as an array of numbers. For example, `1` + represents Monday. An empty array is equivalent to + specifying all the days of the week. + items: + type: integer + example: + - 1 + - 2 + - 3 + - 4 + - 5 + hours: + type: object + description: > + Defines the range of time in a day that the action can + run. If the `start` value is `00:00` and the `end` value + is `24:00`, actions be generated all day. + properties: + end: + type: string + description: >- + The end of the time frame in 24-hour notation + (`hh:mm`). + example: '17:00' + start: + type: string + description: >- + The start of the time frame in 24-hour notation + (`hh:mm`). + example: '08:00' + timezone: + type: string + description: > + The ISO time zone for the `hours` values. Values such as + `UTC` and `UTC+1` also work but lack built-in daylight + savings time support and are not recommended. + example: Europe/Madrid + connector_type_id: + type: string + description: >- + The type of connector. This property appears in responses but + cannot be set in requests. + example: .server-log + readOnly: true + frequency: + type: object + description: > + The properties that affect how often actions are generated. If the + rule type supports setting `summary` to `true`, the action can be + a summary of alerts at the specified notification interval. + Otherwise, an action runs for each alert at the specified + notification interval. NOTE: You cannot specify these parameters + when `notify_when` or `throttle` are defined at the rule level. + required: + - notify_when + - summary + properties: + notify_when: + $ref: '#/components/schemas/Alerting_notify_when_action' + summary: + type: boolean + description: Indicates whether the action is a summary. + throttle: + $ref: '#/components/schemas/Alerting_throttle_action' + group: + type: string + description: > + The group name, which affects when the action runs (for example, + when the threshold is met or when the alert is recovered). Each + rule type has a list of valid action group names. If you don't + need to group actions, set to `default`. + example: default + id: + type: string + description: The identifier for the connector saved object. + example: 9dca3e00-74f5-11ed-9801-35303b735aef + params: + type: object + description: >- + The parameters for the action, which are sent to the connector. + The `params` are handled as Mustache templates and passed a + default set of context. + additionalProperties: true + uuid: + type: string + description: A universally unique identifier (UUID) for the action. + example: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61 + Alerting_alert_delay: type: object + description: >- + Indicates that an alert occurs only when the specified number of + consecutive runs met the rule conditions. required: - - consumer - - name - - params - - rule_type_id - - schedule + - active properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - consumer: - $ref: '#/components/schemas/Alerting_consumer' - enabled: - $ref: '#/components/schemas/Alerting_enabled_rule' - name: - $ref: '#/components/schemas/Alerting_name_rule' - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - type: object - description: The parameters for the synthetics monitor status rule. - additionalProperties: true - rule_type_id: - type: string - description: >- - The ID of the rule type that you want to call when the rule is - scheduled to run. - enum: - - xpack.synthetics.alerts.monitorStatus - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_synthetics_uptime_duration_anomaly_rule_request: - title: Create synthetics uptime duration anomaly rule request + active: + type: number + description: The number of consecutive runs that must meet the rule conditions. + example: 3 + Alerting_consumer: + type: string description: > - A rule that detects response durations for all of the geographic - locations of each monitor. When a monitor runs for an unusual amount of - time, at a particular time, an anomaly is recorded. + The name of the application or feature that owns the rule. For example: + `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, + `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`. + Alerting_enabled_rule: + type: boolean + description: >- + Indicates whether you want to run the rule on an interval basis after it + is created. + Alerting_name_rule: + type: string + description: > + The name of the rule. While this name does not have to be unique, a + distinctive name can help you identify a rule. + Alerting_notify_when: + type: string + description: > + Deprecated in 8.13.0. Use the `notify_when` property in the action + `frequency` object instead. Indicates how often alerts generate actions. + NOTE: You cannot specify `notify_when` at both the rule and action + level. If you set it at the rule level then update the rule in Kibana, + it is automatically changed to use action-specific values. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + deprecated: true + example: onActiveAlert + Alerting_schedule: type: object - required: - - consumer - - name - - params - - rule_type_id - - schedule + description: >- + The check interval, which specifies how frequently the rule conditions + are checked. The interval is specified in seconds, minutes, hours, or + days. properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - consumer: - $ref: '#/components/schemas/Alerting_consumer' - enabled: - $ref: '#/components/schemas/Alerting_enabled_rule' - name: - $ref: '#/components/schemas/Alerting_name_rule' - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - type: object - description: The parameters for the uptime duration anomaly rule. - additionalProperties: true - rule_type_id: + interval: type: string - description: >- - The ID of the rule type that you want to call when the rule is - scheduled to run. - enum: - - xpack.uptime.alerts.durationAnomaly - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_synthetics_uptime_tls_rule_request: - title: Create synthetics uptime TLS rule request - type: object + example: 1m + Alerting_tags: + type: array + description: The tags for the rule. + items: + type: string + default: [] + Alerting_throttle: + type: string + description: > + Deprecated in 8.13.0. Use the `throttle` property in the action + `frequency` object instead. The throttle interval, which defines how + often an alert generates repeated actions. NOTE: You cannot specify the + throttle interval at both the rule and action level. If you set it at + the rule level then update the rule in Kibana, it is automatically + changed to use action-specific values. + nullable: true + default: null + deprecated: true + example: 10m + Alerting_params_property_apm_anomaly: required: - - consumer - - name - - params - - rule_type_id - - schedule + - windowSize + - windowUnit + - environment + - anomalySeverityType properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - consumer: - $ref: '#/components/schemas/Alerting_consumer' - enabled: - $ref: '#/components/schemas/Alerting_enabled_rule' - name: - $ref: '#/components/schemas/Alerting_name_rule' - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - $ref: '#/components/schemas/Alerting_params_property_synthetics_uptime_tls' - rule_type_id: + serviceName: type: string - description: >- - The ID of the rule type that you want to call when the rule is - scheduled to run. + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + windowSize: + type: number + example: 6 + description: The window size + windowUnit: + type: string + description: The window size unit enum: - - xpack.uptime.alerts.tls - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_synthetics_uptime_tls_certificate_rule_request: - title: Create TLS certificate rule request - description: > - A rule that detects when a monitor has a TLS certificate expiring or - when it exceeds an age limit. - type: object + - m + - h + - d + environment: + type: string + description: The environment from APM + anomalySeverityType: + type: string + description: The anomaly threshold value + enum: + - critical + - major + - minor + - warning + Alerting_params_property_apm_error_count: required: - - consumer - - name - - params - - rule_type_id - - schedule + - windowSize + - windowUnit + - threshold + - environment properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - consumer: - $ref: '#/components/schemas/Alerting_consumer' - enabled: - $ref: '#/components/schemas/Alerting_enabled_rule' - name: - $ref: '#/components/schemas/Alerting_name_rule' - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - type: object - description: The parameters for a TLS certificate rule. - additionalProperties: true - rule_type_id: + serviceName: + type: string + description: The service name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: The window size unit + enum: + - m + - h + - d + environment: + type: string + description: The environment from APM + threshold: + type: number + description: The error count threshold value + groupBy: + type: array + default: + - service.name + - service.environment + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.name + - error.grouping_key + errorGroupingKey: type: string - description: >- - The ID of the rule type that you want to call when the rule is - scheduled to run. - enum: - - xpack.uptime.alerts.tlsCertificate - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_transform_health_rule_request: - title: Create transform health rule request - description: > - A rule that monitors transforms health and alerts if an operational - issue occurred. - type: object + Alerting_params_property_apm_transaction_duration: required: - - consumer - - name - - params - - rule_type_id - - schedule + - windowSize + - windowUnit + - threshold + - environment + - aggregationType properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - consumer: - $ref: '#/components/schemas/Alerting_consumer' - enabled: - $ref: '#/components/schemas/Alerting_enabled_rule' - name: - $ref: '#/components/schemas/Alerting_name_rule' - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - type: object - description: The parameters for a transform health rule. - additionalProperties: true - rule_type_id: + serviceName: type: string - description: >- - The ID of the rule type that you want to call when the rule is - scheduled to run. + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + transactionName: + type: string + description: The transaction name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: ç enum: - - transform_health - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_create_uptime_monitor_status_rule_request: - title: Create uptime monitor status rule request - description: A rule that detects monitor errors and outages. - type: object + - m + - h + - d + environment: + type: string + threshold: + type: number + description: The latency threshold value + groupBy: + type: array + default: + - service.name + - service.environment + - transaction.type + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.type + - transaction.name + aggregationType: + type: string + enum: + - avg + - 95th + - 99th + Alerting_params_property_apm_transaction_error_rate: required: - - consumer - - name - - params - - rule_type_id - - schedule + - windowSize + - windowUnit + - threshold + - environment properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - consumer: - $ref: '#/components/schemas/Alerting_consumer' - enabled: - $ref: '#/components/schemas/Alerting_enabled_rule' - name: - $ref: '#/components/schemas/Alerting_name_rule' - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - $ref: >- - #/components/schemas/Alerting_params_property_synthetics_monitor_status - rule_type_id: + serviceName: type: string - description: >- - The ID of the rule type that you want to call when the rule is - scheduled to run. + description: The service name from APM + transactionType: + type: string + description: The transaction type from APM + transactionName: + type: string + description: The transaction name from APM + windowSize: + type: number + description: The window size + example: 6 + windowUnit: + type: string + description: The window size unit enum: - - xpack.uptime.alerts.monitorStatus - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_filter: - type: object - description: >- - A filter written in Elasticsearch Query Domain Specific Language (DSL) - as defined in the `kbn-es-query` package. - properties: - meta: - type: object - properties: - alias: - type: string - nullable: true - controlledBy: - type: string - disabled: - type: boolean - field: - type: string - group: - type: string - index: - type: string - isMultiIndex: - type: boolean - key: - type: string - negate: - type: boolean - params: - type: object - type: - type: string - value: - type: string - query: - type: object - $state: - type: object - Alerting_notify_when_action: + - m + - h + - d + environment: + type: string + description: The environment from APM + threshold: + type: number + description: The error rate threshold value + groupBy: + type: array + default: + - service.name + - service.environment + - transaction.type + uniqueItems: true + items: + type: string + enum: + - service.name + - service.environment + - transaction.type + - transaction.name + Alerting_aggfield: + description: > + The name of the numeric field that is used in the aggregation. This + property is required when `aggType` is `avg`, `max`, `min` or `sum`. + type: string + Alerting_aggtype: + description: The type of aggregation to perform. + type: string + enum: + - avg + - count + - max + - min + - sum + default: count + Alerting_excludehitsfrompreviousrun: + description: > + Indicates whether to exclude matches from previous runs. If `true`, you + can avoid alert duplication by excluding documents that have already + been detected by the previous rule run. This option is not available + when a grouping field is specified. + type: boolean + Alerting_groupby: + description: > + Indicates whether the aggregation is applied over all documents (`all`) + or split into groups (`top`) using a grouping field (`termField`). If + grouping is used, an alert will be created for each group when it + exceeds the threshold; only the top groups (up to `termSize` number of + groups) are checked. type: string - description: > - Indicates how often alerts generate actions. Valid values include: - `onActionGroupChange`: Actions run when the alert status changes; - `onActiveAlert`: Actions run when the alert becomes active and at each - check interval while the rule conditions are met; `onThrottleInterval`: - Actions run when the alert becomes active and at the interval specified - in the throttle property while the rule conditions are met. NOTE: You - cannot specify `notify_when` at both the rule and action level. The - recommended method is to set it for each action. If you set it at the - rule level then update the rule in Kibana, it is automatically changed - to use action-specific values. enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - example: onActiveAlert - Alerting_throttle_action: + - all + - top + default: all + Alerting_termsize: + description: > + This property is required when `groupBy` is `top`. It specifies the + number of groups to check against the threshold and therefore limits the + number of alerts on high cardinality fields. + type: integer + Alerting_timefield: + description: The field that is used to calculate the time window. type: string - nullable: true + Alerting_timewindowsize: description: > - The throttle interval, which defines how often an alert generates - repeated actions. It is specified in seconds, minutes, hours, or days - and is applicable only if `notify_when` is set to `onThrottleInterval`. - NOTE: You cannot specify the throttle interval at both the rule and - action level. The recommended method is to set it for each action. If - you set it at the rule level then update the rule in Kibana, it is - automatically changed to use action-specific values. - default: null - example: 10m - Alerting_actions: + The size of the time window (in `timeWindowUnit` units), which + determines how far back to search for documents. Generally it should be + a value higher than the rule check interval to avoid gaps in detection. + type: integer + example: 5 + Alerting_timewindowunit: + description: | + The type of units for the time window: seconds, minutes, hours, or days. + type: string + enum: + - s + - m + - h + - d + example: m + Alerting_size: + description: > + The number of documents to pass to the configured actions when the + threshold condition is met. + type: integer + Alerting_termfield: + description: > + The names of up to four fields that are used for grouping the + aggregation. This property is required when `groupBy` is `top`. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 4 + Alerting_threshold: + description: > + The threshold value that is used with the `thresholdComparator`. If the + `thresholdComparator` is `between` or `notBetween`, you must specify the + boundary values. type: array - default: [] - nullable: true items: - type: object - required: - - group - - id - - params - description: | - An action that runs under defined conditions. - properties: - alerts_filter: - type: object - description: > - Conditions that affect whether the action runs. If you specify - multiple conditions, all conditions must be met for the action to - run. For example, if an alert occurs within the specified time - frame and matches the query, the action runs. - properties: - query: - type: object - description: >- - Defines a query filter that determines whether the action - runs. - properties: - kql: - type: string - description: A filter written in Kibana Query Language (KQL). - filters: - type: array - items: - $ref: '#/components/schemas/Alerting_filter' - timeframe: - type: object - description: Defines a period that limits whether the action runs. - properties: - days: - type: array - description: >- - Defines the days of the week that the action can run, - represented as an array of numbers. For example, `1` - represents Monday. An empty array is equivalent to - specifying all the days of the week. - items: - type: integer - example: - - 1 - - 2 - - 3 - - 4 - - 5 - hours: - type: object - description: > - Defines the range of time in a day that the action can - run. If the `start` value is `00:00` and the `end` value - is `24:00`, actions be generated all day. - properties: - end: - type: string - description: >- - The end of the time frame in 24-hour notation - (`hh:mm`). - example: '17:00' - start: + type: integer + example: 4000 + Alerting_thresholdcomparator: + description: >- + The comparison function for the threshold. For example, "is above", "is + above or equals", "is below", "is below or equals", "is between", and + "is not between". + type: string + enum: + - '>' + - '>=' + - < + - <= + - between + - notBetween + example: '>' + Alerting_params_es_query_rule: + oneOf: + - type: object + x-technical-preview: true + description: > + The parameters for an Elasticsearch query rule that uses ES|QL to + define the query. This functionality is in technical pre view and + may be changed or removed in a future release. Elastic will work to + fix any issues, but features in technical preview are not subject to + the support SLA of official GA features. + required: + - esqlQuery + - searchType + - size + - threshold + - thresholdComparator + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/Alerting_aggfield' + aggType: + $ref: '#/components/schemas/Alerting_aggtype' + esqlQuery: + type: object + required: + - esql + properties: + esql: + description: >- + The query definition, which uses Elasticsearch Query + Language. + type: string + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/Alerting_excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/Alerting_groupby' + searchType: + description: >- + The type of query, in this case a query that uses Elasticsearch + Query Language (ES|QL). + type: string + enum: + - esqlQuery + example: esqlQuery + size: + type: integer + description: > + When `searchType` is `esqlQuery`, this property is required but + it does not affect the rule behavior. + example: 0 + termSize: + $ref: '#/components/schemas/Alerting_termsize' + threshold: + type: array + items: + type: integer + minimum: 0 + maximum: 0 + description: > + The threshold value that is used with the `thresholdComparator`. + When `searchType` is `esqlQuery`, this property is required and + must be set to zero. + thresholdComparator: + type: string + description: > + The comparison function for the threshold. When `searchType` is + `esqlQuery`, this property is required and must be set to ">". + Since the `threshold` value must be `0`, the result is that an + alert occurs whenever the query returns results. + enum: + - '>' + example: '>' + timeField: + $ref: '#/components/schemas/Alerting_timefield' + timeWindowSize: + $ref: '#/components/schemas/Alerting_timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/Alerting_timewindowunit' + - type: object + description: >- + The parameters for an Elasticsearch query rule that uses KQL or + Lucene to define the query. + required: + - searchType + - size + - threshold + - thresholdComparator + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/Alerting_aggfield' + aggType: + $ref: '#/components/schemas/Alerting_aggtype' + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/Alerting_excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/Alerting_groupby' + searchConfiguration: + description: >- + The query definition, which uses KQL or Lucene to fetch the + documents from Elasticsearch. + type: object + properties: + filter: + type: array + items: + $ref: '#/components/schemas/Alerting_filter' + index: + description: The indices to query. + oneOf: + - type: string + - type: array + items: type: string - description: >- - The start of the time frame in 24-hour notation - (`hh:mm`). - example: '08:00' - timezone: + query: + type: object + properties: + language: + type: string + example: kuery + query: + type: string + searchType: + description: >- + The type of query, in this case a text-based query that uses KQL + or Lucene. + type: string + enum: + - searchSource + example: searchSource + size: + $ref: '#/components/schemas/Alerting_size' + termField: + $ref: '#/components/schemas/Alerting_termfield' + termSize: + $ref: '#/components/schemas/Alerting_termsize' + threshold: + $ref: '#/components/schemas/Alerting_threshold' + thresholdComparator: + $ref: '#/components/schemas/Alerting_thresholdcomparator' + timeField: + $ref: '#/components/schemas/Alerting_timefield' + timeWindowSize: + $ref: '#/components/schemas/Alerting_timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/Alerting_timewindowunit' + - type: object + description: >- + The parameters for an Elasticsearch query rule that uses + Elasticsearch Query DSL to define the query. + required: + - esQuery + - index + - threshold + - thresholdComparator + - timeField + - timeWindowSize + - timeWindowUnit + properties: + aggField: + $ref: '#/components/schemas/Alerting_aggfield' + aggType: + $ref: '#/components/schemas/Alerting_aggtype' + esQuery: + description: The query definition, which uses Elasticsearch Query DSL. + type: string + excludeHitsFromPreviousRun: + $ref: '#/components/schemas/Alerting_excludehitsfrompreviousrun' + groupBy: + $ref: '#/components/schemas/Alerting_groupby' + index: + description: The indices to query. + oneOf: + - type: array + items: type: string - description: > - The ISO time zone for the `hours` values. Values such as - `UTC` and `UTC+1` also work but lack built-in daylight - savings time support and are not recommended. - example: Europe/Madrid - connector_type_id: - type: string - description: >- - The type of connector. This property appears in responses but - cannot be set in requests. - example: .server-log - readOnly: true - frequency: - type: object - description: > - The properties that affect how often actions are generated. If the - rule type supports setting `summary` to `true`, the action can be - a summary of alerts at the specified notification interval. - Otherwise, an action runs for each alert at the specified - notification interval. NOTE: You cannot specify these parameters - when `notify_when` or `throttle` are defined at the rule level. - required: - - notify_when - - summary - properties: - notify_when: - $ref: '#/components/schemas/Alerting_notify_when_action' - summary: - type: boolean - description: Indicates whether the action is a summary. - throttle: - $ref: '#/components/schemas/Alerting_throttle_action' - group: - type: string - description: > - The group name, which affects when the action runs (for example, - when the threshold is met or when the alert is recovered). Each - rule type has a list of valid action group names. If you don't - need to group actions, set to `default`. - example: default - id: - type: string - description: The identifier for the connector saved object. - example: 9dca3e00-74f5-11ed-9801-35303b735aef - params: - type: object - description: >- - The parameters for the action, which are sent to the connector. - The `params` are handled as Mustache templates and passed a - default set of context. - additionalProperties: true - uuid: - type: string - description: A universally unique identifier (UUID) for the action. - example: 1c7a1280-f28c-4e06-96b2-e4e5f05d1d61 - Alerting_alert_delay: - type: object - description: >- - Indicates that an alert occurs only when the specified number of - consecutive runs met the rule conditions. - required: - - active - properties: - active: - type: number - description: The number of consecutive runs that must meet the rule conditions. - example: 3 - Alerting_consumer: - type: string - description: > - The name of the application or feature that owns the rule. For example: - `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, `ml`, - `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or `uptime`. - Alerting_enabled_rule: - type: boolean - description: >- - Indicates whether you want to run the rule on an interval basis after it - is created. - Alerting_name_rule: - type: string - description: > - The name of the rule. While this name does not have to be unique, a - distinctive name can help you identify a rule. - Alerting_notify_when: - type: string - description: > - Deprecated in 8.13.0. Use the `notify_when` property in the action - `frequency` object instead. Indicates how often alerts generate actions. - NOTE: You cannot specify `notify_when` at both the rule and action - level. If you set it at the rule level then update the rule in Kibana, - it is automatically changed to use action-specific values. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - deprecated: true - example: onActiveAlert - Alerting_schedule: - type: object - description: >- - The check interval, which specifies how frequently the rule conditions - are checked. The interval is specified in seconds, minutes, hours, or - days. - properties: - interval: - type: string - example: 1m - Alerting_tags: - type: array - description: The tags for the rule. - items: - type: string - default: [] - Alerting_throttle: - type: string - description: > - Deprecated in 8.13.0. Use the `throttle` property in the action - `frequency` object instead. The throttle interval, which defines how - often an alert generates repeated actions. NOTE: You cannot specify the - throttle interval at both the rule and action level. If you set it at - the rule level then update the rule in Kibana, it is automatically - changed to use action-specific values. - nullable: true - default: null - deprecated: true - example: 10m - Alerting_params_property_apm_anomaly: - required: - - windowSize - - windowUnit - - environment - - anomalySeverityType - properties: - serviceName: - type: string - description: The service name from APM - transactionType: - type: string - description: The transaction type from APM - windowSize: - type: number - example: 6 - description: The window size - windowUnit: - type: string - description: The window size unit - enum: - - m - - h - - d - environment: - type: string - description: The environment from APM - anomalySeverityType: - type: string - description: The anomaly threshold value - enum: - - critical - - major - - minor - - warning - Alerting_params_property_apm_error_count: + - type: string + searchType: + description: >- + The type of query, in this case a query that uses Elasticsearch + Query DSL. + type: string + enum: + - esQuery + default: esQuery + example: esQuery + size: + $ref: '#/components/schemas/Alerting_size' + termField: + $ref: '#/components/schemas/Alerting_termfield' + termSize: + $ref: '#/components/schemas/Alerting_termsize' + threshold: + $ref: '#/components/schemas/Alerting_threshold' + thresholdComparator: + $ref: '#/components/schemas/Alerting_thresholdcomparator' + timeField: + $ref: '#/components/schemas/Alerting_timefield' + timeWindowSize: + $ref: '#/components/schemas/Alerting_timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/Alerting_timewindowunit' + Alerting_params_index_threshold_rule: + type: object + description: The parameters for an index threshold rule. required: - - windowSize - - windowUnit + - index - threshold - - environment + - thresholdComparator + - timeField + - timeWindowSize + - timeWindowUnit properties: - serviceName: - type: string - description: The service name from APM - windowSize: - type: number - description: The window size - example: 6 - windowUnit: - type: string - description: The window size unit - enum: - - m - - h - - d - environment: + aggField: + $ref: '#/components/schemas/Alerting_aggfield' + aggType: + $ref: '#/components/schemas/Alerting_aggtype' + filterKuery: + description: A KQL expression thats limits the scope of alerts. type: string - description: The environment from APM - threshold: - type: number - description: The error count threshold value groupBy: + $ref: '#/components/schemas/Alerting_groupby' + index: + description: The indices to query. type: array - default: - - service.name - - service.environment - uniqueItems: true items: type: string - enum: - - service.name - - service.environment - - transaction.name - - error.grouping_key - errorGroupingKey: - type: string - Alerting_params_property_apm_transaction_duration: - required: - - windowSize - - windowUnit - - threshold - - environment - - aggregationType - properties: - serviceName: - type: string - description: The service name from APM - transactionType: - type: string - description: The transaction type from APM - transactionName: - type: string - description: The transaction name from APM - windowSize: - type: number - description: The window size - example: 6 - windowUnit: - type: string - description: ç - enum: - - m - - h - - d - environment: - type: string + termField: + $ref: '#/components/schemas/Alerting_termfield' + termSize: + $ref: '#/components/schemas/Alerting_termsize' threshold: - type: number - description: The latency threshold value - groupBy: + $ref: '#/components/schemas/Alerting_threshold' + thresholdComparator: + $ref: '#/components/schemas/Alerting_thresholdcomparator' + timeField: + $ref: '#/components/schemas/Alerting_timefield' + timeWindowSize: + $ref: '#/components/schemas/Alerting_timewindowsize' + timeWindowUnit: + $ref: '#/components/schemas/Alerting_timewindowunit' + Alerting_params_property_infra_inventory: + properties: + criteria: type: array - default: - - service.name - - service.environment - - transaction.type - uniqueItems: true items: - type: string - enum: - - service.name - - service.environment - - transaction.type - - transaction.name - aggregationType: - type: string - enum: - - avg - - 95th - - 99th - Alerting_params_property_apm_transaction_error_rate: - required: - - windowSize - - windowUnit - - threshold - - environment - properties: - serviceName: - type: string - description: The service name from APM - transactionType: + type: object + properties: + metric: + type: string + enum: + - count + - cpu + - diskLatency + - load + - memory + - memoryTotal + - tx + - rx + - logRate + - diskIOReadBytes + - diskIOWriteBytes + - s3TotalRequests + - s3NumberOfObjects + - s3BucketSize + - s3DownloadBytes + - s3UploadBytes + - rdsConnections + - rdsQueriesExecuted + - rdsActiveTransactions + - rdsLatency + - sqsMessagesVisible + - sqsMessagesDelayed + - sqsMessagesSent + - sqsMessagesEmpty + - sqsOldestMessage + - custom + timeSize: + type: number + timeUnit: + type: string + enum: + - s + - m + - h + - d + sourceId: + type: string + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + customMetric: + type: object + properties: + type: + type: string + enum: + - custom + field: + type: string + aggregation: + type: string + enum: + - avg + - max + - min + - rate + id: + type: string + label: + type: string + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + filterQuery: type: string - description: The transaction type from APM - transactionName: + filterQueryText: type: string - description: The transaction name from APM - windowSize: - type: number - description: The window size - example: 6 - windowUnit: + nodeType: type: string - description: The window size unit enum: - - m - - h - - d - environment: - type: string - description: The environment from APM - threshold: - type: number - description: The error rate threshold value - groupBy: + - host + - pod + - container + - awsEC2 + - awsS3 + - awsSQS + - awsRDS + sourceId: + type: string + alertOnNoData: + type: boolean + Alerting_params_property_infra_metric_threshold: + properties: + criteria: type: array - default: - - service.name - - service.environment - - transaction.type - uniqueItems: true - items: - type: string - enum: - - service.name - - service.environment - - transaction.type - - transaction.name - Alerting_aggfield: - description: > - The name of the numeric field that is used in the aggregation. This - property is required when `aggType` is `avg`, `max`, `min` or `sum`. - type: string - Alerting_aggtype: - description: The type of aggregation to perform. - type: string - enum: - - avg - - count - - max - - min - - sum - default: count - Alerting_excludehitsfrompreviousrun: - description: > - Indicates whether to exclude matches from previous runs. If `true`, you - can avoid alert duplication by excluding documents that have already - been detected by the previous rule run. This option is not available - when a grouping field is specified. - type: boolean - Alerting_groupby: - description: > - Indicates whether the aggregation is applied over all documents (`all`) - or split into groups (`top`) using a grouping field (`termField`). If - grouping is used, an alert will be created for each group when it - exceeds the threshold; only the top groups (up to `termSize` number of - groups) are checked. - type: string - enum: - - all - - top - default: all - Alerting_termsize: - description: > - This property is required when `groupBy` is `top`. It specifies the - number of groups to check against the threshold and therefore limits the - number of alerts on high cardinality fields. - type: integer - Alerting_timefield: - description: The field that is used to calculate the time window. - type: string - Alerting_timewindowsize: - description: > - The size of the time window (in `timeWindowUnit` units), which - determines how far back to search for documents. Generally it should be - a value higher than the rule check interval to avoid gaps in detection. - type: integer - example: 5 - Alerting_timewindowunit: - description: | - The type of units for the time window: seconds, minutes, hours, or days. - type: string - enum: - - s - - m - - h - - d - example: m - Alerting_size: - description: > - The number of documents to pass to the configured actions when the - threshold condition is met. - type: integer - Alerting_termfield: - description: > - The names of up to four fields that are used for grouping the - aggregation. This property is required when `groupBy` is `top`. - oneOf: - - type: string - - type: array items: - type: string - maxItems: 4 - Alerting_threshold: - description: > - The threshold value that is used with the `thresholdComparator`. If the - `thresholdComparator` is `between` or `notBetween`, you must specify the - boundary values. - type: array - items: - type: integer - example: 4000 - Alerting_thresholdcomparator: - description: >- - The comparison function for the threshold. For example, "is above", "is - above or equals", "is below", "is below or equals", "is between", and - "is not between". - type: string - enum: - - '>' - - '>=' - - < - - <= - - between - - notBetween - example: '>' - Alerting_params_es_query_rule: + oneOf: + - title: non count criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + metric: + type: string + aggType: + type: string + enum: + - avg + - max + - min + - cardinality + - rate + - count + - sum + - p95 + - p99 + - custom + - title: count criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + aggType: + type: string + enum: + - count + - title: custom criterion + type: object + properties: + threshold: + type: array + items: + type: number + comparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + timeUnit: + type: string + timeSize: + type: number + warningThreshold: + type: array + items: + type: number + warningComparator: + type: string + enum: + - < + - <= + - '>' + - '>=' + - between + - outside + aggType: + type: string + enum: + - custom + customMetric: + type: array + items: + oneOf: + - type: object + properties: + name: + type: string + aggType: + type: string + enum: + - avg + - sum + - max + - min + - cardinality + field: + type: string + - type: object + properties: + name: + type: string + aggType: + type: string + enum: + - count + filter: + type: string + equation: + type: string + label: + type: string + groupBy: + oneOf: + - type: string + - type: array + items: + type: string + filterQuery: + type: string + sourceId: + type: string + alertOnNoData: + type: boolean + alertOnGroupDisappear: + type: boolean + Alerting_params_property_log_threshold: oneOf: - - type: object - x-technical-preview: true - description: > - The parameters for an Elasticsearch query rule that uses ES|QL to - define the query. This functionality is in technical pre view and - may be changed or removed in a future release. Elastic will work to - fix any issues, but features in technical preview are not subject to - the support SLA of official GA features. + - title: Count + type: object required: - - esqlQuery - - searchType - - size - - threshold - - thresholdComparator - - timeWindowSize - - timeWindowUnit + - count + - timeSize + - timeUnit + - logView properties: - aggField: - $ref: '#/components/schemas/Alerting_aggfield' - aggType: - $ref: '#/components/schemas/Alerting_aggtype' - esqlQuery: + criteria: + type: array + items: + type: object + properties: + field: + type: string + example: my.field + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + oneOf: + - type: number + example: 42 + - type: string + example: value + count: type: object - required: - - esql properties: - esql: - description: >- - The query definition, which uses Elasticsearch Query - Language. + comparator: type: string - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/Alerting_excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/Alerting_groupby' - searchType: - description: >- - The type of query, in this case a query that uses Elasticsearch - Query Language (ES|QL). + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + type: number + example: 100 + timeSize: + type: number + example: 6 + timeUnit: type: string enum: - - esqlQuery - example: esqlQuery - size: - type: integer - description: > - When `searchType` is `esqlQuery`, this property is required but - it does not affect the rule behavior. - example: 0 - termSize: - $ref: '#/components/schemas/Alerting_termsize' - threshold: + - s + - m + - h + - d + logView: + type: object + properties: + logViewId: + type: string + type: + type: string + enum: + - log-view-reference + example: log-view-reference + groupBy: type: array items: - type: integer - minimum: 0 - maximum: 0 - description: > - The threshold value that is used with the `thresholdComparator`. - When `searchType` is `esqlQuery`, this property is required and - must be set to zero. - thresholdComparator: - type: string - description: > - The comparison function for the threshold. When `searchType` is - `esqlQuery`, this property is required and must be set to ">". - Since the `threshold` value must be `0`, the result is that an - alert occurs whenever the query returns results. - enum: - - '>' - example: '>' - timeField: - $ref: '#/components/schemas/Alerting_timefield' - timeWindowSize: - $ref: '#/components/schemas/Alerting_timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/Alerting_timewindowunit' - - type: object - description: >- - The parameters for an Elasticsearch query rule that uses KQL or - Lucene to define the query. + type: string + - title: Ratio + type: object required: - - searchType - - size - - threshold - - thresholdComparator - - timeWindowSize - - timeWindowUnit + - count + - timeSize + - timeUnit + - logView properties: - aggField: - $ref: '#/components/schemas/Alerting_aggfield' - aggType: - $ref: '#/components/schemas/Alerting_aggtype' - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/Alerting_excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/Alerting_groupby' - searchConfiguration: - description: >- - The query definition, which uses KQL or Lucene to fetch the - documents from Elasticsearch. - type: object - properties: - filter: - type: array - items: - $ref: '#/components/schemas/Alerting_filter' - index: - description: The indices to query. - oneOf: - - type: string - - type: array - items: - type: string - query: + criteria: + type: array + items: + minItems: 2 + maxItems: 2 + type: array + items: type: object properties: - language: + field: type: string - example: kuery - query: + example: my.field + comparator: type: string - searchType: - description: >- - The type of query, in this case a text-based query that uses KQL - or Lucene. + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + oneOf: + - type: number + example: 42 + - type: string + example: value + count: + type: object + properties: + comparator: + type: string + enum: + - more than + - more than or equals + - less than + - less than or equals + - equals + - does not equal + - matches + - does not match + - matches phrase + - does not match phrase + value: + type: number + example: 100 + timeSize: + type: number + example: 6 + timeUnit: type: string enum: - - searchSource - example: searchSource - size: - $ref: '#/components/schemas/Alerting_size' - termField: - $ref: '#/components/schemas/Alerting_termfield' - termSize: - $ref: '#/components/schemas/Alerting_termsize' - threshold: - $ref: '#/components/schemas/Alerting_threshold' - thresholdComparator: - $ref: '#/components/schemas/Alerting_thresholdcomparator' - timeField: - $ref: '#/components/schemas/Alerting_timefield' - timeWindowSize: - $ref: '#/components/schemas/Alerting_timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/Alerting_timewindowunit' - - type: object + - s + - m + - h + - d + logView: + type: object + properties: + logViewId: + type: string + type: + type: string + enum: + - log-view-reference + example: log-view-reference + groupBy: + type: array + items: + type: string + Alerting_params_property_slo_burn_rate: + properties: + sloId: + description: The SLO identifier used by the rule + type: string + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + burnRateThreshold: + description: The burn rate threshold used to trigger the alert + type: number + example: 14.4 + maxBurnRateThreshold: description: >- - The parameters for an Elasticsearch query rule that uses - Elasticsearch Query DSL to define the query. - required: - - esQuery - - index - - threshold - - thresholdComparator - - timeField - - timeWindowSize - - timeWindowUnit + The maximum burn rate threshold value defined by the SLO error + budget + type: number + example: 168 + longWindow: + description: The duration of the long window used to compute the burn rate + type: object properties: - aggField: - $ref: '#/components/schemas/Alerting_aggfield' - aggType: - $ref: '#/components/schemas/Alerting_aggtype' - esQuery: - description: The query definition, which uses Elasticsearch Query DSL. + value: + description: The duration value + type: number + example: 6 + unit: + description: The duration unit type: string - excludeHitsFromPreviousRun: - $ref: '#/components/schemas/Alerting_excludehitsfrompreviousrun' - groupBy: - $ref: '#/components/schemas/Alerting_groupby' - index: - description: The indices to query. - oneOf: - - type: array - items: - type: string - - type: string - searchType: - description: >- - The type of query, in this case a query that uses Elasticsearch - Query DSL. + example: h + shortWindow: + description: The duration of the short window used to compute the burn rate + type: object + properties: + value: + description: The duration value + type: number + example: 30 + unit: + description: The duration unit type: string - enum: - - esQuery - default: esQuery - example: esQuery - size: - $ref: '#/components/schemas/Alerting_size' - termField: - $ref: '#/components/schemas/Alerting_termfield' - termSize: - $ref: '#/components/schemas/Alerting_termsize' - threshold: - $ref: '#/components/schemas/Alerting_threshold' - thresholdComparator: - $ref: '#/components/schemas/Alerting_thresholdcomparator' - timeField: - $ref: '#/components/schemas/Alerting_timefield' - timeWindowSize: - $ref: '#/components/schemas/Alerting_timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/Alerting_timewindowunit' - Alerting_params_index_threshold_rule: - type: object - description: The parameters for an index threshold rule. - required: - - index - - threshold - - thresholdComparator - - timeField - - timeWindowSize - - timeWindowUnit + example: m + Alerting_params_property_synthetics_uptime_tls: properties: - aggField: - $ref: '#/components/schemas/Alerting_aggfield' - aggType: - $ref: '#/components/schemas/Alerting_aggtype' - filterKuery: - description: A KQL expression thats limits the scope of alerts. + search: type: string - groupBy: - $ref: '#/components/schemas/Alerting_groupby' - index: - description: The indices to query. - type: array - items: - type: string - termField: - $ref: '#/components/schemas/Alerting_termfield' - termSize: - $ref: '#/components/schemas/Alerting_termsize' - threshold: - $ref: '#/components/schemas/Alerting_threshold' - thresholdComparator: - $ref: '#/components/schemas/Alerting_thresholdcomparator' - timeField: - $ref: '#/components/schemas/Alerting_timefield' - timeWindowSize: - $ref: '#/components/schemas/Alerting_timewindowsize' - timeWindowUnit: - $ref: '#/components/schemas/Alerting_timewindowunit' - Alerting_params_property_infra_inventory: + certExpirationThreshold: + type: number + certAgeThreshold: + type: number + Alerting_params_property_synthetics_monitor_status: + required: + - numTimes + - shouldCheckStatus + - shouldCheckAvailability properties: - criteria: - type: array - items: - type: object - properties: - metric: - type: string - enum: - - count - - cpu - - diskLatency - - load - - memory - - memoryTotal - - tx - - rx - - logRate - - diskIOReadBytes - - diskIOWriteBytes - - s3TotalRequests - - s3NumberOfObjects - - s3BucketSize - - s3DownloadBytes - - s3UploadBytes - - rdsConnections - - rdsQueriesExecuted - - rdsActiveTransactions - - rdsLatency - - sqsMessagesVisible - - sqsMessagesDelayed - - sqsMessagesSent - - sqsMessagesEmpty - - sqsOldestMessage - - custom - timeSize: - type: number - timeUnit: - type: string - enum: - - s - - m - - h - - d - sourceId: - type: string - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - customMetric: - type: object - properties: - type: - type: string - enum: - - custom - field: + availability: + type: object + properties: + range: + type: number + rangeUnit: + type: string + threshold: + type: string + filters: + oneOf: + - type: string + - type: object + deprecated: true + properties: + monitor.type: + type: array + items: type: string - aggregation: + observer.geo.name: + type: array + items: type: string - enum: - - avg - - max - - min - - rate - id: + tags: + type: array + items: type: string - label: + url.port: + type: array + items: type: string - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - filterQuery: + locations: + deprecated: true + type: array + items: + type: string + numTimes: + type: number + search: type: string - filterQueryText: + shouldCheckStatus: + type: boolean + shouldCheckAvailability: + type: boolean + timerangeCount: + type: number + timerangeUnit: type: string - nodeType: + timerange: + deprecated: true + type: object + properties: + from: + type: string + to: + type: string + version: + type: number + isAutoGenerated: + type: boolean + Alerting_create_rule_request: + title: Create rule request body properties + description: The properties vary depending on the rule type. + oneOf: + - $ref: >- + #/components/schemas/Alerting_create_anomaly_detection_alert_rule_request + - $ref: >- + #/components/schemas/Alerting_create_anomaly_detection_jobs_health_rule_request + - $ref: '#/components/schemas/Alerting_create_apm_anomaly_rule_request' + - $ref: '#/components/schemas/Alerting_create_apm_error_count_rule_request' + - $ref: >- + #/components/schemas/Alerting_create_apm_transaction_duration_rule_request + - $ref: >- + #/components/schemas/Alerting_create_apm_transaction_error_rate_rule_request + - $ref: '#/components/schemas/Alerting_create_es_query_rule_request' + - $ref: '#/components/schemas/Alerting_create_geo_containment_rule_request' + - $ref: '#/components/schemas/Alerting_create_index_threshold_rule_request' + - $ref: '#/components/schemas/Alerting_create_infra_inventory_rule_request' + - $ref: >- + #/components/schemas/Alerting_create_infra_metric_anomaly_rule_request + - $ref: >- + #/components/schemas/Alerting_create_infra_metric_threshold_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_jvm_memory_usage_rule_request + - $ref: '#/components/schemas/Alerting_create_log_threshold_rule_request' + - $ref: >- + #/components/schemas/Alerting_create_monitoring_ccr_exceptions_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_cluster_health_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_cpu_usage_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_disk_usage_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_license_expiration_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_kibana_version_mismatch_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_logstash_version_mismatch_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_missing_data_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_nodes_changed_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_shard_size_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_thread_pool_search_rejections_rule_request + - $ref: >- + #/components/schemas/Alerting_create_monitoring_thread_pool_write_rejections_rule_request + - $ref: '#/components/schemas/Alerting_create_siem_eql_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_indicator_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_ml_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_new_terms_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_notifications_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_query_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_saved_query_rule_request' + - $ref: '#/components/schemas/Alerting_create_siem_threshold_rule_request' + - $ref: '#/components/schemas/Alerting_create_slo_burn_rate_rule_request' + - $ref: >- + #/components/schemas/Alerting_create_synthetics_monitor_status_rule_request + - $ref: >- + #/components/schemas/Alerting_create_synthetics_uptime_duration_anomaly_rule_request + - $ref: >- + #/components/schemas/Alerting_create_synthetics_uptime_tls_rule_request + - $ref: >- + #/components/schemas/Alerting_create_synthetics_uptime_tls_certificate_rule_request + - $ref: '#/components/schemas/Alerting_create_transform_health_rule_request' + - $ref: >- + #/components/schemas/Alerting_create_uptime_monitor_status_rule_request + discriminator: + propertyName: rule_type_id + mapping: + xpack.ml.anomaly_detection_alert: >- + #/components/schemas/Alerting_create_anomaly_detection_alert_rule_request + xpack.ml.anomaly_detection_jobs_health: >- + #/components/schemas/Alerting_create_anomaly_detection_jobs_health_rule_request + apm.anomaly: '#/components/schemas/Alerting_create_apm_anomaly_rule_request' + apm.error_rate: '#/components/schemas/Alerting_create_apm_error_count_rule_request' + apm.transaction_duration: >- + #/components/schemas/Alerting_create_apm_transaction_duration_rule_request + apm.transaction_error_rate: >- + #/components/schemas/Alerting_create_apm_transaction_error_rate_rule_request + .es-query: '#/components/schemas/Alerting_create_es_query_rule_request' + .geo-containment: '#/components/schemas/Alerting_create_geo_containment_rule_request' + .index-threshold: '#/components/schemas/Alerting_create_index_threshold_rule_request' + metrics.alert.inventory.threshold: '#/components/schemas/Alerting_create_infra_inventory_rule_request' + metrics.alert.anomaly: >- + #/components/schemas/Alerting_create_infra_metric_anomaly_rule_request + metrics.alert.threshold: >- + #/components/schemas/Alerting_create_infra_metric_threshold_rule_request + monitoring_alert_jvm_memory_usage: >- + #/components/schemas/Alerting_create_monitoring_jvm_memory_usage_rule_request + logs.alert.document.count: '#/components/schemas/Alerting_create_log_threshold_rule_request' + monitoring_ccr_read_exceptions: >- + #/components/schemas/Alerting_create_monitoring_ccr_exceptions_rule_request + monitoring_alert_cluster_health: >- + #/components/schemas/Alerting_create_monitoring_cluster_health_rule_request + monitoring_alert_cpu_usage: >- + #/components/schemas/Alerting_create_monitoring_cpu_usage_rule_request + monitoring_alert_disk_usage: >- + #/components/schemas/Alerting_create_monitoring_disk_usage_rule_request + monitoring_alert_elasticsearch_version_mismatch: >- + #/components/schemas/Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request + monitoring_alert_license_expiration: >- + #/components/schemas/Alerting_create_monitoring_license_expiration_rule_request + monitoring_alert_kibana_version_mismatch: >- + #/components/schemas/Alerting_create_monitoring_kibana_version_mismatch_rule_request + monitoring_alert_logstash_version_mismatch: >- + #/components/schemas/Alerting_create_monitoring_logstash_version_mismatch_rule_request + monitoring_alert_missing_monitoring_data: >- + #/components/schemas/Alerting_create_monitoring_missing_data_rule_request + monitoring_alert_nodes_changed: >- + #/components/schemas/Alerting_create_monitoring_nodes_changed_rule_request + monitoring_shard_size: >- + #/components/schemas/Alerting_create_monitoring_shard_size_rule_request + monitoring_alert_thread_pool_search_rejections: >- + #/components/schemas/Alerting_create_monitoring_thread_pool_search_rejections_rule_request + monitoring_alert_thread_pool_write_rejections: >- + #/components/schemas/Alerting_create_monitoring_thread_pool_write_rejections_rule_request + siem.eqlRule: '#/components/schemas/Alerting_create_siem_eql_rule_request' + siem.indicatorRule: '#/components/schemas/Alerting_create_siem_indicator_rule_request' + siem.mlRule: '#/components/schemas/Alerting_create_siem_ml_rule_request' + siem.newTermsRule: '#/components/schemas/Alerting_create_siem_new_terms_rule_request' + siem.notifications: '#/components/schemas/Alerting_create_siem_notifications_rule_request' + siem.queryRule: '#/components/schemas/Alerting_create_siem_query_rule_request' + siem.savedQueryRule: '#/components/schemas/Alerting_create_siem_saved_query_rule_request' + siem.thresholdRule: '#/components/schemas/Alerting_create_siem_threshold_rule_request' + slo.rules.burnRate: '#/components/schemas/Alerting_create_slo_burn_rate_rule_request' + xpack.synthetics.alerts.monitorStatus: >- + #/components/schemas/Alerting_create_synthetics_monitor_status_rule_request + xpack.uptime.alerts.durationAnomaly: >- + #/components/schemas/Alerting_create_synthetics_uptime_duration_anomaly_rule_request + xpack.uptime.alerts.tls: >- + #/components/schemas/Alerting_create_synthetics_uptime_tls_rule_request + xpack.uptime.alerts.tlsCertificate: >- + #/components/schemas/Alerting_create_synthetics_uptime_tls_certificate_rule_request + transform_health: '#/components/schemas/Alerting_create_transform_health_rule_request' + xpack.uptime.alerts.monitorStatus: >- + #/components/schemas/Alerting_create_uptime_monitor_status_rule_request + Alerting_rule_response_properties: + title: Rule response properties + type: object + required: + - actions + - api_key_owner + - consumer + - created_at + - created_by + - enabled + - execution_status + - id + - mute_all + - muted_alert_ids + - name + - params + - rule_type_id + - schedule + - tags + - throttle + - updated_at + - updated_by + properties: + actions: + $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' + api_key_created_by_user: + type: boolean + description: >- + Indicates whether the API key that is associated with the rule was + created by the user. + example: false + api_key_owner: type: string - enum: - - host - - pod - - container - - awsEC2 - - awsS3 - - awsSQS - - awsRDS - sourceId: + description: > + The owner of the API key that is associated with the rule and used + to run background tasks. + nullable: true + example: elastic + consumer: type: string - alertOnNoData: - type: boolean - Alerting_params_property_infra_metric_threshold: - properties: - criteria: - type: array - items: - oneOf: - - title: non count criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - timeSize: - type: number - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - metric: - type: string - aggType: - type: string - enum: - - avg - - max - - min - - cardinality - - rate - - count - - sum - - p95 - - p99 - - custom - - title: count criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - timeSize: - type: number - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - aggType: - type: string - enum: - - count - - title: custom criterion - type: object - properties: - threshold: - type: array - items: - type: number - comparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - timeUnit: - type: string - timeSize: - type: number - warningThreshold: - type: array - items: - type: number - warningComparator: - type: string - enum: - - < - - <= - - '>' - - '>=' - - between - - outside - aggType: - type: string - enum: - - custom - customMetric: - type: array - items: - oneOf: - - type: object - properties: - name: - type: string - aggType: - type: string - enum: - - avg - - sum - - max - - min - - cardinality - field: - type: string - - type: object - properties: - name: - type: string - aggType: - type: string - enum: - - count - filter: - type: string - equation: - type: string - label: - type: string - groupBy: - oneOf: - - type: string - - type: array - items: - type: string - filterQuery: + description: >- + The application or feature that owns the rule. For example, + `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, + `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or + `uptime`. + example: alerts + created_at: type: string - sourceId: + description: The date and time that the rule was created. + format: date-time + example: '2022-12-05T23:36:58.284Z' + created_by: type: string - alertOnNoData: - type: boolean - alertOnGroupDisappear: + description: The identifier for the user that created the rule. + nullable: true + example: elastic + enabled: type: boolean - Alerting_params_property_log_threshold: - oneOf: - - title: Count + description: Indicates whether the rule is currently enabled. + example: true + execution_status: type: object - required: - - count - - timeSize - - timeUnit - - logView properties: - criteria: - type: array - items: - type: object - properties: - field: - type: string - example: my.field - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - oneOf: - - type: number - example: 42 - - type: string - example: value - count: - type: object - properties: - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - type: number - example: 100 - timeSize: - type: number - example: 6 - timeUnit: + last_duration: + type: integer + example: 55 + last_execution_date: type: string - enum: - - s - - m - - h - - d - logView: - type: object - properties: - logViewId: - type: string - type: - type: string - enum: - - log-view-reference - example: log-view-reference - groupBy: - type: array - items: - type: string - - title: Ratio + format: date-time + example: '2022-12-06T00:13:43.890Z' + status: + type: string + example: ok + id: + type: string + description: The identifier for the rule. + example: b530fed0-74f5-11ed-9801-35303b735aef + last_run: type: object - required: - - count - - timeSize - - timeUnit - - logView properties: - criteria: - type: array - items: - minItems: 2 - maxItems: 2 - type: array - items: - type: object - properties: - field: - type: string - example: my.field - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - oneOf: - - type: number - example: 42 - - type: string - example: value - count: + alerts_count: type: object properties: - comparator: - type: string - enum: - - more than - - more than or equals - - less than - - less than or equals - - equals - - does not equal - - matches - - does not match - - matches phrase - - does not match phrase - value: - type: number - example: 100 - timeSize: - type: number - example: 6 - timeUnit: + active: + type: integer + ignored: + type: integer + new: + type: integer + recovered: + type: integer + outcome: type: string - enum: - - s - - m - - h - - d - logView: - type: object - properties: - logViewId: - type: string - type: - type: string - enum: - - log-view-reference - example: log-view-reference - groupBy: + example: succeeded + outcome_msg: type: array items: type: string - Alerting_params_property_slo_burn_rate: - properties: - sloId: - description: The SLO identifier used by the rule - type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - burnRateThreshold: - description: The burn rate threshold used to trigger the alert - type: number - example: 14.4 - maxBurnRateThreshold: - description: >- - The maximum burn rate threshold value defined by the SLO error - budget - type: number - example: 168 - longWindow: - description: The duration of the long window used to compute the burn rate - type: object - properties: - value: - description: The duration value - type: number - example: 6 - unit: - description: The duration unit + nullable: true + outcome_order: + type: integer + warning: type: string - example: h - shortWindow: - description: The duration of the short window used to compute the burn rate + nullable: true + example: null + muted_alert_ids: + type: array + nullable: true + items: + type: string + mute_all: + type: boolean + example: false + name: + type: string + description: The name of the rule. + example: cluster_health_rule + next_run: + type: string + format: date-time + nullable: true + example: '2022-12-06T00:14:43.818Z' + notify_when: + type: string + description: Indicates how often alerts generate actions. + nullable: true + params: type: object - properties: - value: - description: The duration value - type: number - example: 30 - unit: - description: The duration unit - type: string - example: m - Alerting_params_property_synthetics_uptime_tls: + description: The parameters for the rule. + additionalProperties: true + revision: + type: integer + description: The rule revision number. + rule_type_id: + type: string + description: > + The identifier for the type of rule. For example, `.es-query`, + `.index-threshold`, `logs.alert.document.count`, + `monitoring_alert_cluster_health`, `siem.thresholdRule`, or + `xpack.ml.anomaly_detection_alert`. + example: monitoring_alert_cluster_health + running: + type: boolean + description: Indicates whether the rule is running. + schedule: + $ref: '#/components/schemas/Alerting_schedule' + scheduled_task_id: + type: string + example: b530fed0-74f5-11ed-9801-35303b735aef + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + updated_at: + type: string + description: The date and time that the rule was updated most recently. + example: '2022-12-05T23:36:58.284Z' + updated_by: + type: string + description: The identifier for the user that updated this rule most recently. + nullable: true + example: elastic + Alerting_401_response: + type: object + title: Unsuccessful rule API response properties: - search: + error: type: string - certExpirationThreshold: - type: number - certAgeThreshold: - type: number - Alerting_params_property_synthetics_monitor_status: + example: Unauthorized + enum: + - Unauthorized + message: + type: string + statusCode: + type: integer + example: 401 + enum: + - 401 + Alerting_404_response: + type: object + properties: + error: + type: string + example: Not Found + enum: + - Not Found + message: + type: string + example: Saved object [alert/caaad6d0-920c-11ed-b36a-874bd1548a00] not found + statusCode: + type: integer + example: 404 + enum: + - 404 + Alerting_update_rule_request: + title: Update rule request + description: > + The update rule API request body varies depending on the type of rule + and actions. + type: object required: - - numTimes - - shouldCheckStatus - - shouldCheckAvailability + - name + - params + - schedule properties: - availability: - type: object - properties: - range: - type: number - rangeUnit: - type: string - threshold: - type: string - filters: - oneOf: - - type: string - - type: object - deprecated: true - properties: - monitor.type: - type: array - items: - type: string - observer.geo.name: - type: array - items: - type: string - tags: - type: array - items: - type: string - url.port: - type: array - items: - type: string - locations: - deprecated: true - type: array - items: - type: string - numTimes: - type: number - search: + actions: + $ref: '#/components/schemas/Alerting_actions' + alert_delay: + $ref: '#/components/schemas/Alerting_alert_delay' + name: type: string - shouldCheckStatus: + description: The name of the rule. + example: cluster_health_rule + notify_when: + $ref: '#/components/schemas/Alerting_notify_when' + params: + type: object + description: The parameters for the rule. + additionalProperties: true + schedule: + $ref: '#/components/schemas/Alerting_schedule' + tags: + $ref: '#/components/schemas/Alerting_tags' + throttle: + $ref: '#/components/schemas/Alerting_throttle' + Alerting_fieldmap_properties: + title: Field map objects in the get rule types response + type: object + properties: + array: type: boolean - shouldCheckAvailability: + description: Indicates whether the field is an array. + dynamic: type: boolean - timerangeCount: - type: number - timerangeUnit: + description: Indicates whether it is a dynamic field mapping. + format: type: string - timerange: - deprecated: true - type: object - properties: - from: - type: string - to: - type: string - version: - type: number - isAutoGenerated: + description: > + Indicates the format of the field. For example, if the `type` is + `date_range`, the `format` can be + `epoch_millis||strict_date_optional_time`. + ignore_above: + type: integer + description: >- + Specifies the maximum length of a string field. Longer strings are + not indexed or stored. + index: type: boolean - Alerting_create_rule_request: - title: Create rule request body properties - description: The properties vary depending on the rule type. - oneOf: - - $ref: >- - #/components/schemas/Alerting_create_anomaly_detection_alert_rule_request - - $ref: >- - #/components/schemas/Alerting_create_anomaly_detection_jobs_health_rule_request - - $ref: '#/components/schemas/Alerting_create_apm_anomaly_rule_request' - - $ref: '#/components/schemas/Alerting_create_apm_error_count_rule_request' - - $ref: >- - #/components/schemas/Alerting_create_apm_transaction_duration_rule_request - - $ref: >- - #/components/schemas/Alerting_create_apm_transaction_error_rate_rule_request - - $ref: '#/components/schemas/Alerting_create_es_query_rule_request' - - $ref: '#/components/schemas/Alerting_create_geo_containment_rule_request' - - $ref: '#/components/schemas/Alerting_create_index_threshold_rule_request' - - $ref: '#/components/schemas/Alerting_create_infra_inventory_rule_request' - - $ref: >- - #/components/schemas/Alerting_create_infra_metric_anomaly_rule_request - - $ref: >- - #/components/schemas/Alerting_create_infra_metric_threshold_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_jvm_memory_usage_rule_request - - $ref: '#/components/schemas/Alerting_create_log_threshold_rule_request' - - $ref: >- - #/components/schemas/Alerting_create_monitoring_ccr_exceptions_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_cluster_health_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_cpu_usage_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_disk_usage_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_license_expiration_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_kibana_version_mismatch_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_logstash_version_mismatch_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_missing_data_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_nodes_changed_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_shard_size_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_thread_pool_search_rejections_rule_request - - $ref: >- - #/components/schemas/Alerting_create_monitoring_thread_pool_write_rejections_rule_request - - $ref: '#/components/schemas/Alerting_create_siem_eql_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_indicator_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_ml_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_new_terms_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_notifications_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_query_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_saved_query_rule_request' - - $ref: '#/components/schemas/Alerting_create_siem_threshold_rule_request' - - $ref: '#/components/schemas/Alerting_create_slo_burn_rate_rule_request' - - $ref: >- - #/components/schemas/Alerting_create_synthetics_monitor_status_rule_request - - $ref: >- - #/components/schemas/Alerting_create_synthetics_uptime_duration_anomaly_rule_request - - $ref: >- - #/components/schemas/Alerting_create_synthetics_uptime_tls_rule_request - - $ref: >- - #/components/schemas/Alerting_create_synthetics_uptime_tls_certificate_rule_request - - $ref: '#/components/schemas/Alerting_create_transform_health_rule_request' - - $ref: >- - #/components/schemas/Alerting_create_uptime_monitor_status_rule_request - discriminator: - propertyName: rule_type_id - mapping: - xpack.ml.anomaly_detection_alert: >- - #/components/schemas/Alerting_create_anomaly_detection_alert_rule_request - xpack.ml.anomaly_detection_jobs_health: >- - #/components/schemas/Alerting_create_anomaly_detection_jobs_health_rule_request - apm.anomaly: '#/components/schemas/Alerting_create_apm_anomaly_rule_request' - apm.error_rate: '#/components/schemas/Alerting_create_apm_error_count_rule_request' - apm.transaction_duration: >- - #/components/schemas/Alerting_create_apm_transaction_duration_rule_request - apm.transaction_error_rate: >- - #/components/schemas/Alerting_create_apm_transaction_error_rate_rule_request - .es-query: '#/components/schemas/Alerting_create_es_query_rule_request' - .geo-containment: '#/components/schemas/Alerting_create_geo_containment_rule_request' - .index-threshold: '#/components/schemas/Alerting_create_index_threshold_rule_request' - metrics.alert.inventory.threshold: '#/components/schemas/Alerting_create_infra_inventory_rule_request' - metrics.alert.anomaly: >- - #/components/schemas/Alerting_create_infra_metric_anomaly_rule_request - metrics.alert.threshold: >- - #/components/schemas/Alerting_create_infra_metric_threshold_rule_request - monitoring_alert_jvm_memory_usage: >- - #/components/schemas/Alerting_create_monitoring_jvm_memory_usage_rule_request - logs.alert.document.count: '#/components/schemas/Alerting_create_log_threshold_rule_request' - monitoring_ccr_read_exceptions: >- - #/components/schemas/Alerting_create_monitoring_ccr_exceptions_rule_request - monitoring_alert_cluster_health: >- - #/components/schemas/Alerting_create_monitoring_cluster_health_rule_request - monitoring_alert_cpu_usage: >- - #/components/schemas/Alerting_create_monitoring_cpu_usage_rule_request - monitoring_alert_disk_usage: >- - #/components/schemas/Alerting_create_monitoring_disk_usage_rule_request - monitoring_alert_elasticsearch_version_mismatch: >- - #/components/schemas/Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request - monitoring_alert_license_expiration: >- - #/components/schemas/Alerting_create_monitoring_license_expiration_rule_request - monitoring_alert_kibana_version_mismatch: >- - #/components/schemas/Alerting_create_monitoring_kibana_version_mismatch_rule_request - monitoring_alert_logstash_version_mismatch: >- - #/components/schemas/Alerting_create_monitoring_logstash_version_mismatch_rule_request - monitoring_alert_missing_monitoring_data: >- - #/components/schemas/Alerting_create_monitoring_missing_data_rule_request - monitoring_alert_nodes_changed: >- - #/components/schemas/Alerting_create_monitoring_nodes_changed_rule_request - monitoring_shard_size: >- - #/components/schemas/Alerting_create_monitoring_shard_size_rule_request - monitoring_alert_thread_pool_search_rejections: >- - #/components/schemas/Alerting_create_monitoring_thread_pool_search_rejections_rule_request - monitoring_alert_thread_pool_write_rejections: >- - #/components/schemas/Alerting_create_monitoring_thread_pool_write_rejections_rule_request - siem.eqlRule: '#/components/schemas/Alerting_create_siem_eql_rule_request' - siem.indicatorRule: '#/components/schemas/Alerting_create_siem_indicator_rule_request' - siem.mlRule: '#/components/schemas/Alerting_create_siem_ml_rule_request' - siem.newTermsRule: '#/components/schemas/Alerting_create_siem_new_terms_rule_request' - siem.notifications: '#/components/schemas/Alerting_create_siem_notifications_rule_request' - siem.queryRule: '#/components/schemas/Alerting_create_siem_query_rule_request' - siem.savedQueryRule: '#/components/schemas/Alerting_create_siem_saved_query_rule_request' - siem.thresholdRule: '#/components/schemas/Alerting_create_siem_threshold_rule_request' - slo.rules.burnRate: '#/components/schemas/Alerting_create_slo_burn_rate_rule_request' - xpack.synthetics.alerts.monitorStatus: >- - #/components/schemas/Alerting_create_synthetics_monitor_status_rule_request - xpack.uptime.alerts.durationAnomaly: >- - #/components/schemas/Alerting_create_synthetics_uptime_duration_anomaly_rule_request - xpack.uptime.alerts.tls: >- - #/components/schemas/Alerting_create_synthetics_uptime_tls_rule_request - xpack.uptime.alerts.tlsCertificate: >- - #/components/schemas/Alerting_create_synthetics_uptime_tls_certificate_rule_request - transform_health: '#/components/schemas/Alerting_create_transform_health_rule_request' - xpack.uptime.alerts.monitorStatus: >- - #/components/schemas/Alerting_create_uptime_monitor_status_rule_request - Alerting_rule_response_properties: - title: Rule response properties + description: Indicates whether field values are indexed. + path: + type: string + description: TBD + properties: + type: object + description: > + Details about the object properties. This property is applicable + when `type` is `object`. + additionalProperties: + type: object + properties: + type: + type: string + description: The data type for each object property. + required: + type: boolean + description: Indicates whether the field is required. + scaling_factor: + type: integer + description: > + The scaling factor to use when encoding values. This property is + applicable when `type` is `scaled_float`. Values will be multiplied + by this factor at index time and rounded to the closest long value. + type: + type: string + description: Specifies the data type for the field. + example: scaled_float + Alerting_400_response: + title: Bad request type: object required: - - actions - - api_key_owner - - consumer - - created_at - - created_by - - enabled - - execution_status - - id - - mute_all - - muted_alert_ids - - name - - params - - rule_type_id - - schedule - - tags - - throttle - - updated_at - - updated_by + - error + - message + - statusCode + properties: + error: + type: string + enum: + - Bad Request + message: + type: string + statusCode: + type: integer + enum: + - 400 + Alerting_alert_response_properties: + title: Legacy alert response properties + type: object properties: actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - api_key_created_by_user: - type: boolean - description: >- - Indicates whether the API key that is associated with the rule was - created by the user. - example: false - api_key_owner: + type: array + items: + type: object + alertTypeId: + type: string + example: .index-threshold + apiKeyOwner: type: string - description: > - The owner of the API key that is associated with the rule and used - to run background tasks. nullable: true example: elastic - consumer: - type: string - description: >- - The application or feature that owns the rule. For example, - `alerts`, `apm`, `discover`, `infrastructure`, `logs`, `metrics`, - `ml`, `monitoring`, `securitySolution`, `siem`, `stackAlerts`, or - `uptime`. - example: alerts - created_at: + createdAt: type: string - description: The date and time that the rule was created. + description: The date and time that the alert was created. format: date-time example: '2022-12-05T23:36:58.284Z' - created_by: + createdBy: type: string - description: The identifier for the user that created the rule. - nullable: true + description: The identifier for the user that created the alert. example: elastic enabled: type: boolean - description: Indicates whether the rule is currently enabled. + description: Indicates whether the alert is currently enabled. example: true - execution_status: + executionStatus: type: object properties: - last_duration: - type: integer - example: 55 - last_execution_date: + lastExecutionDate: type: string format: date-time example: '2022-12-06T00:13:43.890Z' status: type: string - example: ok + example: ok + id: + type: string + description: The identifier for the alert. + example: b530fed0-74f5-11ed-9801-35303b735aef + muteAll: + type: boolean + example: false + mutedInstanceIds: + type: array + nullable: true + items: + type: string + name: + type: string + description: The name of the alert. + example: my alert + notifyWhen: + type: string + example: onActionGroupChange + params: + type: object + additionalProperties: true + schedule: + type: object + properties: + interval: + type: string + scheduledTaskId: + type: string + example: b530fed0-74f5-11ed-9801-35303b735aef + tags: + type: array + items: + type: string + throttle: + type: string + nullable: true + updatedAt: + type: string + example: '2022-12-05T23:36:58.284Z' + updatedBy: + type: string + description: The identifier for the user that updated this alert most recently. + nullable: true + example: elastic + Cases_assignees: + type: array + description: An array containing users that are assigned to the case. + maxItems: 10 + nullable: true + items: + type: object + required: + - uid + properties: + uid: + type: string + description: >- + A unique identifier for the user profile. These identifiers can be + found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + Cases_connector_properties_none: + title: Create or update case request properties for no connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case without + a connector, specify null. To update a case to remove the connector, + specify null. + nullable: true + type: string + example: null + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. To update a case to remove the connector, + specify `none`. + type: string + example: none + name: + description: >- + The name of the connector. To create a case without a connector, use + `none`. To update a case to remove the connector, specify `none`. + type: string + example: none + type: + description: >- + The type of connector. To create a case without a connector, use + `.none`. To update a case to remove the connector, specify `.none`. + type: string + example: .none + enum: + - .none + Cases_connector_properties_cases_webhook: + title: Create or upate case request properties for Cases Webhook connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + type: string + nullable: true + example: null + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .cases-webhook + enum: + - .cases-webhook + Cases_connector_properties_jira: + title: Create or update case request properties for a Jira connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - issueType + - parent + - priority + properties: + issueType: + description: The type of issue. + type: string + nullable: true + parent: + description: The key of the parent issue, when the issue type is sub-task. + type: string + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string - description: The identifier for the rule. - example: b530fed0-74f5-11ed-9801-35303b735aef - last_run: + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + type: string + example: .jira + enum: + - .jira + Cases_connector_properties_resilient: + title: Create case request properties for a IBM Resilient connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. type: object + nullable: true + required: + - issueTypes + - severityCode properties: - alerts_count: - type: object - properties: - active: - type: integer - ignored: - type: integer - new: - type: integer - recovered: - type: integer - outcome: - type: string - example: succeeded - outcome_msg: + issueTypes: + description: The type of incident. type: array items: type: string - nullable: true - outcome_order: - type: integer - warning: + severityCode: + description: The severity code of the incident. type: string - nullable: true - example: null - muted_alert_ids: - type: array - nullable: true - items: - type: string - mute_all: - type: boolean - example: false - name: + id: + description: The identifier for the connector. type: string - description: The name of the rule. - example: cluster_health_rule - next_run: + name: + description: The name of the connector. type: string - format: date-time - nullable: true - example: '2022-12-06T00:14:43.818Z' - notify_when: + type: + description: The type of connector. type: string - description: Indicates how often alerts generate actions. - nullable: true - params: + example: .resilient + enum: + - .resilient + Cases_connector_properties_servicenow: + title: Create case request properties for a ServiceNow ITSM connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. type: object - description: The parameters for the rule. - additionalProperties: true - revision: - type: integer - description: The rule revision number. - rule_type_id: - type: string - description: > - The identifier for the type of rule. For example, `.es-query`, - `.index-threshold`, `logs.alert.document.count`, - `monitoring_alert_cluster_health`, `siem.thresholdRule`, or - `xpack.ml.anomaly_detection_alert`. - example: monitoring_alert_cluster_health - running: - type: boolean - description: Indicates whether the rule is running. - schedule: - $ref: '#/components/schemas/Alerting_schedule' - scheduled_task_id: + required: + - category + - impact + - severity + - subcategory + - urgency + properties: + category: + description: The category of the incident. + type: string + nullable: true + impact: + description: The effect an incident had on business. + type: string + nullable: true + severity: + description: The severity of the incident. + type: string + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + urgency: + description: The extent to which the incident resolution can be delayed. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string - example: b530fed0-74f5-11ed-9801-35303b735aef - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - updated_at: + name: + description: The name of the connector. type: string - description: The date and time that the rule was updated most recently. - example: '2022-12-05T23:36:58.284Z' - updated_by: + type: + description: The type of connector. type: string - description: The identifier for the user that updated this rule most recently. - nullable: true - example: elastic - Alerting_401_response: + example: .servicenow + enum: + - .servicenow + Cases_connector_properties_servicenow_sir: + title: Create case request properties for a ServiceNow SecOps connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.servicenow-sir`. type: object - title: Unsuccessful rule API response properties: - error: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + properties: + category: + description: The category of the incident. + type: string + nullable: true + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs. + type: boolean + nullable: true + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes. + type: boolean + nullable: true + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs. + type: boolean + nullable: true + priority: + description: The priority of the issue. + type: string + nullable: true + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs. + type: boolean + nullable: true + subcategory: + description: The subcategory of the incident. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string - example: Unauthorized - enum: - - Unauthorized - message: + name: + description: The name of the connector. type: string - statusCode: - type: integer - example: 401 + type: + description: The type of connector. + type: string + example: .servicenow-sir enum: - - 401 - Alerting_404_response: + - .servicenow-sir + Cases_connector_properties_swimlane: + title: Create case request properties for a Swimlane connector + required: + - fields + - id + - name + - type + description: Defines properties for connectors when type is `.swimlane`. type: object properties: - error: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + required: + - caseId + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + nullable: true + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. type: string - example: Not Found - enum: - - Not Found - message: + name: + description: The name of the connector. type: string - example: Saved object [alert/caaad6d0-920c-11ed-b36a-874bd1548a00] not found - statusCode: - type: integer - example: 404 + type: + description: The type of connector. + type: string + example: .swimlane enum: - - 404 - Alerting_update_rule_request: - title: Update rule request + - .swimlane + Cases_case_description: + description: The description for the case. + type: string + maxLength: 30000 + Cases_owners: + type: string description: > - The update rule API request body varies depending on the type of rule - and actions. + The application that owns the cases: Stack Management, Observability, or + Elastic Security. + enum: + - cases + - observability + - securitySolution + example: cases + Cases_settings: type: object + description: An object that contains the case settings. required: - - name - - params - - schedule + - syncAlerts properties: - actions: - $ref: '#/components/schemas/Alerting_actions' - alert_delay: - $ref: '#/components/schemas/Alerting_alert_delay' - name: - type: string - description: The name of the rule. - example: cluster_health_rule - notify_when: - $ref: '#/components/schemas/Alerting_notify_when' - params: - type: object - description: The parameters for the rule. - additionalProperties: true - schedule: - $ref: '#/components/schemas/Alerting_schedule' - tags: - $ref: '#/components/schemas/Alerting_tags' - throttle: - $ref: '#/components/schemas/Alerting_throttle' - Alerting_fieldmap_properties: - title: Field map objects in the get rule types response + syncAlerts: + description: Turns alert syncing on or off. + type: boolean + example: true + Cases_case_severity: + type: string + description: The severity of the case. + enum: + - critical + - high + - low + - medium + default: low + Cases_case_tags: + description: > + The words and phrases that help categorize cases. It can be an empty + array. + type: array + maxItems: 200 + items: + type: string + maxLength: 256 + Cases_case_category: + description: A word or phrase that categorizes the case. + type: string + maxLength: 50 + Cases_case_title: + description: A title for the case. + type: string + maxLength: 160 + Cases_create_case_request: + title: Create case request + description: >- + The create case API request body varies depending on the type of + connector. type: object + required: + - connector + - description + - owner + - settings + - tags + - title properties: - array: - type: boolean - description: Indicates whether the field is an array. - dynamic: - type: boolean - description: Indicates whether it is a dynamic field mapping. - format: - type: string - description: > - Indicates the format of the field. For example, if the `type` is - `date_range`, the `format` can be - `epoch_millis||strict_date_optional_time`. - ignore_above: - type: integer - description: >- - Specifies the maximum length of a string field. Longer strings are - not indexed or stored. - index: - type: boolean - description: Indicates whether field values are indexed. - path: - type: string - description: TBD - properties: - type: object + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + description: + $ref: '#/components/schemas/Cases_case_description' + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + category: + $ref: '#/components/schemas/Cases_case_category' + title: + $ref: '#/components/schemas/Cases_case_title' + customFields: + type: array description: > - Details about the object properties. This property is applicable - when `type` is `object`. - additionalProperties: + Custom field values for a case. Any optional custom fields that are + not specified in the request are set to null. + minItems: 0 + maxItems: 10 + items: type: object + required: + - key + - type + - value properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. type: string - description: The data type for each object property. - required: - type: boolean - description: Indicates whether the field is required. - scaling_factor: - type: integer - description: > - The scaling factor to use when encoding values. This property is - applicable when `type` is `scaled_float`. Values will be multiplied - by this factor at index time and rounded to the closest long value. - type: - type: string - description: Specifies the data type for the field. - example: scaled_float - Alerting_400_response: - title: Bad request + enum: + - text + - toggle + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - type: string + minLength: 1 + maxLength: 160 + nullable: true + - type: boolean + Cases_case_response_closed_by_properties: + title: Case response properties for closed_by type: object - required: - - error - - message - - statusCode + nullable: true properties: - error: + email: type: string - enum: - - Bad Request - message: + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: type: string - statusCode: - type: integer - enum: - - 400 - Alerting_alert_response_properties: - title: Legacy alert response properties + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username + Cases_alert_comment_response_properties: + title: Add case comment response properties for alerts type: object + required: + - type properties: - actions: + alertId: type: array items: - type: object - alertTypeId: - type: string - example: .index-threshold - apiKeyOwner: - type: string - nullable: true - example: elastic - createdAt: + type: string + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + created_at: type: string - description: The date and time that the alert was created. format: date-time - example: '2022-12-05T23:36:58.284Z' - createdBy: - type: string - description: The identifier for the user that created the alert. - example: elastic - enabled: - type: boolean - description: Indicates whether the alert is currently enabled. - example: true - executionStatus: + example: '2023-11-06T19:29:38.424Z' + created_by: type: object + required: + - email + - full_name + - username properties: - lastExecutionDate: + email: type: string - format: date-time - example: '2022-12-06T00:13:43.890Z' - status: + example: null + nullable: true + full_name: type: string - example: ok + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 id: type: string - description: The identifier for the alert. - example: b530fed0-74f5-11ed-9801-35303b735aef - muteAll: - type: boolean - example: false - mutedInstanceIds: + example: 73362370-ab1a-11ec-985f-97e55adae8b9 + index: type: array - nullable: true items: type: string - name: - type: string - description: The name of the alert. - example: my alert - notifyWhen: + example: .internal.alerts-security.alerts-default-000001 + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: type: string - example: onActionGroupChange - params: + format: date-time + example: null + nullable: true + pushed_by: type: object - additionalProperties: true - schedule: + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + rule: type: object properties: - interval: + id: + description: The rule identifier. type: string - scheduledTaskId: + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule + type: type: string - example: b530fed0-74f5-11ed-9801-35303b735aef - tags: - type: array - items: - type: string - throttle: + example: alert + enum: + - alert + updated_at: type: string + format: date-time nullable: true - updatedAt: + updated_by: + type: object + nullable: true + required: + - email + - full_name + - username + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + version: type: string - example: '2022-12-05T23:36:58.284Z' - updatedBy: + example: WzMwNDgsMV0= + Cases_user_comment_response_properties: + title: Case response properties for user comments + type: object + required: + - type + properties: + comment: type: string - description: The identifier for the user that updated this alert most recently. + example: A new comment. + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + type: string + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + type: string + format: date-time + nullable: true + example: null + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' + type: + type: string + example: user + enum: + - user + updated_at: + type: string + format: date-time + nullable: true + example: null + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + type: string + example: WzIwNDMxLDFd + Cases_case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null nullable: true + username: + type: string example: elastic - Cases_assignees: - type: array - description: An array containing users that are assigned to the case. - maxItems: 10 - nullable: true - items: - type: object - required: - - uid - properties: - uid: - type: string - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - Cases_connector_properties_none: - title: Create or update case request properties for no connector + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.none`. + - email + - full_name + - username + Cases_case_response_pushed_by_properties: + title: Case response properties for pushed_by type: object + nullable: true properties: - fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. - nullable: true + email: type: string example: null - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. + nullable: true + full_name: type: string - example: none - name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. + example: null + nullable: true + username: type: string - example: none - type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. + example: elastic + nullable: true + profile_uid: type: string - example: .none - enum: - - .none - Cases_connector_properties_cases_webhook: - title: Create or upate case request properties for Cases Webhook connector + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.cases-webhook`. + - email + - full_name + - username + Cases_case_response_updated_by_properties: + title: Case response properties for updated_by type: object + nullable: true properties: - fields: + email: type: string - nullable: true example: null - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + nullable: true + full_name: type: string - name: - description: The name of the connector. + example: null + nullable: true + username: type: string - type: - description: The type of connector. + example: elastic + nullable: true + profile_uid: type: string - example: .cases-webhook - enum: - - .cases-webhook - Cases_connector_properties_jira: - title: Create or update case request properties for a Jira connector + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.jira`. + - email + - full_name + - username + Cases_external_service: type: object + nullable: true properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + type: string + format: date-time + pushed_by: type: object - required: - - issueType - - parent - - priority properties: - issueType: - description: The type of issue. + email: type: string + example: null nullable: true - parent: - description: The key of the parent issue, when the issue type is sub-task. + full_name: type: string + example: null nullable: true - priority: - description: The priority of the issue. + username: type: string + example: elastic nullable: true - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .jira - enum: - - .jira - Cases_connector_properties_resilient: - title: Create case request properties for a IBM Resilient connector + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + nullable: true + Cases_case_status: + type: string + description: The status of the case. + enum: + - closed + - in-progress + - open + Cases_case_response_properties: + title: Case response properties + type: object required: - - fields + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service - id - - name - - type - description: Defines properties for connectors when type is `.resilient`. - type: object + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + type: string + description: The case category. + nullable: true + closed_at: + type: string + format: date-time + nullable: true + closed_by: + $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + comments: + title: Case response properties for comments + description: An array of comment objects for the case. + type: array + maxItems: 10000 + items: + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + discriminator: + propertyName: type + mapping: + alert: '#/components/schemas/Cases_alert_comment_response_properties' + user: '#/components/schemas/Cases_user_comment_response_properties' + connector: + title: Case response properties for connectors + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + discriminator: + propertyName: type + mapping: + .none: '#/components/schemas/Cases_connector_properties_none' + .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' + .jira: '#/components/schemas/Cases_connector_properties_jira' + .resilient: '#/components/schemas/Cases_connector_properties_resilient' + .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' + .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' + .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + created_at: + type: string + format: date-time + example: '2022-05-13T09:16:17.416Z' + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + customFields: + type: array + description: Custom field values for the case. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + type: string + enum: + - text + - toggle + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - type: string + minLength: 1 + maxLength: 160 + nullable: true + - type: boolean + description: + type: string + example: A case description. + duration: + type: integer + description: > + The elapsed time from the creation of the case to its closure (in + seconds). If the case has not been closed, the duration is set to + null. If the case was closed after less than half a second, the + duration is rounded down to zero. nullable: true - required: - - issueTypes - - severityCode - properties: - issueTypes: - description: The type of incident. - type: array - items: - type: string - severityCode: - description: The severity code of the incident. - type: string + example: 120 + external_service: + $ref: '#/components/schemas/Cases_external_service' id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. type: string - example: .resilient - enum: - - .resilient - Cases_connector_properties_servicenow: - title: Create case request properties for a ServiceNow ITSM connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.servicenow`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - required: - - category - - impact - - severity - - subcategory - - urgency - properties: - category: - description: The category of the incident. - type: string - nullable: true - impact: - description: The effect an incident had on business. - type: string - nullable: true - severity: - description: The severity of the incident. - type: string - nullable: true - subcategory: - description: The subcategory of the incident. - type: string - nullable: true - urgency: - description: The extent to which the incident resolution can be delayed. - type: string - nullable: true - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + type: array + items: + type: string + example: + - tag-1 + title: type: string - name: - description: The name of the connector. + example: Case title 1 + totalAlerts: + type: integer + example: 0 + totalComment: + type: integer + example: 0 + updated_at: type: string - type: - description: The type of connector. + format: date-time + nullable: true + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: type: string - example: .servicenow - enum: - - .servicenow - Cases_connector_properties_servicenow_sir: - title: Create case request properties for a ServiceNow SecOps connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.servicenow-sir`. + example: WzUzMiwxXQ== + Cases_4xx_response: type: object + title: Unsuccessful cases API response properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - properties: - category: - description: The category of the incident. - type: string - nullable: true - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. - type: boolean - nullable: true - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. - type: boolean - nullable: true - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. - type: boolean - nullable: true - priority: - description: The priority of the issue. - type: string - nullable: true - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. - type: boolean - nullable: true - subcategory: - description: The subcategory of the incident. - type: string - nullable: true - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. + error: type: string - type: - description: The type of connector. + example: Unauthorized + message: type: string - example: .servicenow-sir - enum: - - .servicenow-sir - Cases_connector_properties_swimlane: - title: Create case request properties for a Swimlane connector - required: - - fields - - id - - name - - type - description: Defines properties for connectors when type is `.swimlane`. + statusCode: + type: integer + example: 401 + Cases_update_case_request: + title: Update case request + description: >- + The update case API request body varies depending on the type of + connector. type: object + required: + - cases properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - type: object - required: - - caseId - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - nullable: true - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - type: string - example: .swimlane - enum: - - .swimlane - Cases_case_description: - description: The description for the case. + cases: + type: array + description: An array containing one or more case objects. + maxItems: 100 + minItems: 1 + items: + type: object + required: + - id + - version + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: >- + #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: >- + #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + type: array + description: > + Custom field values for a case. Any optional custom fields + that are not specified in the request are set to null. + minItems: 0 + maxItems: 10 + items: + type: object + required: + - key + - type + - value + properties: + key: + description: > + The unique identifier for the custom field. The key + value must exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified + in the case configuration settings. + type: string + enum: + - text + - toggle + value: + description: > + The custom field value. If the custom field is required, + it cannot be explicitly set to null. However, for cases + that existed when the required custom field was added, + the default value stored in Elasticsearch is + `undefined`. The value returned in the API and user + interface in this case is `null`. + oneOf: + - type: string + minLength: 1 + maxLength: 160 + nullable: true + - type: boolean + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + type: string + maxLength: 30000 + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: + description: >- + The current version of the case. To determine this value, use + the get case or find cases APIs. + type: string + Cases_searchFieldsType: type: string - maxLength: 30000 - Cases_owners: + description: The fields to perform the `simple_query_string` parsed query against. + enum: + - description + - title + Cases_closure_types: type: string - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). enum: - - cases - - observability - - securitySolution - example: cases - Cases_settings: - type: object - description: An object that contains the case settings. - required: - - syncAlerts - properties: - syncAlerts: - description: Turns alert syncing on or off. - type: boolean - example: true - Cases_case_severity: + - close-by-pushing + - close-by-user + example: close-by-user + Cases_connector_types: type: string - description: The severity of the case. + description: The type of connector. enum: - - critical - - high - - low - - medium - default: low - Cases_case_tags: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none + Cases_template_tags: description: > - The words and phrases that help categorize cases. It can be an empty + The words and phrases that help categorize templates. It can be an empty array. type: array maxItems: 200 items: type: string maxLength: 256 - Cases_case_category: - description: A word or phrase that categorizes the case. - type: string - maxLength: 50 - Cases_case_title: - description: A title for the case. - type: string - maxLength: 160 - Cases_create_case_request: - title: Create case request + Cases_templates: + type: array + x-technical-preview: true + items: + type: object + properties: + caseFields: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, therefore + it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector IDs, + use the find connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + customFields: + type: array + x-technical-preview: true + description: Custom field values in the template. + items: + type: object + properties: + key: + type: string + description: The unique key for the custom field. + type: + type: string + enum: + - text + - toggle + description: The type of the custom field. + value: + oneOf: + - type: string + - type: boolean + description: > + The default value for the custom field when a case uses + the template. If the `type` is `text`, the default value + must be a string. If the `type` is `toggle`, the default + value must be boolean. + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + description: + type: string + description: A description for the template. + key: + type: string + description: > + A unique key for the template. Must be lower case and composed + only of a-z, 0-9, '_', and '-' characters. It is used in API calls + to refer to a specific template. + name: + type: string + description: The name of the template. + tags: + $ref: '#/components/schemas/Cases_template_tags' + Cases_set_case_configuration_request: + title: Set case configuration request description: >- - The create case API request body varies depending on the type of - connector. + External connection details, such as the closure type and default + connector for cases. type: object required: + - closure_type - connector - - description - owner - - settings - - tags - - title properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - description: - $ref: '#/components/schemas/Cases_case_description' - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - category: - $ref: '#/components/schemas/Cases_case_category' - title: - $ref: '#/components/schemas/Cases_case_title' + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type customFields: type: array - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. + description: Custom fields case configuration. minItems: 0 maxItems: 10 items: type: object required: - key + - label + - required - type - - value properties: + defaultValue: + oneOf: + - type: string + - type: boolean + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. key: description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. type: string - type: + minLength: 1 + maxLength: 36 + label: + description: The custom field label that is displayed in the case. + type: string + minLength: 1 + maxLength: 50 + required: description: > - The custom field type. It must match the type specified in the - case configuration settings. + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + type: + description: The type of the custom field. type: string enum: - text - toggle - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + Cases_update_case_configuration_request: + title: Update case configuration request + description: > + You can update settings such as the closure type, custom fields, + templates, and the default connector for cases. + type: object + required: + - version + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + type: string + example: none + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + type: array + description: Custom fields case configuration. + items: + type: object + required: + - key + - label + - required + - type + properties: + defaultValue: oneOf: - type: string - minLength: 1 - maxLength: 160 - nullable: true - type: boolean - Cases_case_response_closed_by_properties: - title: Case response properties for closed_by + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + type: string + minLength: 1 + maxLength: 36 + label: + description: The custom field label that is displayed in the case. + type: string + minLength: 1 + maxLength: 50 + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + type: + description: The type of the custom field. + type: string + enum: + - text + - toggle + templates: + $ref: '#/components/schemas/Cases_templates' + version: + description: > + The version of the connector. To retrieve the version value, use the + get configuration API. + type: string + example: WzIwMiwxXQ== + Cases_alert_response_properties: + type: object + properties: + attached_at: + type: string + format: date-time + id: + description: The alert identifier. + type: string + index: + description: The alert index. + type: string + Cases_add_alert_comment_request_properties: + title: Add case comment request properties for alerts + required: + - alertId + - index + - owner + - rule + - type + description: Defines properties for case comment requests when type is alert. + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + type: string + example: alert + enum: + - alert + Cases_add_user_comment_request_properties: + title: Add case comment request properties for user comments + description: Defines properties for case comment requests when type is user. + type: object + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + maxLength: 30000 + example: A new comment. + owner: + $ref: '#/components/schemas/Cases_owners' + type: + type: string + description: The type of comment. + example: user + enum: + - user + required: + - comment + - owner + - type + Cases_alert_identifiers: + title: Alert identifiers + description: > + The alert identifiers. It is required only when `type` is `alert`. You + can use an array of strings to add multiple alerts to a case, provided + that they all relate to the same rule; `index` must also be an array + with the same length or number of elements. Adding multiple alerts in + this manner is recommended rather than calling the API multiple times. + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 1000 + x-technical-preview: true + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + Cases_alert_indices: + title: Alert indices + description: > + The alert indices. It is required only when `type` is `alert`. If you + are adding multiple alerts to a case, use an array of strings; the + position of each index name in the array must match the position of the + corresponding alert identifier in the `alertId` array. This + functionality is in technical preview and may be changed or removed in a + future release. Elastic will work to fix any issues, but features in + technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - type: array + items: + type: string + maxItems: 1000 + x-technical-preview: true + Cases_rule: + title: Alerting rule + description: > + The rule that is associated with the alerts. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. type: object - nullable: true + x-technical-preview: true properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: + id: + description: The rule identifier. type: string - example: elastic - nullable: true - profile_uid: + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - Cases_alert_comment_response_properties: - title: Add case comment response properties for alerts - type: object + example: security_rule + Cases_add_case_comment_request: + title: Add case comment request + description: >- + The add comment to case API request body varies depending on whether you + are adding an alert or a comment. + oneOf: + - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' + discriminator: + propertyName: type + mapping: + alert: '#/components/schemas/Cases_add_alert_comment_request_properties' + user: '#/components/schemas/Cases_add_user_comment_request_properties' + Cases_update_alert_comment_request_properties: + title: Update case comment request properties for alerts + description: Defines properties for case comment requests when type is alert. required: + - alertId + - id + - index + - owner + - rule - type + - version + type: object properties: alertId: - type: array - items: - type: string - example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - created_at: - type: string - format: date-time - example: '2023-11-06T19:29:38.424Z' - created_by: - type: object - required: - - email - - full_name - - username - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + $ref: '#/components/schemas/Cases_alert_identifiers' id: type: string - example: 73362370-ab1a-11ec-985f-97e55adae8b9 + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 index: - type: array - items: - type: string - example: .internal.alerts-security.alerts-default-000001 + $ref: '#/components/schemas/Cases_alert_indices' owner: $ref: '#/components/schemas/Cases_owners' - pushed_at: + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. type: string - format: date-time - example: null - nullable: true - pushed_by: + enum: + - alert + example: alert + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + type: string + example: Wzk1LDFd + Cases_update_user_comment_request_properties: + title: Update case comment request properties for user comments + description: Defines properties for case comment requests when type is user. + type: object + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + type: string + maxLength: 30000 + example: A new comment. + id: + type: string + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + owner: + $ref: '#/components/schemas/Cases_owners' + type: + type: string + description: The type of comment. + enum: + - user + example: user + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + type: string + example: Wzk1LDFd + required: + - comment + - id + - owner + - type + - version + Cases_update_case_comment_request: + title: Update case comment request + description: >- + The update case comment API request body varies depending on whether you + are updating an alert or a comment. + oneOf: + - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' + discriminator: + propertyName: type + mapping: + alert: '#/components/schemas/Cases_update_alert_comment_request_properties' + user: '#/components/schemas/Cases_update_user_comment_request_properties' + Cases_actions: + type: string + enum: + - add + - create + - delete + - push_to_service + - update + example: create + Cases_payload_alert_comment: + type: object + properties: + comment: type: object - required: - - email - - full_name - - username properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: + alertId: + oneOf: + - type: string + example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + - type: array + items: + type: string + index: + oneOf: + - type: string + example: .alerts-observability.logs.alerts-default + - type: array + items: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + type: object + properties: + id: + description: The rule identifier. + type: string + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + name: + description: The rule name. + type: string + example: security_rule + type: type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - rule: + enum: + - alert + Cases_payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + Cases_payload_connector: + type: object + properties: + connector: type: object properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: string + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + example: null id: - description: The rule identifier. + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + example: none name: - description: The rule name. + description: >- + The name of the connector. To create a case without a connector, + use `none`. type: string - example: security_rule - type: - type: string - example: alert - enum: - - alert - updated_at: - type: string - format: date-time - nullable: true - updated_by: + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: type: object - nullable: true - required: - - email - - full_name - - username properties: - email: - type: string - example: null + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. nullable: true - full_name: - type: string + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + type: array + items: + type: string + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + type: boolean + nullable: true + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + type: boolean + nullable: true + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + type: boolean + nullable: true + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - version: - type: string - example: WzMwNDgsMV0= - Cases_user_comment_response_properties: - title: Case response properties for user comments - type: object - required: - - type - properties: - comment: - type: string - example: A new comment. - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - id: - type: string - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: - $ref: '#/components/schemas/Cases_owners' - pushed_at: - type: string - format: date-time - nullable: true - example: null - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' - type: - type: string - example: user - enum: - - user - updated_at: + example: none + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + type: string + example: none + type: + $ref: '#/components/schemas/Cases_connector_types' + description: type: string - format: date-time - nullable: true - example: null - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + type: array + items: + type: string + example: + - tag-1 + title: type: string - example: WzIwNDMxLDFd - Cases_case_response_created_by_properties: - title: Case response properties for created_by + Cases_payload_delete: + type: object + description: >- + If the `action` is `delete` and the `type` is `delete_case`, the payload + is nullable. + nullable: true + Cases_payload_description: type: object properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: + description: type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - Cases_case_response_pushed_by_properties: - title: Case response properties for pushed_by + Cases_payload_pushed: type: object - nullable: true properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - Cases_case_response_updated_by_properties: - title: Case response properties for updated_by + externalService: + $ref: '#/components/schemas/Cases_external_service' + Cases_payload_settings: type: object - nullable: true properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - Cases_external_service: + settings: + $ref: '#/components/schemas/Cases_settings' + Cases_payload_severity: type: object - nullable: true properties: - connector_id: - type: string - connector_name: + severity: + $ref: '#/components/schemas/Cases_case_severity' + Cases_payload_status: + type: object + properties: + status: + $ref: '#/components/schemas/Cases_case_status' + Cases_payload_tags: + type: object + properties: + tags: + type: array + items: + type: string + example: + - tag-1 + Cases_payload_title: + type: object + properties: + title: type: string - external_id: + Cases_payload_user_comment: + type: object + properties: + comment: + type: object + properties: + comment: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + type: + type: string + enum: + - user + Cases_action_types: + type: string + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + Cases_user_actions_response_properties: + type: object + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: type: string - external_title: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + case_id: type: string - external_url: + example: 22df07d0-03b1-11ed-920c-974bfa104448 + comment_id: type: string - pushed_at: + nullable: true + example: 578608d0-03b1-11ed-920c-974bfa104448 + created_at: type: string format: date-time - pushed_by: + example: '2022-05-13T09:16:17.416Z' + created_by: type: object properties: email: @@ -10700,5328 +15928,5627 @@ components: profile_uid: type: string example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - nullable: true - Cases_case_status: - type: string - description: The status of the case. - enum: - - closed - - in-progress - - open - Cases_case_response_properties: - title: Case response properties + required: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + Cases_user_actions_find_response_properties: type: object required: - - closed_at - - closed_by - - comments - - connector + - action + - comment_id - created_at - created_by - - description - - duration - - external_service - id - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by + - payload + - type - version properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - type: string - description: The case category. - nullable: true - closed_at: + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: type: string - format: date-time nullable: true - closed_by: - $ref: '#/components/schemas/Cases_case_response_closed_by_properties' - comments: - title: Case response properties for comments - description: An array of comment objects for the case. - type: array - maxItems: 10000 - items: - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' - discriminator: - propertyName: type - mapping: - alert: '#/components/schemas/Cases_alert_comment_response_properties' - user: '#/components/schemas/Cases_user_comment_response_properties' - connector: - title: Case response properties for connectors - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - discriminator: - propertyName: type - mapping: - .none: '#/components/schemas/Cases_connector_properties_none' - .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' - .jira: '#/components/schemas/Cases_connector_properties_jira' - .resilient: '#/components/schemas/Cases_connector_properties_resilient' - .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' - .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' - .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + example: 578608d0-03b1-11ed-920c-974bfa104448 created_at: type: string format: date-time example: '2022-05-13T09:16:17.416Z' created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - customFields: - type: array - description: Custom field values for the case. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - type: string - enum: - - text - - toggle - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - type: string - minLength: 1 - maxLength: 160 - nullable: true - - type: boolean - description: - type: string - example: A case description. - duration: - type: integer - description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. - nullable: true - example: 120 - external_service: - $ref: '#/components/schemas/Cases_external_service' + type: object + properties: + email: + type: string + example: null + nullable: true + full_name: + type: string + example: null + nullable: true + username: + type: string + example: elastic + nullable: true + profile_uid: + type: string + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + required: + - email + - full_name + - username id: type: string - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + example: 22fd3e30-03b1-11ed-920c-974bfa104448 owner: $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + version: type: string - example: Case title 1 - totalAlerts: - type: integer - example: 0 - totalComment: - type: integer - example: 0 - updated_at: + example: WzM1ODg4LDFd + type: type: string - format: date-time - nullable: true - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + Connectors_create_connector_request_bedrock: + title: Create Amazon Bedrock connector request + description: >- + The Amazon Bedrock connector uses axios to send a POST request to Amazon + Bedrock. + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + connector_type_id: type: string - example: WzUzMiwxXQ== - Cases_4xx_response: + description: The type of connector. + enum: + - .bedrock + example: .bedrock + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' + Connectors_create_connector_request_gemini: + title: Create Google Gemini connector request + description: >- + The Google Gemini connector uses axios to send a POST request to Google + Gemini. type: object - title: Unsuccessful cases API response + required: + - config + - connector_type_id + - name + - secrets properties: - error: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + connector_type_id: + type: string + description: The type of connector. + enum: + - .gemini + example: .gemini + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' + Connectors_create_connector_request_cases_webhook: + title: Create Webhook - Case Managment connector request + description: > + The Webhook - Case Management connector uses axios to send POST, PUT, + and GET requests to a case management RESTful API web service. + type: object + required: + - config + - connector_type_id + - name + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + connector_type_id: + type: string + description: The type of connector. + enum: + - .cases-webhook + example: .cases-webhook + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' + Connectors_create_connector_request_d3security: + title: Create D3 Security connector request + description: > + The connector uses axios to send a POST request to a D3 Security + endpoint. + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + connector_type_id: type: string - example: Unauthorized - message: + description: The type of connector. + enum: + - .d3security + example: .d3security + name: type: string - statusCode: - type: integer - example: 401 - Cases_update_case_request: - title: Update case request - description: >- - The update case API request body varies depending on the type of - connector. + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' + Connectors_create_connector_request_email: + title: Create email connector request + description: > + The email connector uses the SMTP protocol to send mail messages, using + an integration of Nodemailer. An exception is Microsoft Exchange, which + uses HTTP protocol for sending emails, Send mail. Email message text is + sent as both plain text and html text. type: object required: - - cases + - config + - connector_type_id + - name + - secrets properties: - cases: - type: array - description: An array containing one or more case objects. - maxItems: 100 - minItems: 1 - items: - type: object - required: - - id - - version - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - type: array - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. - minItems: 0 - maxItems: 10 - items: - type: object - required: - - key - - type - - value - properties: - key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. - type: string - enum: - - text - - toggle - value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. - oneOf: - - type: string - minLength: 1 - maxLength: 160 - nullable: true - - type: boolean - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - type: string - maxLength: 30000 - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: - description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. - type: string - Cases_searchFieldsType: - type: string - description: The fields to perform the `simple_query_string` parsed query against. - enum: - - description - - title - Cases_closure_types: - type: string - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - Cases_connector_types: - type: string - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. - type: array - maxItems: 200 - items: - type: string - maxLength: 256 - Cases_templates: - type: array - x-technical-preview: true - items: - type: object - properties: - caseFields: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. - type: string - example: none - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - type: array - x-technical-preview: true - description: Custom field values in the template. - items: - type: object - properties: - key: - type: string - description: The unique key for the custom field. - type: - type: string - enum: - - text - - toggle - description: The type of the custom field. - value: - oneOf: - - type: string - - type: boolean - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - type: string - description: A description for the template. - key: - type: string - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. - name: - type: string - description: The name of the template. - tags: - $ref: '#/components/schemas/Cases_template_tags' - Cases_set_case_configuration_request: - title: Set case configuration request - description: >- - External connection details, such as the closure type and default - connector for cases. + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + connector_type_id: + type: string + description: The type of connector. + enum: + - .email + example: .email + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' + Connectors_create_connector_request_genai: + title: Create OpenAI connector request + description: > + The OpenAI connector uses axios to send a POST request to either OpenAI + or Azure OpenAPI. type: object required: - - closure_type - - connector - - owner + - config + - connector_type_id + - name + - secrets properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - type: string - example: none - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - type: array - description: Custom fields case configuration. - minItems: 0 - maxItems: 10 - items: - type: object - required: - - key - - label - - required - - type - properties: - defaultValue: - oneOf: - - type: string - - type: boolean - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - type: string - minLength: 1 - maxLength: 36 - label: - description: The custom field label that is displayed in the case. - type: string - minLength: 1 - maxLength: 50 - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - type: - description: The type of the custom field. - type: string - enum: - - text - - toggle - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' - Cases_update_case_configuration_request: - title: Update case configuration request - description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. + config: + $ref: '#/components/schemas/Connectors_config_properties_genai' + connector_type_id: + type: string + description: The type of connector. + enum: + - .gen-ai + example: .gen-ai + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_genai' + Connectors_create_connector_request_index: + title: Create index connector request + description: The index connector indexes a document into Elasticsearch. type: object required: - - version + - config + - connector_type_id + - name properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - type: string - example: none - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - type: string - example: none - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - type: array - description: Custom fields case configuration. - items: - type: object - required: - - key - - label - - required - - type - properties: - defaultValue: - oneOf: - - type: string - - type: boolean - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - type: string - minLength: 1 - maxLength: 36 - label: - description: The custom field label that is displayed in the case. - type: string - minLength: 1 - maxLength: 50 - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - type: - description: The type of the custom field. - type: string - enum: - - text - - toggle - templates: - $ref: '#/components/schemas/Cases_templates' - version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: type: string - example: WzIwMiwxXQ== - Cases_alert_response_properties: + description: The type of connector. + enum: + - .index + example: .index + name: + type: string + description: The display name for the connector. + example: my-connector + Connectors_create_connector_request_jira: + title: Create Jira connector request + description: The Jira connector uses the REST API v2 to create Jira issues. + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: + type: string + description: The type of connector. + enum: + - .jira + example: .jira + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' + Connectors_create_connector_request_opsgenie: + title: Create Opsgenie connector request + description: The Opsgenie connector uses the Opsgenie alert API. type: object + required: + - config + - connector_type_id + - name + - secrets properties: - attached_at: - type: string - format: date-time - id: - description: The alert identifier. + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: type: string - index: - description: The alert index. + description: The type of connector. + enum: + - .opsgenie + example: .opsgenie + name: type: string - Cases_add_alert_comment_request_properties: - title: Add case comment request properties for alerts - required: - - alertId - - index - - owner - - rule - - type - description: Defines properties for case comment requests when type is alert. + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' + Connectors_create_connector_request_pagerduty: + title: Create PagerDuty connector request + description: > + The PagerDuty connector uses the v2 Events API to trigger, acknowledge, + and resolve PagerDuty alerts. type: object + required: + - config + - connector_type_id + - name + - secrets properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: type: string - example: alert + description: The type of connector. enum: - - alert - Cases_add_user_comment_request_properties: - title: Add case comment request properties for user comments - description: Defines properties for case comment requests when type is user. + - .pagerduty + example: .pagerduty + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' + Connectors_create_connector_request_resilient: + title: Create IBM Resilient connector request + description: >- + The IBM Resilient connector uses the RESILIENT REST v2 to create IBM + Resilient incidents. type: object + required: + - config + - connector_type_id + - name + - secrets properties: - comment: - description: The new comment. It is required only when `type` is `user`. + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: + description: The type of connector. type: string - maxLength: 30000 - example: A new comment. - owner: - $ref: '#/components/schemas/Cases_owners' - type: + example: .resilient + enum: + - .resilient + name: type: string - description: The type of comment. - example: user + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' + Connectors_create_connector_request_sentinelone: + title: Create SentinelOne connector request + description: > + The SentinelOne connector communicates with SentinelOne Management + Console via REST API. This functionality is in technical preview and may + be changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + x-technical-preview: true + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: + type: string + description: The type of connector. enum: - - user + - .sentinelone + example: .sentinelone + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + Connectors_create_connector_request_serverlog: + title: Create server log connector request + description: This connector writes an entry to the Kibana server log. + type: object required: - - comment - - owner - - type - Cases_alert_identifiers: - title: Alert identifiers + - connector_type_id + - name + properties: + connector_type_id: + type: string + description: The type of connector. + enum: + - .server-log + example: .server-log + name: + type: string + description: The display name for the connector. + example: my-connector + Connectors_create_connector_request_servicenow: + title: Create ServiceNow ITSM connector request description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - type: array - items: - type: string - maxItems: 1000 - x-technical-preview: true - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - Cases_alert_indices: - title: Alert indices + The ServiceNow ITSM connector uses the import set API to create + ServiceNow incidents. You can use the connector for rule actions and + cases. + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: + type: string + description: The type of connector. + enum: + - .servicenow + example: .servicenow + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + Connectors_create_connector_request_servicenow_itom: + title: Create ServiceNow ITOM connector request description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - type: array - items: - type: string - maxItems: 1000 - x-technical-preview: true - Cases_rule: - title: Alerting rule + The ServiceNow ITOM connector uses the event API to create ServiceNow + events. You can use the connector for rule actions. + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: + type: string + description: The type of connector. + enum: + - .servicenow-itom + example: .servicenow-itom + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + Connectors_create_connector_request_servicenow_sir: + title: Create ServiceNow SecOps connector request description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. + The ServiceNow SecOps connector uses the import set API to create + ServiceNow security incidents. You can use the connector for rule + actions and cases. type: object - x-technical-preview: true + required: + - config + - connector_type_id + - name + - secrets properties: - id: - description: The rule identifier. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir name: - description: The rule name. type: string - example: security_rule - Cases_add_case_comment_request: - title: Add case comment request - description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. - oneOf: - - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' - discriminator: - propertyName: type - mapping: - alert: '#/components/schemas/Cases_add_alert_comment_request_properties' - user: '#/components/schemas/Cases_add_user_comment_request_properties' - Cases_update_alert_comment_request_properties: - title: Update case comment request properties for alerts - description: Defines properties for case comment requests when type is alert. - required: - - alertId - - id - - index - - owner - - rule - - type - - version + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + Connectors_create_connector_request_slack_api: + title: Create Slack connector request + description: The Slack connector uses an API method to send Slack messages. type: object + required: + - connector_type_id + - name + - secrets properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - id: - type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: type: string + description: The type of connector. enum: - - alert - example: alert - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + - .slack_api + example: .slack_api + name: type: string - example: Wzk1LDFd - Cases_update_user_comment_request_properties: - title: Update case comment request properties for user comments - description: Defines properties for case comment requests when type is user. + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' + Connectors_create_connector_request_slack_webhook: + title: Create Slack connector request + description: The Slack connector uses Slack Incoming Webhooks. type: object + required: + - connector_type_id + - name + - secrets properties: - comment: - description: The new comment. It is required only when `type` is `user`. + connector_type_id: type: string - maxLength: 30000 - example: A new comment. - id: + description: The type of connector. + enum: + - .slack + example: .slack + name: type: string - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - owner: - $ref: '#/components/schemas/Cases_owners' - type: + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + Connectors_create_connector_request_swimlane: + title: Create Swimlane connector request + description: >- + The Swimlane connector uses the Swimlane REST API to create Swimlane + records. + type: object + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: type: string - description: The type of comment. + description: The type of connector. enum: - - user - example: user - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. + - .swimlane + example: .swimlane + name: type: string - example: Wzk1LDFd + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' + Connectors_create_connector_request_teams: + title: Create Microsoft Teams connector request + description: The Microsoft Teams connector uses Incoming Webhooks. + type: object required: - - comment - - id - - owner - - type - - version - Cases_update_case_comment_request: - title: Update case comment request - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. - oneOf: - - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' - discriminator: - propertyName: type - mapping: - alert: '#/components/schemas/Cases_update_alert_comment_request_properties' - user: '#/components/schemas/Cases_update_user_comment_request_properties' - Cases_actions: - type: string - enum: - - add - - create - - delete - - push_to_service - - update - example: create - Cases_payload_alert_comment: + - connector_type_id + - name + - secrets + properties: + connector_type_id: + type: string + description: The type of connector. + enum: + - .teams + example: .teams + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' + Connectors_create_connector_request_tines: + title: Create Tines connector request + description: > + The Tines connector uses Tines Webhook actions to send events via POST + request. type: object + required: + - config + - connector_type_id + - name + - secrets properties: - comment: - type: object - properties: - alertId: - oneOf: - - type: string - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - - type: array - items: - type: string - index: - oneOf: - - type: string - example: .alerts-observability.logs.alerts-default - - type: array - items: - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - type: object - properties: - id: - description: The rule identifier. - type: string - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - name: - description: The rule name. - type: string - example: security_rule - type: - type: string - enum: - - alert - Cases_payload_assignees: + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: + type: string + description: The type of connector. + enum: + - .tines + example: .tines + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' + Connectors_create_connector_request_torq: + title: Create Torq connector request + description: > + The Torq connector uses a Torq webhook to trigger workflows with Kibana + actions. type: object + required: + - config + - connector_type_id + - name + - secrets properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - Cases_payload_connector: + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: + type: string + description: The type of connector. + enum: + - .torq + example: .torq + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + Connectors_create_connector_request_webhook: + title: Create Webhook connector request + description: > + The Webhook connector uses axios to send a POST or PUT request to a web + service. type: object + required: + - config + - connector_type_id + - name + - secrets properties: - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - type: boolean - nullable: true - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: string - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - type: boolean - nullable: true - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - type: boolean - nullable: true - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - type: boolean - nullable: true - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/Cases_connector_types' - Cases_payload_create_case: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: + type: string + description: The type of connector. + enum: + - .webhook + example: .webhook + name: + type: string + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + Connectors_create_connector_request_xmatters: + title: Create xMatters connector request + description: > + The xMatters connector uses the xMatters Workflow for Elastic to send + actionable alerts to on-call xMatters resources. type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: - type: object - properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - nullable: true - type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - type: boolean - nullable: true - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - type: array - items: - type: string - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - type: boolean - nullable: true - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - type: boolean - nullable: true - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - type: boolean - nullable: true - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - example: null - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - type: string - example: none - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - type: string - example: none - type: - $ref: '#/components/schemas/Cases_connector_types' - description: + required: + - config + - connector_type_id + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: type: string - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - type: array - items: - type: string - example: - - tag-1 - title: + description: The type of connector. + enum: + - .xmatters + example: .xmatters + name: type: string - Cases_payload_delete: + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + Connectors_config_properties_bedrock: + title: Connector request properties for an Amazon Bedrock connector + description: Defines properties for connectors when type is `.bedrock`. type: object - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. - nullable: true - Cases_payload_description: + required: + - apiUrl + properties: + apiUrl: + type: string + description: The Amazon Bedrock request URL. + defaultModel: + type: string + description: > + The generative artificial intelligence model for Amazon Bedrock to + use. Current support is for the Anthropic Claude models. + default: anthropic.claude-3-5-sonnet-20240620-v1:0 + Connectors_secrets_properties_bedrock: + title: Connector secrets properties for an Amazon Bedrock connector + description: Defines secrets for connectors when type is `.bedrock`. type: object + required: + - accessKey + - secret properties: - description: + accessKey: type: string - Cases_payload_pushed: + description: The AWS access key for authentication. + secret: + type: string + description: The AWS secret for authentication. + Connectors_config_properties_gemini: + title: Connector request properties for an Google Gemini connector + description: Defines properties for connectors when type is `.gemini`. type: object + required: + - apiUrl + - gcpRegion + - gcpProjectID properties: - externalService: - $ref: '#/components/schemas/Cases_external_service' - Cases_payload_settings: + apiUrl: + type: string + description: The Google Gemini request URL. + defaultModel: + type: string + description: >- + The generative artificial intelligence model for Google Gemini to + use. + default: gemini-1.5-pro-001 + gcpRegion: + type: string + description: The GCP region where the Vertex AI endpoint enabled. + gcpProjectID: + type: string + description: The Google ProjectID that has Vertex AI endpoint enabled. + Connectors_secrets_properties_gemini: + title: Connector secrets properties for a Google Gemini connector + description: Defines secrets for connectors when type is `.gemini`. type: object + required: + - credentialsJSON properties: - settings: - $ref: '#/components/schemas/Cases_settings' - Cases_payload_severity: + credentialsJSON: + type: string + description: >- + The service account credentials JSON file. The service account + should have Vertex AI user IAM role assigned to it. + Connectors_config_properties_cases_webhook: + title: Connector request properties for Webhook - Case Management connector + required: + - createIncidentJson + - createIncidentResponseKey + - createIncidentUrl + - getIncidentResponseExternalTitleKey + - getIncidentUrl + - updateIncidentJson + - updateIncidentUrl + - viewIncidentUrl + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + createCommentJson: + type: string + description: > + A JSON payload sent to the create comment URL to create a case + comment. You can use variables to add Kibana Cases data to the + payload. The required variable is `case.comment`. Due to Mustache + template variables (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated once the Mustache variables have + been placed when the REST method runs. Manually ensure that the JSON + is valid, disregarding the Mustache variables, so the later + validation will pass. + example: '{"body": {{{case.comment}}}}' + createCommentMethod: + type: string + description: > + The REST API HTTP request method to create a case comment in the + third-party system. Valid values are `patch`, `post`, and `put`. + default: put + enum: + - patch + - post + - put + createCommentUrl: + type: string + description: > + The REST API URL to create a case comment by ID in the third-party + system. You can use a variable to add the external system ID to the + URL. If you are using the `xpack.actions.allowedHosts setting`, add + the hostname to the allowed hosts. + example: https://example.com/issue/{{{external.system.id}}}/comment + createIncidentJson: + type: string + description: > + A JSON payload sent to the create case URL to create a case. You can + use variables to add case data to the payload. Required variables + are `case.title` and `case.description`. Due to Mustache template + variables (which is the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid to avoid future validation errors; disregard Mustache + variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} + createIncidentMethod: + type: string + description: > + The REST API HTTP request method to create a case in the third-party + system. Valid values are `patch`, `post`, and `put`. + enum: + - patch + - post + - put + default: post + createIncidentResponseKey: + type: string + description: >- + The JSON key in the create external case response that contains the + case ID. + createIncidentUrl: + type: string + description: > + The REST API URL to create a case in the third-party system. If you + are using the `xpack.actions.allowedHosts` setting, add the hostname + to the allowed hosts. + getIncidentResponseExternalTitleKey: + type: string + description: >- + The JSON key in get external case response that contains the case + title. + getIncidentUrl: + type: string + description: > + The REST API URL to get the case by ID from the third-party system. + If you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. You can use a variable to add the + external system ID to the URL. Due to Mustache template variables + (the text enclosed in triple braces, for example, + `{{{case.title}}}`), the JSON is not validated when you create the + connector. The JSON is validated after the Mustache variables have + been placed when REST method runs. Manually ensure that the JSON is + valid, disregarding the Mustache variables, so the later validation + will pass. + example: https://example.com/issue/{{{external.system.id}}} + hasAuth: + type: boolean + description: >- + If true, a username and password for login type authentication must + be provided. + default: true + headers: + type: string + description: > + A set of key-value pairs sent as headers with the request URLs for + the create case, update case, get case, and create comment methods. + updateIncidentJson: + type: string + description: > + The JSON payload sent to the update case URL to update the case. You + can use variables to add Kibana Cases data to the payload. Required + variables are `case.title` and `case.description`. Due to Mustache + template variables (which is the text enclosed in triple braces, for + example, `{{{case.title}}}`), the JSON is not validated when you + create the connector. The JSON is validated after the Mustache + variables have been placed when REST method runs. Manually ensure + that the JSON is valid to avoid future validation errors; disregard + Mustache variables during your review. + example: >- + {"fields": {"summary": {{{case.title}}},"description": + {{{case.description}}},"labels": {{{case.tags}}}}} + updateIncidentMethod: + type: string + description: > + The REST API HTTP request method to update the case in the + third-party system. Valid values are `patch`, `post`, and `put`. + default: put + enum: + - patch + - post + - put + updateIncidentUrl: + type: string + description: > + The REST API URL to update the case by ID in the third-party system. + You can use a variable to add the external system ID to the URL. If + you are using the `xpack.actions.allowedHosts` setting, add the + hostname to the allowed hosts. + example: https://example.com/issue/{{{external.system.ID}}} + viewIncidentUrl: + type: string + description: > + The URL to view the case in the external system. You can use + variables to add the external system ID or external system title to + the URL. + example: >- + https://testing-jira.atlassian.net/browse/{{{external.system.title}}} + Connectors_secrets_properties_cases_webhook: + title: Connector secrets properties for Webhook - Case Management connector type: object properties: - severity: - $ref: '#/components/schemas/Cases_case_severity' - Cases_payload_status: + password: + type: string + description: >- + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + user: + type: string + description: >- + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + Connectors_config_properties_d3security: + title: Connector request properties for a D3 Security connector + description: Defines properties for connectors when type is `.d3security`. type: object + required: + - url properties: - status: - $ref: '#/components/schemas/Cases_case_status' - Cases_payload_tags: + url: + type: string + description: > + The D3 Security API request URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + Connectors_secrets_properties_d3security: + title: Connector secrets properties for a D3 Security connector + description: Defines secrets for connectors when type is `.d3security`. + required: + - token type: object properties: - tags: - type: array - items: - type: string - example: - - tag-1 - Cases_payload_title: + token: + type: string + description: The D3 Security token. + Connectors_config_properties_email: + title: Connector request properties for an email connector + description: Defines properties for connectors when type is `.email`. + required: + - from type: object properties: - title: + clientId: + description: > + The client identifier, which is a part of OAuth 2.0 client + credentials authentication, in GUID format. If `service` is + `exchange_server`, this property is required. type: string - Cases_payload_user_comment: + nullable: true + from: + description: > + The from address for all emails sent by the connector. It must be + specified in `user@host-name` format. + type: string + hasAuth: + description: > + Specifies whether a user and password are required inside the + secrets configuration. + default: true + type: boolean + host: + description: > + The host name of the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: string + oauthTokenUrl: + type: string + nullable: true + port: + description: > + The port to connect to on the service provider. If the `service` is + `elastic_cloud` (for Elastic Cloud notifications) or one of + Nodemailer's well-known email service providers, this property is + ignored. If `service` is `other`, this property must be defined. + type: integer + secure: + description: > + Specifies whether the connection to the service provider will use + TLS. If the `service` is `elastic_cloud` (for Elastic Cloud + notifications) or one of Nodemailer's well-known email service + providers, this property is ignored. + type: boolean + service: + description: | + The name of the email service. + type: string + enum: + - elastic_cloud + - exchange_server + - gmail + - other + - outlook365 + - ses + tenantId: + description: > + The tenant identifier, which is part of OAuth 2.0 client credentials + authentication, in GUID format. If `service` is `exchange_server`, + this property is required. + type: string + nullable: true + Connectors_secrets_properties_email: + title: Connector secrets properties for an email connector + description: Defines secrets for connectors when type is `.email`. type: object properties: - comment: - type: object - properties: - comment: - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - type: - type: string - enum: - - user - Cases_action_types: - type: string - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - Cases_user_actions_response_properties: + clientSecret: + type: string + description: > + The Microsoft Exchange Client secret for OAuth 2.0 client + credentials authentication. It must be URL-encoded. If `service` is + `exchange_server`, this property is required. + password: + type: string + description: > + The password for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + user: + type: string + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true`, this property is required. + Connectors_config_properties_genai_azure: + title: >- + Connector request properties for an OpenAI connector that uses Azure + OpenAI + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `Azure OpenAI'. type: object required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type + - apiProvider + - apiUrl properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: + apiProvider: type: string - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - case_id: + description: The OpenAI API provider. + enum: + - Azure OpenAI + apiUrl: type: string - example: 22df07d0-03b1-11ed-920c-974bfa104448 - comment_id: + description: The OpenAI API endpoint. + Connectors_config_properties_genai_openai: + title: Connector request properties for an OpenAI connector + description: > + Defines properties for connectors when type is `.gen-ai` and the API + provider is `OpenAI'. + type: object + required: + - apiProvider + - apiUrl + properties: + apiProvider: type: string - nullable: true - example: 578608d0-03b1-11ed-920c-974bfa104448 - created_at: + description: The OpenAI API provider. + enum: + - OpenAI + apiUrl: type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - Cases_user_actions_find_response_properties: + description: The OpenAI API endpoint. + defaultModel: + type: string + description: The default model to use for requests. + Connectors_config_properties_genai: + title: Connector request properties for an OpenAI connector + description: Defines properties for connectors when type is `.gen-ai`. + oneOf: + - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' + - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' + discriminator: + propertyName: apiProvider + mapping: + Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' + OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' + Connectors_secrets_properties_genai: + title: Connector secrets properties for an OpenAI connector + description: Defines secrets for connectors when type is `.gen-ai`. type: object + properties: + apiKey: + type: string + description: The OpenAI API key. + Connectors_config_properties_index: + title: Connector request properties for an index connector required: - - action - - comment_id - - created_at - - created_by - - id - - owner - - payload - - type - - version + - index + description: Defines properties for connectors when type is `.index`. + type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: + executionTimeField: + description: A field that indicates when the document was indexed. + default: null type: string nullable: true - example: 578608d0-03b1-11ed-920c-974bfa104448 - created_at: - type: string - format: date-time - example: '2022-05-13T09:16:17.416Z' - created_by: - type: object - properties: - email: - type: string - example: null - nullable: true - full_name: - type: string - example: null - nullable: true - username: - type: string - example: elastic - nullable: true - profile_uid: - type: string - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - required: - - email - - full_name - - username - id: + index: + description: The Elasticsearch index to be written to. type: string - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - version: + refresh: + description: > + The refresh policy for the write request, which affects when changes + are made visible to search. Refer to the refresh setting for + Elasticsearch document APIs. + default: false + type: boolean + Connectors_config_properties_jira: + title: Connector request properties for a Jira connector + required: + - apiUrl + - projectKey + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + apiUrl: + description: The Jira instance URL. type: string - example: WzM1ODg4LDFd - type: + projectKey: + description: The Jira project key. type: string - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - Connectors_create_connector_request_bedrock: - title: Create Amazon Bedrock connector request - description: >- - The Amazon Bedrock connector uses axios to send a POST request to Amazon - Bedrock. - type: object + Connectors_secrets_properties_jira: + title: Connector secrets properties for a Jira connector required: - - config - - connector_type_id - - name - - secrets + - apiToken + - email + description: Defines secrets for connectors when type is `.jira`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: + apiToken: + description: The Jira API authentication token for HTTP basic authentication. type: string - description: The type of connector. - enum: - - .bedrock - example: .bedrock - name: + email: + description: The account email for HTTP Basic authentication. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - Connectors_create_connector_request_gemini: - title: Create Google Gemini connector request - description: >- - The Google Gemini connector uses axios to send a POST request to Google - Gemini. + Connectors_config_properties_opsgenie: + title: Connector request properties for an Opsgenie connector + required: + - apiUrl + description: Defines properties for connectors when type is `.opsgenie`. type: object + properties: + apiUrl: + description: > + The Opsgenie URL. For example, `https://api.opsgenie.com` or + `https://api.eu.opsgenie.com`. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + type: string + Connectors_secrets_properties_opsgenie: + title: Connector secrets properties for an Opsgenie connector required: - - config - - connector_type_id - - name - - secrets + - apiKey + description: Defines secrets for connectors when type is `.opsgenie`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: + apiKey: + description: The Opsgenie API authentication key for HTTP Basic authentication. type: string - description: The type of connector. - enum: - - .gemini - example: .gemini - name: + Connectors_config_properties_pagerduty: + title: Connector request properties for a PagerDuty connector + description: Defines properties for connectors when type is `.pagerduty`. + type: object + properties: + apiUrl: + description: The PagerDuty event URL. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - Connectors_create_connector_request_cases_webhook: - title: Create Webhook - Case Managment connector request - description: > - The Webhook - Case Management connector uses axios to send POST, PUT, - and GET requests to a case management RESTful API web service. + nullable: true + example: https://events.pagerduty.com/v2/enqueue + Connectors_secrets_properties_pagerduty: + title: Connector secrets properties for a PagerDuty connector + description: Defines secrets for connectors when type is `.pagerduty`. type: object required: - - config - - connector_type_id - - name + - routingKey properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - type: string - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook - name: + routingKey: + description: > + A 32 character PagerDuty Integration Key for an integration on a + service. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - Connectors_create_connector_request_d3security: - title: Create D3 Security connector request - description: > - The connector uses axios to send a POST request to a D3 Security - endpoint. + Connectors_config_properties_resilient: + title: Connector request properties for a IBM Resilient connector + required: + - apiUrl + - orgId + description: Defines properties for connectors when type is `.resilient`. type: object + properties: + apiUrl: + description: The IBM Resilient instance URL. + type: string + orgId: + description: The IBM Resilient organization ID. + type: string + Connectors_secrets_properties_resilient: + title: Connector secrets properties for IBM Resilient connector required: - - config - - connector_type_id - - name - - secrets + - apiKeyId + - apiKeySecret + description: Defines secrets for connectors when type is `.resilient`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: + apiKeyId: type: string - description: The type of connector. - enum: - - .d3security - example: .d3security - name: + description: The authentication key ID for HTTP Basic authentication. + apiKeySecret: type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - Connectors_create_connector_request_email: - title: Create email connector request - description: > - The email connector uses the SMTP protocol to send mail messages, using - an integration of Nodemailer. An exception is Microsoft Exchange, which - uses HTTP protocol for sending emails, Send mail. Email message text is - sent as both plain text and html text. - type: object + description: The authentication key secret for HTTP Basic authentication. + Connectors_config_properties_sentinelone: + title: Connector request properties for a SentinelOne connector required: - - config - - connector_type_id - - name - - secrets + - url + description: Defines properties for connectors when type is `.sentinelone`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: - type: string - description: The type of connector. - enum: - - .email - example: .email - name: + url: + description: > + The SentinelOne tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - Connectors_create_connector_request_genai: - title: Create OpenAI connector request - description: > - The OpenAI connector uses axios to send a POST request to either OpenAI - or Azure OpenAPI. + Connectors_secrets_properties_sentinelone: + title: Connector secrets properties for a SentinelOne connector + description: Defines secrets for connectors when type is `.sentinelone`. type: object required: - - config - - connector_type_id - - name - - secrets + - token properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: - type: string - description: The type of connector. - enum: - - .gen-ai - example: .gen-ai - name: + token: + description: The A SentinelOne API token. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_genai' - Connectors_create_connector_request_index: - title: Create index connector request - description: The index connector indexes a document into Elasticsearch. - type: object + Connectors_config_properties_servicenow: + title: Connector request properties for a ServiceNow ITSM connector required: - - config - - connector_type_id - - name + - apiUrl + description: Defines properties for connectors when type is `.servicenow`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: + apiUrl: type: string - description: The type of connector. - enum: - - .index - example: .index - name: + description: The ServiceNow instance URL. + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. type: string - description: The display name for the connector. - example: my-connector - Connectors_create_connector_request_jira: - title: Create Jira connector request - description: The Jira connector uses the REST API v2 to create Jira issues. + isOAuth: + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + default: false + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. + type: string + usesTableApi: + description: > + Determines whether the connector uses the Table API or the Import + Set API. This property is supported only for ServiceNow ITSM and + ServiceNow SecOps connectors. NOTE: If this property is set to + `false`, the Elastic application should be installed in ServiceNow. + default: true + type: boolean + Connectors_secrets_properties_servicenow: + title: >- + Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors + description: >- + Defines secrets for connectors when type is `.servicenow`, + `.servicenow-sir`, or `.servicenow-itom`. type: object + properties: + clientSecret: + type: string + description: >- + The client secret assigned to your OAuth application. This property + is required when `isOAuth` is `true`. + password: + type: string + description: >- + The password for HTTP basic authentication. This property is + required when `isOAuth` is `false`. + privateKey: + type: string + description: >- + The RSA private key that you created for use in ServiceNow. This + property is required when `isOAuth` is `true`. + privateKeyPassword: + type: string + description: >- + The password for the RSA private key. This property is required when + `isOAuth` is `true` and you set a password on your private key. + username: + type: string + description: >- + The username for HTTP basic authentication. This property is + required when `isOAuth` is `false`. + Connectors_config_properties_servicenow_itom: + title: Connector request properties for a ServiceNow ITSM connector required: - - config - - connector_type_id - - name - - secrets + - apiUrl + description: Defines properties for connectors when type is `.servicenow`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: + apiUrl: type: string - description: The type of connector. - enum: - - .jira - example: .jira - name: + description: The ServiceNow instance URL. + clientId: + description: > + The client ID assigned to your OAuth application. This property is + required when `isOAuth` is `true`. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - Connectors_create_connector_request_opsgenie: - title: Create Opsgenie connector request - description: The Opsgenie connector uses the Opsgenie alert API. + isOAuth: + description: > + The type of authentication to use. The default value is false, which + means basic authentication is used instead of open authorization + (OAuth). + default: false + type: boolean + jwtKeyId: + description: > + The key identifier assigned to the JWT verifier map of your OAuth + application. This property is required when `isOAuth` is `true`. + type: string + userIdentifierValue: + description: > + The identifier to use for OAuth authentication. This identifier + should be the user field you selected when you created an OAuth JWT + API endpoint for external clients in your ServiceNow instance. For + example, if the selected user field is `Email`, the user identifier + should be the user's email address. This property is required when + `isOAuth` is `true`. + type: string + Connectors_config_properties_slack_api: + title: Connector request properties for a Slack connector + description: Defines properties for connectors when type is `.slack_api`. type: object + properties: + allowedChannels: + type: array + description: A list of valid Slack channels. + items: + type: object + required: + - id + - name + maxItems: 25 + properties: + id: + type: string + description: The Slack channel ID. + example: C123ABC456 + minLength: 1 + name: + type: string + description: The Slack channel name. + minLength: 1 + Connectors_secrets_properties_slack_api: + title: Connector secrets properties for a Web API Slack connector + description: Defines secrets for connectors when type is `.slack`. required: - - config - - connector_type_id - - name - - secrets + - token + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: - type: string - description: The type of connector. - enum: - - .opsgenie - example: .opsgenie - name: + token: type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - Connectors_create_connector_request_pagerduty: - title: Create PagerDuty connector request - description: > - The PagerDuty connector uses the v2 Events API to trigger, acknowledge, - and resolve PagerDuty alerts. - type: object + description: Slack bot user OAuth token. + Connectors_secrets_properties_slack_webhook: + title: Connector secrets properties for a Webhook Slack connector + description: Defines secrets for connectors when type is `.slack`. required: - - config - - connector_type_id - - name - - secrets + - webhookUrl + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: - type: string - description: The type of connector. - enum: - - .pagerduty - example: .pagerduty - name: + webhookUrl: type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - Connectors_create_connector_request_resilient: - title: Create IBM Resilient connector request - description: >- - The IBM Resilient connector uses the RESILIENT REST v2 to create IBM - Resilient incidents. - type: object + description: Slack webhook url. + Connectors_config_properties_swimlane: + title: Connector request properties for a Swimlane connector required: - - config - - connector_type_id - - name - - secrets + - apiUrl + - appId + - connectorType + description: Defines properties for connectors when type is `.swimlane`. + type: object properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: - description: The type of connector. + apiUrl: + description: The Swimlane instance URL. type: string - example: .resilient - enum: - - .resilient - name: + appId: + description: The Swimlane application ID. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - Connectors_create_connector_request_sentinelone: - title: Create SentinelOne connector request - description: > - The SentinelOne connector communicates with SentinelOne Management - Console via REST API. This functionality is in technical preview and may - be changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - x-technical-preview: true + connectorType: + description: >- + The type of connector. Valid values are `all`, `alerts`, and + `cases`. + type: string + enum: + - all + - alerts + - cases + mappings: + title: Connector mappings properties for a Swimlane connector + description: The field mapping. + type: object + properties: + alertIdConfig: + title: Alert identifier mapping + description: Mapping for the alert ID. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + caseIdConfig: + title: Case identifier mapping + description: Mapping for the case ID. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + caseNameConfig: + title: Case name mapping + description: Mapping for the case name. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + commentsConfig: + title: Case comment mapping + description: Mapping for the case comments. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + descriptionConfig: + title: Case description mapping + description: Mapping for the case description. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + ruleNameConfig: + title: Rule name mapping + description: Mapping for the name of the alert's rule. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + severityConfig: + title: Severity mapping + description: Mapping for the severity. + type: object + required: + - fieldType + - id + - key + - name + properties: + fieldType: + type: string + description: The type of field in Swimlane. + id: + type: string + description: The identifier for the field in Swimlane. + key: + type: string + description: The key for the field in Swimlane. + name: + type: string + description: The name of the field in Swimlane. + Connectors_secrets_properties_swimlane: + title: Connector secrets properties for a Swimlane connector + description: Defines secrets for connectors when type is `.swimlane`. type: object - required: - - config - - connector_type_id - - name - - secrets properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: - type: string - description: The type of connector. - enum: - - .sentinelone - example: .sentinelone - name: + apiToken: + description: Swimlane API authentication token. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - Connectors_create_connector_request_serverlog: - title: Create server log connector request - description: This connector writes an entry to the Kibana server log. + Connectors_secrets_properties_teams: + title: Connector secrets properties for a Microsoft Teams connector + description: Defines secrets for connectors when type is `.teams`. type: object required: - - connector_type_id - - name + - webhookUrl properties: - connector_type_id: + webhookUrl: type: string - description: The type of connector. - enum: - - .server-log - example: .server-log - name: + description: > + The URL of the incoming webhook. If you are using the + `xpack.actions.allowedHosts` setting, add the hostname to the + allowed hosts. + Connectors_config_properties_tines: + title: Connector request properties for a Tines connector + description: Defines properties for connectors when type is `.tines`. + type: object + required: + - url + properties: + url: + description: > + The Tines tenant URL. If you are using the + `xpack.actions.allowedHosts` setting, make sure this hostname is + added to the allowed hosts. type: string - description: The display name for the connector. - example: my-connector - Connectors_create_connector_request_servicenow: - title: Create ServiceNow ITSM connector request - description: > - The ServiceNow ITSM connector uses the import set API to create - ServiceNow incidents. You can use the connector for rule actions and - cases. + Connectors_secrets_properties_tines: + title: Connector secrets properties for a Tines connector + description: Defines secrets for connectors when type is `.tines`. type: object required: - - config - - connector_type_id - - name - - secrets + - email + - token properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: + email: + description: The email used to sign in to Tines. type: string - description: The type of connector. - enum: - - .servicenow - example: .servicenow - name: + token: + description: The Tines API token. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - Connectors_create_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request - description: > - The ServiceNow ITOM connector uses the event API to create ServiceNow - events. You can use the connector for rule actions. + Connectors_config_properties_torq: + title: Connector request properties for a Torq connector + description: Defines properties for connectors when type is `.torq`. type: object required: - - config - - connector_type_id - - name - - secrets + - webhookIntegrationUrl properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: - type: string - description: The type of connector. - enum: - - .servicenow-itom - example: .servicenow-itom - name: + webhookIntegrationUrl: + description: The endpoint URL of the Elastic Security integration in Torq. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - Connectors_create_connector_request_servicenow_sir: - title: Create ServiceNow SecOps connector request - description: > - The ServiceNow SecOps connector uses the import set API to create - ServiceNow security incidents. You can use the connector for rule - actions and cases. + Connectors_secrets_properties_torq: + title: Connector secrets properties for a Torq connector + description: Defines secrets for connectors when type is `.torq`. type: object required: - - config - - connector_type_id - - name - - secrets + - token properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: + token: + description: The secret of the webhook authentication header. type: string - description: The type of connector. + Connectors_config_properties_webhook: + title: Connector request properties for a Webhook connector + description: Defines properties for connectors when type is `.webhook`. + type: object + properties: + authType: + type: string + nullable: true enum: - - .servicenow-sir - example: .servicenow-sir - name: + - webhook-authentication-basic + - webhook-authentication-ssl + description: | + The type of authentication to use: basic, SSL, or none. + ca: type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - Connectors_create_connector_request_slack_api: - title: Create Slack connector request - description: The Slack connector uses an API method to send Slack messages. + description: > + A base64 encoded version of the certificate authority file that the + connector can trust to sign and validate certificates. This option + is available for all authentication types. + certType: + type: string + description: > + If the `authType` is `webhook-authentication-ssl`, specifies whether + the certificate authentication data is in a CRT and key file format + or a PFX file format. + enum: + - ssl-crt-key + - ssl-pfx + hasAuth: + type: boolean + description: > + If `true`, a user name and password must be provided for login type + authentication. + headers: + type: object + nullable: true + description: A set of key-value pairs sent as headers with the request. + method: + type: string + default: post + enum: + - post + - put + description: | + The HTTP request method, either `post` or `put`. + url: + type: string + description: > + The request URL. If you are using the `xpack.actions.allowedHosts` + setting, add the hostname to the allowed hosts. + verificationMode: + type: string + enum: + - certificate + - full + - none + default: full + description: > + Controls the verification of certificates. Use `full` to validate + that the certificate has an issue date within the `not_before` and + `not_after` dates, chains to a trusted certificate authority (CA), + and has a hostname or IP address that matches the names within the + certificate. Use `certificate` to validate the certificate and + verify that it is signed by a trusted authority; this option does + not check the certificate hostname. Use `none` to skip certificate + validation. + Connectors_secrets_properties_webhook: + title: Connector secrets properties for a Webhook connector + description: Defines secrets for connectors when type is `.webhook`. type: object - required: - - connector_type_id - - name - - secrets properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: + crt: type: string - description: The type of connector. - enum: - - .slack_api - example: .slack_api - name: + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT + file. + key: + type: string + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-crt-key`, it is a base64 encoded version of the KEY file. + pfx: + type: string + description: >- + If `authType` is `webhook-authentication-ssl` and `certType` is + `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. + password: + type: string + description: > + The password for HTTP basic authentication or the passphrase for the + SSL certificate files. If `hasAuth` is set to `true` and `authType` + is `webhook-authentication-basic`, this property is required. + user: + type: string + description: > + The username for HTTP basic authentication. If `hasAuth` is set to + `true` and `authType` is `webhook-authentication-basic`, this + property is required. + Connectors_config_properties_xmatters: + title: Connector request properties for an xMatters connector + description: Defines properties for connectors when type is `.xmatters`. + type: object + properties: + configUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters. It is + applicable only when `usesBasic` is `true`. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - Connectors_create_connector_request_slack_webhook: - title: Create Slack connector request - description: The Slack connector uses Slack Incoming Webhooks. + nullable: true + usesBasic: + description: >- + Specifies whether the connector uses HTTP basic authentication + (`true`) or URL authentication (`false`). + type: boolean + default: true + Connectors_secrets_properties_xmatters: + title: Connector secrets properties for an xMatters connector + description: Defines secrets for connectors when type is `.xmatters`. type: object - required: - - connector_type_id - - name - - secrets properties: - connector_type_id: + password: + description: > + A user name for HTTP basic authentication. It is applicable only + when `usesBasic` is `true`. type: string - description: The type of connector. - enum: - - .slack - example: .slack - name: + secretsUrl: + description: > + The request URL for the Elastic Alerts trigger in xMatters with the + API key included in the URL. It is applicable only when `usesBasic` + is `false`. type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - Connectors_create_connector_request_swimlane: - title: Create Swimlane connector request - description: >- - The Swimlane connector uses the Swimlane REST API to create Swimlane - records. + user: + description: > + A password for HTTP basic authentication. It is applicable only when + `usesBasic` is `true`. + type: string + Connectors_create_connector_request: + title: Create connector request body properties + description: The properties vary depending on the connector type. + oneOf: + - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_create_connector_request_email' + - $ref: '#/components/schemas/Connectors_create_connector_request_genai' + - $ref: '#/components/schemas/Connectors_create_connector_request_index' + - $ref: '#/components/schemas/Connectors_create_connector_request_jira' + - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' + - $ref: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_create_connector_request_teams' + - $ref: '#/components/schemas/Connectors_create_connector_request_tines' + - $ref: '#/components/schemas/Connectors_create_connector_request_torq' + - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' + discriminator: + propertyName: connector_type_id + mapping: + .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' + .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' + .cases-webhook: >- + #/components/schemas/Connectors_create_connector_request_cases_webhook + .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' + .email: '#/components/schemas/Connectors_create_connector_request_email' + .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' + .index: '#/components/schemas/Connectors_create_connector_request_index' + .jira: '#/components/schemas/Connectors_create_connector_request_jira' + .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' + .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' + .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' + .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' + .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' + .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' + .servicenow-itom: >- + #/components/schemas/Connectors_create_connector_request_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_create_connector_request_servicenow_sir + .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' + .slack: >- + #/components/schemas/Connectors_create_connector_request_slack_webhook + .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' + .teams: '#/components/schemas/Connectors_create_connector_request_teams' + .tines: '#/components/schemas/Connectors_create_connector_request_tines' + .torq: '#/components/schemas/Connectors_create_connector_request_torq' + .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' + .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' + Connectors_connector_response_properties_bedrock: + title: Connector response properties for an Amazon Bedrock connector type: object required: - config - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - secrets properties: config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' + $ref: '#/components/schemas/Connectors_config_properties_bedrock' connector_type_id: type: string description: The type of connector. enum: - - .swimlane - example: .swimlane + - .bedrock + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: type: string description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - Connectors_create_connector_request_teams: - title: Create Microsoft Teams connector request - description: The Microsoft Teams connector uses Incoming Webhooks. + Connectors_connector_response_properties_gemini: + title: Connector response properties for a Google Gemini connector type: object required: - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - secrets properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' connector_type_id: type: string description: The type of connector. enum: - - .teams - example: .teams + - .gemini + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: type: string description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - Connectors_create_connector_request_tines: - title: Create Tines connector request - description: > - The Tines connector uses Tines Webhook actions to send events via POST - request. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_cases_webhook: + title: Connector request properties for a Webhook - Case Management connector type: object required: - - config - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - secrets properties: config: - $ref: '#/components/schemas/Connectors_config_properties_tines' + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' connector_type_id: - type: string description: The type of connector. + type: string enum: - - .tines - example: .tines + - .cases-webhook + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: type: string description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - Connectors_create_connector_request_torq: - title: Create Torq connector request - description: > - The Torq connector uses a Torq webhook to trigger workflows with Kibana - actions. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_d3security: + title: Connector response properties for a D3 Security connector type: object required: - - config - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - secrets properties: config: - $ref: '#/components/schemas/Connectors_config_properties_torq' + $ref: '#/components/schemas/Connectors_config_properties_d3security' connector_type_id: type: string description: The type of connector. enum: - - .torq - example: .torq + - .d3security + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: type: string description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - Connectors_create_connector_request_webhook: - title: Create Webhook connector request - description: > - The Webhook connector uses axios to send a POST or PUT request to a web - service. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_email: + title: Connector response properties for an email connector type: object required: - - config - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - secrets properties: config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' + $ref: '#/components/schemas/Connectors_config_properties_email' connector_type_id: type: string description: The type of connector. enum: - - .webhook - example: .webhook + - .email + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: type: string description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - Connectors_create_connector_request_xmatters: - title: Create xMatters connector request - description: > - The xMatters connector uses the xMatters Workflow for Elastic to send - actionable alerts to on-call xMatters resources. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_genai: + title: Connector response properties for an OpenAI connector type: object required: - - config - connector_type_id + - id + - is_deprecated + - is_preconfigured - name - - secrets properties: config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' + $ref: '#/components/schemas/Connectors_config_properties_genai' connector_type_id: type: string description: The type of connector. enum: - - .xmatters - example: .xmatters + - .gen-ai + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' name: type: string description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - Connectors_config_properties_bedrock: - title: Connector request properties for an Amazon Bedrock connector - description: Defines properties for connectors when type is `.bedrock`. - type: object - required: - - apiUrl - properties: - apiUrl: - type: string - description: The Amazon Bedrock request URL. - defaultModel: - type: string - description: > - The generative artificial intelligence model for Amazon Bedrock to - use. Current support is for the Anthropic Claude models. - default: anthropic.claude-3-5-sonnet-20240620-v1:0 - Connectors_secrets_properties_bedrock: - title: Connector secrets properties for an Amazon Bedrock connector - description: Defines secrets for connectors when type is `.bedrock`. - type: object - required: - - accessKey - - secret - properties: - accessKey: - type: string - description: The AWS access key for authentication. - secret: - type: string - description: The AWS secret for authentication. - Connectors_config_properties_gemini: - title: Connector request properties for an Google Gemini connector - description: Defines properties for connectors when type is `.gemini`. - type: object - required: - - apiUrl - - gcpRegion - - gcpProjectID - properties: - apiUrl: - type: string - description: The Google Gemini request URL. - defaultModel: - type: string - description: >- - The generative artificial intelligence model for Google Gemini to - use. - default: gemini-1.5-pro-001 - gcpRegion: - type: string - description: The GCP region where the Vertex AI endpoint enabled. - gcpProjectID: - type: string - description: The Google ProjectID that has Vertex AI endpoint enabled. - Connectors_secrets_properties_gemini: - title: Connector secrets properties for a Google Gemini connector - description: Defines secrets for connectors when type is `.gemini`. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_index: + title: Connector response properties for an index connector type: object required: - - credentialsJSON - properties: - credentialsJSON: - type: string - description: >- - The service account credentials JSON file. The service account - should have Vertex AI user IAM role assigned to it. - Connectors_config_properties_cases_webhook: - title: Connector request properties for Webhook - Case Management connector - required: - - createIncidentJson - - createIncidentResponseKey - - createIncidentUrl - - getIncidentResponseExternalTitleKey - - getIncidentUrl - - updateIncidentJson - - updateIncidentUrl - - viewIncidentUrl - description: Defines properties for connectors when type is `.cases-webhook`. - type: object + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - createCommentJson: - type: string - description: > - A JSON payload sent to the create comment URL to create a case - comment. You can use variables to add Kibana Cases data to the - payload. The required variable is `case.comment`. Due to Mustache - template variables (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated once the Mustache variables have - been placed when the REST method runs. Manually ensure that the JSON - is valid, disregarding the Mustache variables, so the later - validation will pass. - example: '{"body": {{{case.comment}}}}' - createCommentMethod: - type: string - description: > - The REST API HTTP request method to create a case comment in the - third-party system. Valid values are `patch`, `post`, and `put`. - default: put - enum: - - patch - - post - - put - createCommentUrl: - type: string - description: > - The REST API URL to create a case comment by ID in the third-party - system. You can use a variable to add the external system ID to the - URL. If you are using the `xpack.actions.allowedHosts setting`, add - the hostname to the allowed hosts. - example: https://example.com/issue/{{{external.system.id}}}/comment - createIncidentJson: - type: string - description: > - A JSON payload sent to the create case URL to create a case. You can - use variables to add case data to the payload. Required variables - are `case.title` and `case.description`. Due to Mustache template - variables (which is the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid to avoid future validation errors; disregard Mustache - variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - createIncidentMethod: - type: string - description: > - The REST API HTTP request method to create a case in the third-party - system. Valid values are `patch`, `post`, and `put`. - enum: - - patch - - post - - put - default: post - createIncidentResponseKey: - type: string - description: >- - The JSON key in the create external case response that contains the - case ID. - createIncidentUrl: - type: string - description: > - The REST API URL to create a case in the third-party system. If you - are using the `xpack.actions.allowedHosts` setting, add the hostname - to the allowed hosts. - getIncidentResponseExternalTitleKey: - type: string - description: >- - The JSON key in get external case response that contains the case - title. - getIncidentUrl: - type: string - description: > - The REST API URL to get the case by ID from the third-party system. - If you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. You can use a variable to add the - external system ID to the URL. Due to Mustache template variables - (the text enclosed in triple braces, for example, - `{{{case.title}}}`), the JSON is not validated when you create the - connector. The JSON is validated after the Mustache variables have - been placed when REST method runs. Manually ensure that the JSON is - valid, disregarding the Mustache variables, so the later validation - will pass. - example: https://example.com/issue/{{{external.system.id}}} - hasAuth: - type: boolean - description: >- - If true, a username and password for login type authentication must - be provided. - default: true - headers: - type: string - description: > - A set of key-value pairs sent as headers with the request URLs for - the create case, update case, get case, and create comment methods. - updateIncidentJson: - type: string - description: > - The JSON payload sent to the update case URL to update the case. You - can use variables to add Kibana Cases data to the payload. Required - variables are `case.title` and `case.description`. Due to Mustache - template variables (which is the text enclosed in triple braces, for - example, `{{{case.title}}}`), the JSON is not validated when you - create the connector. The JSON is validated after the Mustache - variables have been placed when REST method runs. Manually ensure - that the JSON is valid to avoid future validation errors; disregard - Mustache variables during your review. - example: >- - {"fields": {"summary": {{{case.title}}},"description": - {{{case.description}}},"labels": {{{case.tags}}}}} - updateIncidentMethod: + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + connector_type_id: type: string - description: > - The REST API HTTP request method to update the case in the - third-party system. Valid values are `patch`, `post`, and `put`. - default: put + description: The type of connector. enum: - - patch - - post - - put - updateIncidentUrl: + - .index + id: type: string - description: > - The REST API URL to update the case by ID in the third-party system. - You can use a variable to add the external system ID to the URL. If - you are using the `xpack.actions.allowedHosts` setting, add the - hostname to the allowed hosts. - example: https://example.com/issue/{{{external.system.ID}}} - viewIncidentUrl: + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - description: > - The URL to view the case in the external system. You can use - variables to add the external system ID or external system title to - the URL. - example: >- - https://testing-jira.atlassian.net/browse/{{{external.system.title}}} - Connectors_secrets_properties_cases_webhook: - title: Connector secrets properties for Webhook - Case Management connector + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_jira: + title: Connector response properties for a Jira connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - password: + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + connector_type_id: type: string - description: >- - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - user: + description: The type of connector. + enum: + - .jira + id: type: string - description: >- - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - Connectors_config_properties_d3security: - title: Connector request properties for a D3 Security connector - description: Defines properties for connectors when type is `.d3security`. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + type: string + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_opsgenie: + title: Connector response properties for an Opsgenie connector type: object required: - - url + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - url: + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + connector_type_id: type: string - description: > - The D3 Security API request URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - Connectors_secrets_properties_d3security: - title: Connector secrets properties for a D3 Security connector - description: Defines secrets for connectors when type is `.d3security`. - required: - - token + description: The type of connector. + enum: + - .opsgenie + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + type: string + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_pagerduty: + title: Connector response properties for a PagerDuty connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - token: + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + connector_type_id: type: string - description: The D3 Security token. - Connectors_config_properties_email: - title: Connector request properties for an email connector - description: Defines properties for connectors when type is `.email`. - required: - - from + description: The type of connector. + enum: + - .pagerduty + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + type: string + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_resilient: + title: Connector response properties for a IBM Resilient connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - clientId: - description: > - The client identifier, which is a part of OAuth 2.0 client - credentials authentication, in GUID format. If `service` is - `exchange_server`, this property is required. - type: string - nullable: true - from: - description: > - The from address for all emails sent by the connector. It must be - specified in `user@host-name` format. + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + connector_type_id: type: string - hasAuth: - description: > - Specifies whether a user and password are required inside the - secrets configuration. - default: true - type: boolean - host: - description: > - The host name of the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. + description: The type of connector. + enum: + - .resilient + id: type: string - oauthTokenUrl: + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - nullable: true - port: - description: > - The port to connect to on the service provider. If the `service` is - `elastic_cloud` (for Elastic Cloud notifications) or one of - Nodemailer's well-known email service providers, this property is - ignored. If `service` is `other`, this property must be defined. - type: integer - secure: - description: > - Specifies whether the connection to the service provider will use - TLS. If the `service` is `elastic_cloud` (for Elastic Cloud - notifications) or one of Nodemailer's well-known email service - providers, this property is ignored. - type: boolean - service: - description: | - The name of the email service. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_sentinelone: + title: Connector response properties for a SentinelOne connector + type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + connector_type_id: type: string + description: The type of connector. enum: - - elastic_cloud - - exchange_server - - gmail - - other - - outlook365 - - ses - tenantId: - description: > - The tenant identifier, which is part of OAuth 2.0 client credentials - authentication, in GUID format. If `service` is `exchange_server`, - this property is required. + - .sentinelone + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - nullable: true - Connectors_secrets_properties_email: - title: Connector secrets properties for an email connector - description: Defines secrets for connectors when type is `.email`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_serverlog: + title: Connector response properties for a server log connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - clientSecret: + config: + type: object + nullable: true + connector_type_id: type: string - description: > - The Microsoft Exchange Client secret for OAuth 2.0 client - credentials authentication. It must be URL-encoded. If `service` is - `exchange_server`, this property is required. - password: + description: The type of connector. + enum: + - .server-log + id: type: string - description: > - The password for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - user: + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true`, this property is required. - Connectors_config_properties_genai_azure: - title: >- - Connector request properties for an OpenAI connector that uses Azure - OpenAI - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `Azure OpenAI'. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_servicenow: + title: Connector response properties for a ServiceNow ITSM connector type: object required: - - apiProvider - - apiUrl + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiProvider: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: type: string - description: The OpenAI API provider. + description: The type of connector. enum: - - Azure OpenAI - apiUrl: + - .servicenow + id: type: string - description: The OpenAI API endpoint. - Connectors_config_properties_genai_openai: - title: Connector request properties for an OpenAI connector - description: > - Defines properties for connectors when type is `.gen-ai` and the API - provider is `OpenAI'. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + type: string + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_servicenow_itom: + title: Connector response properties for a ServiceNow ITOM connector type: object required: - - apiProvider - - apiUrl + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiProvider: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + connector_type_id: type: string - description: The OpenAI API provider. + description: The type of connector. enum: - - OpenAI - apiUrl: + - .servicenow-itom + id: type: string - description: The OpenAI API endpoint. - defaultModel: + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - description: The default model to use for requests. - Connectors_config_properties_genai: - title: Connector request properties for an OpenAI connector - description: Defines properties for connectors when type is `.gen-ai`. - oneOf: - - $ref: '#/components/schemas/Connectors_config_properties_genai_azure' - - $ref: '#/components/schemas/Connectors_config_properties_genai_openai' - discriminator: - propertyName: apiProvider - mapping: - Azure OpenAI: '#/components/schemas/Connectors_config_properties_genai_azure' - OpenAI: '#/components/schemas/Connectors_config_properties_genai_openai' - Connectors_secrets_properties_genai: - title: Connector secrets properties for an OpenAI connector - description: Defines secrets for connectors when type is `.gen-ai`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_servicenow_sir: + title: Connector response properties for a ServiceNow SecOps connector type: object - properties: - apiKey: - type: string - description: The OpenAI API key. - Connectors_config_properties_index: - title: Connector request properties for an index connector required: - - index - description: Defines properties for connectors when type is `.index`. - type: object + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - executionTimeField: - description: A field that indicates when the document was indexed. - default: null - type: string - nullable: true - index: - description: The Elasticsearch index to be written to. + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + connector_type_id: type: string - refresh: - description: > - The refresh policy for the write request, which affects when changes - are made visible to search. Refer to the refresh setting for - Elasticsearch document APIs. - default: false - type: boolean - Connectors_config_properties_jira: - title: Connector request properties for a Jira connector - required: - - apiUrl - - projectKey - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - apiUrl: - description: The Jira instance URL. + description: The type of connector. + enum: + - .servicenow-sir + id: type: string - projectKey: - description: The Jira project key. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - Connectors_secrets_properties_jira: - title: Connector secrets properties for a Jira connector - required: - - apiToken - - email - description: Defines secrets for connectors when type is `.jira`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_slack_api: + title: Connector response properties for a Slack connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiToken: - description: The Jira API authentication token for HTTP basic authentication. + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + connector_type_id: type: string - email: - description: The account email for HTTP Basic authentication. + description: The type of connector. + enum: + - .slack_api + id: type: string - Connectors_config_properties_opsgenie: - title: Connector request properties for an Opsgenie connector - required: - - apiUrl - description: Defines properties for connectors when type is `.opsgenie`. - type: object - properties: - apiUrl: - description: > - The Opsgenie URL. For example, `https://api.opsgenie.com` or - `https://api.eu.opsgenie.com`. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - Connectors_secrets_properties_opsgenie: - title: Connector secrets properties for an Opsgenie connector - required: - - apiKey - description: Defines secrets for connectors when type is `.opsgenie`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_slack_webhook: + title: Connector response properties for a Slack connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiKey: - description: The Opsgenie API authentication key for HTTP Basic authentication. + connector_type_id: type: string - Connectors_config_properties_pagerduty: - title: Connector request properties for a PagerDuty connector - description: Defines properties for connectors when type is `.pagerduty`. - type: object - properties: - apiUrl: - description: The PagerDuty event URL. + description: The type of connector. + enum: + - .slack + id: type: string - nullable: true - example: https://events.pagerduty.com/v2/enqueue - Connectors_secrets_properties_pagerduty: - title: Connector secrets properties for a PagerDuty connector - description: Defines secrets for connectors when type is `.pagerduty`. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + type: string + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_swimlane: + title: Connector response properties for a Swimlane connector type: object required: - - routingKey + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - routingKey: - description: > - A 32 character PagerDuty Integration Key for an integration on a - service. + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + connector_type_id: type: string - Connectors_config_properties_resilient: - title: Connector request properties for a IBM Resilient connector - required: - - apiUrl - - orgId - description: Defines properties for connectors when type is `.resilient`. - type: object - properties: - apiUrl: - description: The IBM Resilient instance URL. + description: The type of connector. + enum: + - .swimlane + id: type: string - orgId: - description: The IBM Resilient organization ID. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - Connectors_secrets_properties_resilient: - title: Connector secrets properties for IBM Resilient connector - required: - - apiKeyId - - apiKeySecret - description: Defines secrets for connectors when type is `.resilient`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_teams: + title: Connector response properties for a Microsoft Teams connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiKeyId: + config: + type: object + connector_type_id: type: string - description: The authentication key ID for HTTP Basic authentication. - apiKeySecret: + description: The type of connector. + enum: + - .teams + id: type: string - description: The authentication key secret for HTTP Basic authentication. - Connectors_config_properties_sentinelone: - title: Connector request properties for a SentinelOne connector - required: - - url - description: Defines properties for connectors when type is `.sentinelone`. - type: object - properties: - url: - description: > - The SentinelOne tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - Connectors_secrets_properties_sentinelone: - title: Connector secrets properties for a SentinelOne connector - description: Defines secrets for connectors when type is `.sentinelone`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_tines: + title: Connector response properties for a Tines connector type: object required: - - token + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - token: - description: The A SentinelOne API token. + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + connector_type_id: type: string - Connectors_config_properties_servicenow: - title: Connector request properties for a ServiceNow ITSM connector - required: - - apiUrl - description: Defines properties for connectors when type is `.servicenow`. + description: The type of connector. + enum: + - .tines + id: + type: string + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: + type: string + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_torq: + title: Connector response properties for a Torq connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiUrl: - type: string - description: The ServiceNow instance URL. - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + connector_type_id: type: string - isOAuth: - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - default: false - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. + description: The type of connector. + enum: + - .torq + id: type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - usesTableApi: - description: > - Determines whether the connector uses the Table API or the Import - Set API. This property is supported only for ServiceNow ITSM and - ServiceNow SecOps connectors. NOTE: If this property is set to - `false`, the Elastic application should be installed in ServiceNow. - default: true - type: boolean - Connectors_secrets_properties_servicenow: - title: >- - Connector secrets properties for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors - description: >- - Defines secrets for connectors when type is `.servicenow`, - `.servicenow-sir`, or `.servicenow-itom`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_webhook: + title: Connector response properties for a Webhook connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - clientSecret: - type: string - description: >- - The client secret assigned to your OAuth application. This property - is required when `isOAuth` is `true`. - password: - type: string - description: >- - The password for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - privateKey: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + connector_type_id: type: string - description: >- - The RSA private key that you created for use in ServiceNow. This - property is required when `isOAuth` is `true`. - privateKeyPassword: + description: The type of connector. + enum: + - .webhook + id: type: string - description: >- - The password for the RSA private key. This property is required when - `isOAuth` is `true` and you set a password on your private key. - username: + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - description: >- - The username for HTTP basic authentication. This property is - required when `isOAuth` is `false`. - Connectors_config_properties_servicenow_itom: - title: Connector request properties for a ServiceNow ITSM connector - required: - - apiUrl - description: Defines properties for connectors when type is `.servicenow`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_connector_response_properties_xmatters: + title: Connector response properties for an xMatters connector type: object + required: + - connector_type_id + - id + - is_deprecated + - is_preconfigured + - name properties: - apiUrl: - type: string - description: The ServiceNow instance URL. - clientId: - description: > - The client ID assigned to your OAuth application. This property is - required when `isOAuth` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + connector_type_id: type: string - isOAuth: - description: > - The type of authentication to use. The default value is false, which - means basic authentication is used instead of open authorization - (OAuth). - default: false - type: boolean - jwtKeyId: - description: > - The key identifier assigned to the JWT verifier map of your OAuth - application. This property is required when `isOAuth` is `true`. + description: The type of connector. + enum: + - .xmatters + id: type: string - userIdentifierValue: - description: > - The identifier to use for OAuth authentication. This identifier - should be the user field you selected when you created an OAuth JWT - API endpoint for external clients in your ServiceNow instance. For - example, if the selected user field is `Email`, the user identifier - should be the user's email address. This property is required when - `isOAuth` is `true`. + description: The identifier for the connector. + is_deprecated: + $ref: '#/components/schemas/Connectors_is_deprecated' + is_missing_secrets: + $ref: '#/components/schemas/Connectors_is_missing_secrets' + is_preconfigured: + $ref: '#/components/schemas/Connectors_is_preconfigured' + is_system_action: + $ref: '#/components/schemas/Connectors_is_system_action' + name: type: string - Connectors_config_properties_slack_api: - title: Connector request properties for a Slack connector - description: Defines properties for connectors when type is `.slack_api`. + description: The display name for the connector. + referenced_by_count: + $ref: '#/components/schemas/Connectors_referenced_by_count' + Connectors_is_deprecated: + type: boolean + description: Indicates whether the connector type is deprecated. + example: false + Connectors_is_missing_secrets: + type: boolean + description: >- + Indicates whether secrets are missing for the connector. Secrets + configuration properties vary depending on the connector type. + example: false + Connectors_is_preconfigured: + type: boolean + description: > + Indicates whether it is a preconfigured connector. If true, the `config` + and `is_missing_secrets` properties are omitted from the response. + example: false + Connectors_is_system_action: + type: boolean + description: Indicates whether the connector is used for system actions. + example: false + Connectors_referenced_by_count: + type: integer + description: > + Indicates the number of saved objects that reference the connector. If + `is_preconfigured` is true, this value is not calculated. This property + is returned only by the get all connectors API. + example: 2 + Connectors_connector_response_properties: + title: Connector response properties + description: The properties vary depending on the connector type. + oneOf: + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_d3security + - $ref: '#/components/schemas/Connectors_connector_response_properties_email' + - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' + - $ref: '#/components/schemas/Connectors_connector_response_properties_index' + - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_resilient + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' + - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' + - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_webhook + - $ref: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + discriminator: + propertyName: connector_type_id + mapping: + .bedrock: >- + #/components/schemas/Connectors_connector_response_properties_bedrock + .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' + .cases-webhook: >- + #/components/schemas/Connectors_connector_response_properties_cases_webhook + .d3security: >- + #/components/schemas/Connectors_connector_response_properties_d3security + .email: '#/components/schemas/Connectors_connector_response_properties_email' + .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' + .index: '#/components/schemas/Connectors_connector_response_properties_index' + .jira: '#/components/schemas/Connectors_connector_response_properties_jira' + .opsgenie: >- + #/components/schemas/Connectors_connector_response_properties_opsgenie + .pagerduty: >- + #/components/schemas/Connectors_connector_response_properties_pagerduty + .resilient: >- + #/components/schemas/Connectors_connector_response_properties_resilient + .sentinelone: >- + #/components/schemas/Connectors_connector_response_properties_sentinelone + .server-log: >- + #/components/schemas/Connectors_connector_response_properties_serverlog + .servicenow: >- + #/components/schemas/Connectors_connector_response_properties_servicenow + .servicenow-itom: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_itom + .servicenow-sir: >- + #/components/schemas/Connectors_connector_response_properties_servicenow_sir + .slack_api: >- + #/components/schemas/Connectors_connector_response_properties_slack_api + .slack: >- + #/components/schemas/Connectors_connector_response_properties_slack_webhook + .swimlane: >- + #/components/schemas/Connectors_connector_response_properties_swimlane + .teams: '#/components/schemas/Connectors_connector_response_properties_teams' + .tines: '#/components/schemas/Connectors_connector_response_properties_tines' + .torq: '#/components/schemas/Connectors_connector_response_properties_torq' + .webhook: >- + #/components/schemas/Connectors_connector_response_properties_webhook + .xmatters: >- + #/components/schemas/Connectors_connector_response_properties_xmatters + Connectors_update_connector_request_bedrock: + title: Update Amazon Bedrock connector request type: object - properties: - allowedChannels: - type: array - description: A list of valid Slack channels. - items: - type: object - required: - - id - - name - maxItems: 25 - properties: - id: - type: string - description: The Slack channel ID. - example: C123ABC456 - minLength: 1 - name: - type: string - description: The Slack channel name. - minLength: 1 - Connectors_secrets_properties_slack_api: - title: Connector secrets properties for a Web API Slack connector - description: Defines secrets for connectors when type is `.slack`. required: - - token + - config + - name + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_bedrock' + name: + type: string + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' + Connectors_update_connector_request_gemini: + title: Update Google Gemini connector request type: object + required: + - config + - name properties: - token: + config: + $ref: '#/components/schemas/Connectors_config_properties_gemini' + name: type: string - description: Slack bot user OAuth token. - Connectors_secrets_properties_slack_webhook: - title: Connector secrets properties for a Webhook Slack connector - description: Defines secrets for connectors when type is `.slack`. - required: - - webhookUrl + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_gemini' + Connectors_update_connector_request_cases_webhook: + title: Update Webhook - Case Managment connector request type: object + required: + - config + - name properties: - webhookUrl: + config: + $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + name: type: string - description: Slack webhook url. - Connectors_config_properties_swimlane: - title: Connector request properties for a Swimlane connector - required: - - apiUrl - - appId - - connectorType - description: Defines properties for connectors when type is `.swimlane`. + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' + Connectors_update_connector_request_d3security: + title: Update D3 Security connector request type: object + required: + - config + - name + - secrets properties: - apiUrl: - description: The Swimlane instance URL. + config: + $ref: '#/components/schemas/Connectors_config_properties_d3security' + name: type: string - appId: - description: The Swimlane application ID. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_d3security' + Connectors_update_connector_request_email: + title: Update email connector request + type: object + required: + - config + - name + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_email' + name: type: string - connectorType: - description: >- - The type of connector. Valid values are `all`, `alerts`, and - `cases`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_email' + Connectors_update_connector_request_index: + title: Update index connector request + type: object + required: + - config + - name + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_index' + name: type: string - enum: - - all - - alerts - - cases - mappings: - title: Connector mappings properties for a Swimlane connector - description: The field mapping. - type: object - properties: - alertIdConfig: - title: Alert identifier mapping - description: Mapping for the alert ID. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - caseIdConfig: - title: Case identifier mapping - description: Mapping for the case ID. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - caseNameConfig: - title: Case name mapping - description: Mapping for the case name. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - commentsConfig: - title: Case comment mapping - description: Mapping for the case comments. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - descriptionConfig: - title: Case description mapping - description: Mapping for the case description. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - ruleNameConfig: - title: Rule name mapping - description: Mapping for the name of the alert's rule. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - severityConfig: - title: Severity mapping - description: Mapping for the severity. - type: object - required: - - fieldType - - id - - key - - name - properties: - fieldType: - type: string - description: The type of field in Swimlane. - id: - type: string - description: The identifier for the field in Swimlane. - key: - type: string - description: The key for the field in Swimlane. - name: - type: string - description: The name of the field in Swimlane. - Connectors_secrets_properties_swimlane: - title: Connector secrets properties for a Swimlane connector - description: Defines secrets for connectors when type is `.swimlane`. + description: The display name for the connector. + Connectors_update_connector_request_jira: + title: Update Jira connector request type: object + required: + - config + - name + - secrets properties: - apiToken: - description: Swimlane API authentication token. + config: + $ref: '#/components/schemas/Connectors_config_properties_jira' + name: type: string - Connectors_secrets_properties_teams: - title: Connector secrets properties for a Microsoft Teams connector - description: Defines secrets for connectors when type is `.teams`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_jira' + Connectors_update_connector_request_opsgenie: + title: Update Opsgenie connector request type: object required: - - webhookUrl + - config + - name + - secrets properties: - webhookUrl: + config: + $ref: '#/components/schemas/Connectors_config_properties_opsgenie' + name: type: string - description: > - The URL of the incoming webhook. If you are using the - `xpack.actions.allowedHosts` setting, add the hostname to the - allowed hosts. - Connectors_config_properties_tines: - title: Connector request properties for a Tines connector - description: Defines properties for connectors when type is `.tines`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' + Connectors_update_connector_request_pagerduty: + title: Update PagerDuty connector request type: object required: - - url + - config + - name + - secrets properties: - url: - description: > - The Tines tenant URL. If you are using the - `xpack.actions.allowedHosts` setting, make sure this hostname is - added to the allowed hosts. + config: + $ref: '#/components/schemas/Connectors_config_properties_pagerduty' + name: type: string - Connectors_secrets_properties_tines: - title: Connector secrets properties for a Tines connector - description: Defines secrets for connectors when type is `.tines`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' + Connectors_update_connector_request_resilient: + title: Update IBM Resilient connector request type: object required: - - email - - token + - config + - name + - secrets properties: - email: - description: The email used to sign in to Tines. - type: string - token: - description: The Tines API token. + config: + $ref: '#/components/schemas/Connectors_config_properties_resilient' + name: type: string - Connectors_config_properties_torq: - title: Connector request properties for a Torq connector - description: Defines properties for connectors when type is `.torq`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_resilient' + Connectors_update_connector_request_sentinelone: + title: Update SentinelOne connector request type: object required: - - webhookIntegrationUrl + - config + - name + - secrets properties: - webhookIntegrationUrl: - description: The endpoint URL of the Elastic Security integration in Torq. + config: + $ref: '#/components/schemas/Connectors_config_properties_sentinelone' + name: type: string - Connectors_secrets_properties_torq: - title: Connector secrets properties for a Torq connector - description: Defines secrets for connectors when type is `.torq`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' + Connectors_update_connector_request_serverlog: + title: Update server log connector request type: object required: - - token + - name properties: - token: - description: The secret of the webhook authentication header. + name: type: string - Connectors_config_properties_webhook: - title: Connector request properties for a Webhook connector - description: Defines properties for connectors when type is `.webhook`. + description: The display name for the connector. + Connectors_update_connector_request_servicenow: + title: Update ServiceNow ITSM connector or ServiceNow SecOps request type: object + required: + - config + - name + - secrets properties: - authType: - type: string - nullable: true - enum: - - webhook-authentication-basic - - webhook-authentication-ssl - description: | - The type of authentication to use: basic, SSL, or none. - ca: - type: string - description: > - A base64 encoded version of the certificate authority file that the - connector can trust to sign and validate certificates. This option - is available for all authentication types. - certType: - type: string - description: > - If the `authType` is `webhook-authentication-ssl`, specifies whether - the certificate authentication data is in a CRT and key file format - or a PFX file format. - enum: - - ssl-crt-key - - ssl-pfx - hasAuth: - type: boolean - description: > - If `true`, a user name and password must be provided for login type - authentication. - headers: - type: object - nullable: true - description: A set of key-value pairs sent as headers with the request. - method: - type: string - default: post - enum: - - post - - put - description: | - The HTTP request method, either `post` or `put`. - url: - type: string - description: > - The request URL. If you are using the `xpack.actions.allowedHosts` - setting, add the hostname to the allowed hosts. - verificationMode: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow' + name: type: string - enum: - - certificate - - full - - none - default: full - description: > - Controls the verification of certificates. Use `full` to validate - that the certificate has an issue date within the `not_before` and - `not_after` dates, chains to a trusted certificate authority (CA), - and has a hostname or IP address that matches the names within the - certificate. Use `certificate` to validate the certificate and - verify that it is signed by a trusted authority; this option does - not check the certificate hostname. Use `none` to skip certificate - validation. - Connectors_secrets_properties_webhook: - title: Connector secrets properties for a Webhook connector - description: Defines secrets for connectors when type is `.webhook`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + Connectors_update_connector_request_servicenow_itom: + title: Create ServiceNow ITOM connector request type: object + required: + - config + - name + - secrets properties: - crt: + config: + $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' + name: type: string - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the CRT or CERT - file. - key: + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' + Connectors_update_connector_request_slack_api: + title: Update Slack connector request + type: object + required: + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_slack_api' + name: type: string - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-crt-key`, it is a base64 encoded version of the KEY file. - pfx: + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' + Connectors_update_connector_request_slack_webhook: + title: Update Slack connector request + type: object + required: + - name + - secrets + properties: + name: type: string - description: >- - If `authType` is `webhook-authentication-ssl` and `certType` is - `ssl-pfx`, it is a base64 encoded version of the PFX or P12 file. - password: + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' + Connectors_update_connector_request_swimlane: + title: Update Swimlane connector request + type: object + required: + - config + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_swimlane' + name: type: string - description: > - The password for HTTP basic authentication or the passphrase for the - SSL certificate files. If `hasAuth` is set to `true` and `authType` - is `webhook-authentication-basic`, this property is required. - user: + description: The display name for the connector. + example: my-connector + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' + Connectors_update_connector_request_teams: + title: Update Microsoft Teams connector request + type: object + required: + - name + - secrets + properties: + name: type: string - description: > - The username for HTTP basic authentication. If `hasAuth` is set to - `true` and `authType` is `webhook-authentication-basic`, this - property is required. - Connectors_config_properties_xmatters: - title: Connector request properties for an xMatters connector - description: Defines properties for connectors when type is `.xmatters`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_teams' + Connectors_update_connector_request_tines: + title: Update Tines connector request type: object + required: + - config + - name + - secrets properties: - configUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters. It is - applicable only when `usesBasic` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_tines' + name: type: string - nullable: true - usesBasic: - description: >- - Specifies whether the connector uses HTTP basic authentication - (`true`) or URL authentication (`false`). - type: boolean - default: true - Connectors_secrets_properties_xmatters: - title: Connector secrets properties for an xMatters connector - description: Defines secrets for connectors when type is `.xmatters`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_tines' + Connectors_update_connector_request_torq: + title: Update Torq connector request type: object + required: + - config + - name + - secrets properties: - password: - description: > - A user name for HTTP basic authentication. It is applicable only - when `usesBasic` is `true`. + config: + $ref: '#/components/schemas/Connectors_config_properties_torq' + name: type: string - secretsUrl: - description: > - The request URL for the Elastic Alerts trigger in xMatters with the - API key included in the URL. It is applicable only when `usesBasic` - is `false`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_torq' + Connectors_update_connector_request_webhook: + title: Update Webhook connector request + type: object + required: + - config + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_webhook' + name: type: string - user: - description: > - A password for HTTP basic authentication. It is applicable only when - `usesBasic` is `true`. + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_webhook' + Connectors_update_connector_request_xmatters: + title: Update xMatters connector request + type: object + required: + - config + - name + - secrets + properties: + config: + $ref: '#/components/schemas/Connectors_config_properties_xmatters' + name: type: string - Connectors_create_connector_request: - title: Create connector request body properties + description: The display name for the connector. + secrets: + $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' + Connectors_update_connector_request: + title: Update connector request body properties description: The properties vary depending on the connector type. oneOf: - - $ref: '#/components/schemas/Connectors_create_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_create_connector_request_gemini' + - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' + - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - $ref: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_create_connector_request_email' + #/components/schemas/Connectors_update_connector_request_cases_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' + - $ref: '#/components/schemas/Connectors_update_connector_request_email' - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_create_connector_request_index' - - $ref: '#/components/schemas/Connectors_create_connector_request_jira' - - $ref: '#/components/schemas/Connectors_create_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_create_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_create_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_create_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_create_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_create_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom + - $ref: '#/components/schemas/Connectors_update_connector_request_index' + - $ref: '#/components/schemas/Connectors_update_connector_request_jira' + - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' + - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' + - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' + - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' + - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' + - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - $ref: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - - $ref: '#/components/schemas/Connectors_create_connector_request_slack_api' + #/components/schemas/Connectors_update_connector_request_servicenow_itom + - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - $ref: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_create_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_create_connector_request_teams' - - $ref: '#/components/schemas/Connectors_create_connector_request_tines' - - $ref: '#/components/schemas/Connectors_create_connector_request_torq' - - $ref: '#/components/schemas/Connectors_create_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_create_connector_request_xmatters' - discriminator: - propertyName: connector_type_id - mapping: - .bedrock: '#/components/schemas/Connectors_create_connector_request_bedrock' - .gemini: '#/components/schemas/Connectors_create_connector_request_gemini' - .cases-webhook: >- - #/components/schemas/Connectors_create_connector_request_cases_webhook - .d3security: '#/components/schemas/Connectors_create_connector_request_d3security' - .email: '#/components/schemas/Connectors_create_connector_request_email' - .gen-ai: '#/components/schemas/Connectors_create_connector_request_genai' - .index: '#/components/schemas/Connectors_create_connector_request_index' - .jira: '#/components/schemas/Connectors_create_connector_request_jira' - .opsgenie: '#/components/schemas/Connectors_create_connector_request_opsgenie' - .pagerduty: '#/components/schemas/Connectors_create_connector_request_pagerduty' - .resilient: '#/components/schemas/Connectors_create_connector_request_resilient' - .sentinelone: '#/components/schemas/Connectors_create_connector_request_sentinelone' - .server-log: '#/components/schemas/Connectors_create_connector_request_serverlog' - .servicenow: '#/components/schemas/Connectors_create_connector_request_servicenow' - .servicenow-itom: >- - #/components/schemas/Connectors_create_connector_request_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_create_connector_request_servicenow_sir - .slack_api: '#/components/schemas/Connectors_create_connector_request_slack_api' - .slack: >- - #/components/schemas/Connectors_create_connector_request_slack_webhook - .swimlane: '#/components/schemas/Connectors_create_connector_request_swimlane' - .teams: '#/components/schemas/Connectors_create_connector_request_teams' - .tines: '#/components/schemas/Connectors_create_connector_request_tines' - .torq: '#/components/schemas/Connectors_create_connector_request_torq' - .webhook: '#/components/schemas/Connectors_create_connector_request_webhook' - .xmatters: '#/components/schemas/Connectors_create_connector_request_xmatters' - Connectors_connector_response_properties_bedrock: - title: Connector response properties for an Amazon Bedrock connector + #/components/schemas/Connectors_update_connector_request_slack_webhook + - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' + - $ref: '#/components/schemas/Connectors_update_connector_request_teams' + - $ref: '#/components/schemas/Connectors_update_connector_request_tines' + - $ref: '#/components/schemas/Connectors_update_connector_request_torq' + - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' + - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' + Connectors_run_connector_params_acknowledge_resolve_pagerduty: + title: PagerDuty connector parameters + description: Test an action that acknowledges or resolves a PagerDuty alert. type: object required: - - config - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - dedupKey + - eventAction properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - connector_type_id: + dedupKey: + description: The deduplication key for the PagerDuty alert. type: string - description: The type of connector. - enum: - - .bedrock - id: + maxLength: 255 + eventAction: + description: The type of event. type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: + enum: + - acknowledge + - resolve + Connectors_run_connector_params_documents: + title: Index connector parameters + description: Test an action that indexes a document into Elasticsearch. + type: object + required: + - documents + properties: + documents: + type: array + description: The documents in JSON format for index connectors. + items: + type: object + additionalProperties: true + Connectors_run_connector_params_message_email: + title: Email connector parameters + description: > + Test an action that sends an email message. There must be at least one + recipient in `to`, `cc`, or `bcc`. + type: object + anyOf: + - required: + - bcc + - message + - subject + - required: + - cc + - message + - subject + - required: + - to + - message + - subject + properties: + bcc: + type: array + items: + type: string + description: > + A list of "blind carbon copy" email addresses. Addresses can be + specified in `user@host-name` format or in name `` + format + cc: + type: array + items: + type: string + description: > + A list of "carbon copy" email addresses. Addresses can be specified + in `user@host-name` format or in name `` format + message: type: string - description: The display name for the connector. - Connectors_connector_response_properties_gemini: - title: Connector response properties for a Google Gemini connector + description: The email message text. Markdown format is supported. + subject: + type: string + description: The subject line of the email. + to: + type: array + description: > + A list of email addresses. Addresses can be specified in + `user@host-name` format or in name `` format. + items: + type: string + Connectors_run_connector_params_message_serverlog: + title: Server log connector parameters + description: Test an action that writes an entry to the Kibana server log. type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - message properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - connector_type_id: + level: type: string - description: The type of connector. + description: The log level of the message for server log connectors. enum: - - .gemini - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: + - debug + - error + - fatal + - info + - trace + - warn + default: info + message: type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_cases_webhook: - title: Connector request properties for a Webhook - Case Management connector + description: The message for server log connectors. + Connectors_run_connector_params_message_slack: + title: Slack connector parameters + description: > + Test an action that sends a message to Slack. It is applicable only when + the connector type is `.slack`. type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - message properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' - connector_type_id: - description: The type of connector. - type: string - enum: - - .cases-webhook - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: + message: type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_d3security: - title: Connector response properties for a D3 Security connector + description: >- + The Slack message text, which cannot contain Markdown, images, or + other advanced formatting. + Connectors_run_connector_params_trigger_pagerduty: + title: PagerDuty connector parameters + description: Test an action that triggers a PagerDuty alert. type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - eventAction properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - connector_type_id: + class: + description: The class or type of the event. + type: string + example: cpu load + component: + description: >- + The component of the source machine that is responsible for the + event. + type: string + example: eth0 + customDetails: + description: Additional details to add to the event. + type: object + dedupKey: + description: > + All actions sharing this key will be associated with the same + PagerDuty alert. This value is used to correlate trigger and + resolution. + type: string + maxLength: 255 + eventAction: + description: The type of event. type: string - description: The type of connector. enum: - - .d3security - id: + - trigger + group: + description: The logical grouping of components of a service. type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: + example: app-stack + links: + description: A list of links to add to the event. + type: array + items: + type: object + properties: + href: + description: The URL for the link. + type: string + text: + description: A plain text description of the purpose of the link. + type: string + severity: + description: The severity of the event on the affected system. type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_email: - title: Connector response properties for an email connector + enum: + - critical + - error + - info + - warning + default: info + source: + description: > + The affected system, such as a hostname or fully qualified domain + name. Defaults to the Kibana saved object id of the action. + type: string + summary: + description: A summery of the event. + type: string + maxLength: 1024 + timestamp: + description: >- + An ISO-8601 timestamp that indicates when the event was detected or + generated. + type: string + format: date-time + Connectors_run_connector_subaction_addevent: + title: The addEvent subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + description: The `addEvent` subaction for ServiceNow ITOM connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .email - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_genai: - title: Connector response properties for an OpenAI connector + - addEvent + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + additional_info: + type: string + description: Additional information about the event. + description: + type: string + description: The details about the event. + event_class: + type: string + description: A specific instance of the source. + message_key: + type: string + description: >- + All actions sharing this key are associated with the same + ServiceNow alert. The default value is `:`. + metric_name: + type: string + description: The name of the metric. + node: + type: string + description: The host that the event was triggered for. + resource: + type: string + description: The name of the resource. + severity: + type: string + description: The severity of the event. + source: + type: string + description: The name of the event source type. + time_of_event: + type: string + description: The time of the event. + type: + type: string + description: The type of event. + Connectors_run_connector_subaction_closealert: + title: The closeAlert subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: The `closeAlert` subaction for Opsgenie connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_genai' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .gen-ai - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_index: - title: Connector response properties for an index connector + - closeAlert + subActionParams: + type: object + required: + - alias + properties: + alias: + type: string + description: >- + The unique identifier used for alert deduplication in Opsgenie. + The alias must match the value used when creating the alert. + note: + type: string + description: Additional information for the alert. + source: + type: string + description: The display name for the source of the alert. + user: + type: string + description: The display name for the owner. + Connectors_run_connector_subaction_closeincident: + title: The closeIncident subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: The `closeIncident` subaction for ServiceNow ITSM connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .index - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_jira: - title: Connector response properties for a Jira connector + - closeIncident + subActionParams: + type: object + required: + - incident + properties: + incident: + type: object + anyOf: + - required: + - correlation_id + - required: + - externalId + properties: + correlation_id: + type: string + nullable: true + description: > + An identifier that is assigned to the incident when it is + created by the connector. NOTE: If you use the default value + and the rule generates multiple alerts that use the same + alert IDs, the latest open incident for this correlation ID + is closed unless you specify the external ID. + maxLength: 100 + default: '{{rule.id}}:{{alert.id}}' + externalId: + type: string + nullable: true + description: >- + The unique identifier (`incidentId`) for the incident in + ServiceNow. + Connectors_run_connector_subaction_createalert: + title: The createAlert subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: The `createAlert` subaction for Opsgenie connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .jira - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_opsgenie: - title: Connector response properties for an Opsgenie connector + - createAlert + subActionParams: + type: object + required: + - message + properties: + actions: + type: array + description: The custom actions available to the alert. + items: + type: string + alias: + type: string + description: The unique identifier used for alert deduplication in Opsgenie. + description: + type: string + description: >- + A description that provides detailed information about the + alert. + details: + type: object + description: The custom properties of the alert. + additionalProperties: true + example: + key1: value1 + key2: value2 + entity: + type: string + description: >- + The domain of the alert. For example, the application or server + name. + message: + type: string + description: The alert message. + note: + type: string + description: Additional information for the alert. + priority: + type: string + description: The priority level for the alert. + enum: + - P1 + - P2 + - P3 + - P4 + - P5 + responders: + type: array + description: > + The entities to receive notifications about the alert. If `type` + is `user`, either `id` or `username` is required. If `type` is + `team`, either `id` or `name` is required. + items: + type: object + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: The type of responders, in this case `escalation`. + enum: + - escalation + - schedule + - team + - user + username: + type: string + description: A valid email address for the user. + source: + type: string + description: The display name for the source of the alert. + tags: + type: array + description: The tags for the alert. + items: + type: string + user: + type: string + description: The display name for the owner. + visibleTo: + type: array + description: >- + The teams and users that the alert will be visible to without + sending a notification. Only one of `id`, `name`, or `username` + is required. + items: + type: object + required: + - type + properties: + id: + type: string + description: The identifier for the entity. + name: + type: string + description: The name of the entity. + type: + type: string + description: Valid values are `team` and `user`. + enum: + - team + - user + username: + type: string + description: >- + The user name. This property is required only when the + `type` is `user`. + Connectors_run_connector_subaction_fieldsbyissuetype: + title: The fieldsByIssueType subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: The `fieldsByIssueType` subaction for Jira connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .opsgenie - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_pagerduty: - title: Connector response properties for a PagerDuty connector + - fieldsByIssueType + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue type identifier. + example: 10024 + Connectors_run_connector_subaction_getchoices: + title: The getChoices subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: >- + The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and + ServiceNow SecOps connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .pagerduty - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_resilient: - title: Connector response properties for a IBM Resilient connector + - getChoices + subActionParams: + type: object + description: The set of configuration properties for the action. + required: + - fields + properties: + fields: + type: array + description: An array of fields. + items: + type: string + Connectors_run_connector_subaction_getfields: + title: The getFields subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + description: >- + The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow + SecOps connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .resilient - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_sentinelone: - title: Connector response properties for a SentinelOne connector + - getFields + Connectors_run_connector_subaction_getincident: + title: The getIncident subaction type: object + description: >- + The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow + SecOps connectors. required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .sentinelone - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_serverlog: - title: Connector response properties for a server log connector - type: object - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - properties: - config: + - getIncident + subActionParams: type: object - nullable: true - connector_type_id: - type: string - description: The type of connector. - enum: - - .server-log - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_servicenow: - title: Connector response properties for a ServiceNow ITSM connector - type: object - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: - type: string - description: The type of connector. - enum: - - .servicenow - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_servicenow_itom: - title: Connector response properties for a ServiceNow ITOM connector + required: + - externalId + properties: + externalId: + type: string + description: >- + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue + identifier. + example: 71778 + Connectors_run_connector_subaction_issue: + title: The issue subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + description: The `issue` subaction for Jira connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .servicenow-itom - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_servicenow_sir: - title: Connector response properties for a ServiceNow SecOps connector + - issue + subActionParams: + type: object + required: + - id + properties: + id: + type: string + description: The Jira issue identifier. + example: 71778 + Connectors_run_connector_subaction_issues: + title: The issues subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: The `issues` subaction for Jira connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .servicenow-sir - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_slack_api: - title: Connector response properties for a Slack connector + - issues + subActionParams: + type: object + required: + - title + properties: + title: + type: string + description: The title of the Jira issue. + Connectors_run_connector_subaction_issuetypes: + title: The issueTypes subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + description: The `issueTypes` subaction for Jira connectors. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .slack_api - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_slack_webhook: - title: Connector response properties for a Slack connector + - issueTypes + Connectors_run_connector_subaction_pushtoservice: + title: The pushToService subaction type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams + description: >- + The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow + SecOps, Swimlane, and Webhook - Case Management connectors. properties: - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .slack - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_swimlane: - title: Connector response properties for a Swimlane connector + - pushToService + subActionParams: + type: object + description: The set of configuration properties for the action. + properties: + comments: + type: array + description: >- + Additional information that is sent to Jira, ServiceNow ITSM, + ServiceNow SecOps, or Swimlane. + items: + type: object + properties: + comment: + type: string + description: >- + A comment related to the incident. For example, describe + how to troubleshoot the issue. + commentId: + type: integer + description: A unique identifier for the comment. + incident: + type: object + description: >- + Information necessary to create or update a Jira, ServiceNow + ITSM, ServiveNow SecOps, or Swimlane incident. + properties: + alertId: + type: string + description: The alert identifier for Swimlane connectors. + caseId: + type: string + description: >- + The case identifier for the incident for Swimlane + connectors. + caseName: + type: string + description: The case name for the incident for Swimlane connectors. + category: + type: string + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + correlation_display: + type: string + description: >- + A descriptive label of the alert for correlation purposes + for ServiceNow ITSM and ServiceNow SecOps connectors. + correlation_id: + type: string + description: > + The correlation identifier for the security incident for + ServiceNow ITSM and ServiveNow SecOps connectors. Connectors + using the same correlation ID are associated with the same + ServiceNow incident. This value determines whether a new + ServiceNow incident is created or an existing one is + updated. Modifying this value is optional; if not modified, + the rule ID and alert ID are combined as `{{ruleID}}:{{alert + ID}}` to form the correlation ID value in ServiceNow. The + maximum character length for this value is 100 characters. + NOTE: Using the default configuration of `{{ruleID}}:{{alert + ID}}` ensures that ServiceNow creates a separate incident + record for every generated alert that uses a unique alert + ID. If the rule generates multiple alerts that use the same + alert IDs, ServiceNow creates and continually updates a + single incident record for the alert. + description: + type: string + description: >- + The description of the incident for Jira, ServiceNow ITSM, + ServiceNow SecOps, Swimlane, and Webhook - Case Management + connectors. + dest_ip: + description: > + A list of destination IP addresses related to the security + incident for ServiceNow SecOps connectors. The IPs are added + as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + externalId: + type: string + description: > + The Jira, ServiceNow ITSM, or ServiceNow SecOps issue + identifier. If present, the incident is updated. Otherwise, + a new incident is created. + id: + type: string + description: >- + The external case identifier for Webhook - Case Management + connectors. + impact: + type: string + description: The impact of the incident for ServiceNow ITSM connectors. + issueType: + type: integer + description: >- + The type of incident for Jira connectors. For example, + 10006. To obtain the list of valid values, set `subAction` + to `issueTypes`. + labels: + type: array + items: + type: string + description: > + The labels for the incident for Jira connectors. NOTE: + Labels cannot contain spaces. + malware_hash: + description: >- + A list of malware hashes related to the security incident + for ServiceNow SecOps connectors. The hashes are added as + observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + malware_url: + type: string + description: >- + A list of malware URLs related to the security incident for + ServiceNow SecOps connectors. The URLs are added as + observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + otherFields: + type: object + additionalProperties: true + maxProperties: 20 + description: > + Custom field identifiers and their values for Jira + connectors. + parent: + type: string + description: >- + The ID or key of the parent issue for Jira connectors. + Applies only to `Sub-task` types of issues. + priority: + type: string + description: >- + The priority of the incident in Jira and ServiceNow SecOps + connectors. + ruleName: + type: string + description: The rule name for Swimlane connectors. + severity: + type: string + description: >- + The severity of the incident for ServiceNow ITSM and + Swimlane connectors. + short_description: + type: string + description: > + A short description of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. It is used for searching the + contents of the knowledge base. + source_ip: + description: >- + A list of source IP addresses related to the security + incident for ServiceNow SecOps connectors. The IPs are added + as observables to the security incident. + oneOf: + - type: string + - type: array + items: + type: string + status: + type: string + description: >- + The status of the incident for Webhook - Case Management + connectors. + subcategory: + type: string + description: >- + The subcategory of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + summary: + type: string + description: A summary of the incident for Jira connectors. + tags: + type: array + items: + type: string + description: A list of tags for Webhook - Case Management connectors. + title: + type: string + description: > + A title for the incident for Jira and Webhook - Case + Management connectors. It is used for searching the contents + of the knowledge base. + urgency: + type: string + description: The urgency of the incident for ServiceNow ITSM connectors. + Connectors_run_connector_subaction_postmessage: + title: The postMessage subaction type: object + description: > + Test an action that sends a message to Slack. It is applicable only when + the connector type is `.slack_api`. required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .swimlane - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_teams: - title: Connector response properties for a Microsoft Teams connector - type: object - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - properties: - config: + - postMessage + subActionParams: type: object - connector_type_id: - type: string - description: The type of connector. - enum: - - .teams - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_tines: - title: Connector response properties for a Tines connector - type: object - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - connector_type_id: - type: string - description: The type of connector. - enum: - - .tines - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_torq: - title: Connector response properties for a Torq connector - type: object - required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - connector_type_id: - type: string - description: The type of connector. - enum: - - .torq - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_webhook: - title: Connector response properties for a Webhook connector + description: The set of configuration properties for the action. + properties: + channelIds: + type: array + maxItems: 1 + description: > + The Slack channel identifier, which must be one of the + `allowedChannels` in the connector configuration. + items: + type: string + channels: + type: array + deprecated: true + description: | + The name of a channel that your Slack app has access to. + maxItems: 1 + items: + type: string + text: + type: string + description: > + The Slack message text. If it is a Slack webhook connector, the + text cannot contain Markdown, images, or other advanced + formatting. If it is a Slack web API connector, it can contain + either plain text or block kit messages. + minLength: 1 + Connectors_run_connector_subaction_validchannelid: + title: The validChannelId subaction type: object + description: > + Retrieves information about a valid Slack channel identifier. It is + applicable only when the connector type is `.slack_api`. required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - subAction + - subActionParams properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - connector_type_id: + subAction: type: string - description: The type of connector. + description: The action to test. enum: - - .webhook - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_connector_response_properties_xmatters: - title: Connector response properties for an xMatters connector + - validChannelId + subActionParams: + type: object + required: + - channelId + properties: + channelId: + type: string + description: The Slack channel identifier. + example: C123ABC456 + Connectors_run_connector_request: + title: Run connector request body properties + description: The properties vary depending on the connector type. type: object required: - - connector_type_id - - id - - is_deprecated - - is_preconfigured - - name + - params properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - connector_type_id: - type: string - description: The type of connector. - enum: - - .xmatters - id: - type: string - description: The identifier for the connector. - is_deprecated: - $ref: '#/components/schemas/Connectors_is_deprecated' - is_missing_secrets: - $ref: '#/components/schemas/Connectors_is_missing_secrets' - is_preconfigured: - $ref: '#/components/schemas/Connectors_is_preconfigured' - is_system_action: - $ref: '#/components/schemas/Connectors_is_system_action' - name: - type: string - description: The display name for the connector. - referenced_by_count: - $ref: '#/components/schemas/Connectors_referenced_by_count' - Connectors_is_deprecated: - type: boolean - description: Indicates whether the connector type is deprecated. - example: false - Connectors_is_missing_secrets: - type: boolean - description: >- - Indicates whether secrets are missing for the connector. Secrets - configuration properties vary depending on the connector type. - example: false - Connectors_is_preconfigured: - type: boolean - description: > - Indicates whether it is a preconfigured connector. If true, the `config` - and `is_missing_secrets` properties are omitted from the response. - example: false - Connectors_is_system_action: - type: boolean - description: Indicates whether the connector is used for system actions. - example: false - Connectors_referenced_by_count: - type: integer - description: > - Indicates the number of saved objects that reference the connector. If - `is_preconfigured` is true, this value is not calculated. This property - is returned only by the get all connectors API. - example: 2 - Connectors_connector_response_properties: - title: Connector response properties - description: The properties vary depending on the connector type. - oneOf: - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - - $ref: '#/components/schemas/Connectors_connector_response_properties_gemini' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_d3security - - $ref: '#/components/schemas/Connectors_connector_response_properties_email' - - $ref: '#/components/schemas/Connectors_connector_response_properties_genai' - - $ref: '#/components/schemas/Connectors_connector_response_properties_index' - - $ref: '#/components/schemas/Connectors_connector_response_properties_jira' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_resilient - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - - $ref: '#/components/schemas/Connectors_connector_response_properties_teams' - - $ref: '#/components/schemas/Connectors_connector_response_properties_tines' - - $ref: '#/components/schemas/Connectors_connector_response_properties_torq' - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_webhook - - $ref: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - discriminator: - propertyName: connector_type_id - mapping: - .bedrock: >- - #/components/schemas/Connectors_connector_response_properties_bedrock - .gemini: '#/components/schemas/Connectors_connector_response_properties_gemini' - .cases-webhook: >- - #/components/schemas/Connectors_connector_response_properties_cases_webhook - .d3security: >- - #/components/schemas/Connectors_connector_response_properties_d3security - .email: '#/components/schemas/Connectors_connector_response_properties_email' - .gen-ai: '#/components/schemas/Connectors_connector_response_properties_genai' - .index: '#/components/schemas/Connectors_connector_response_properties_index' - .jira: '#/components/schemas/Connectors_connector_response_properties_jira' - .opsgenie: >- - #/components/schemas/Connectors_connector_response_properties_opsgenie - .pagerduty: >- - #/components/schemas/Connectors_connector_response_properties_pagerduty - .resilient: >- - #/components/schemas/Connectors_connector_response_properties_resilient - .sentinelone: >- - #/components/schemas/Connectors_connector_response_properties_sentinelone - .server-log: >- - #/components/schemas/Connectors_connector_response_properties_serverlog - .servicenow: >- - #/components/schemas/Connectors_connector_response_properties_servicenow - .servicenow-itom: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_itom - .servicenow-sir: >- - #/components/schemas/Connectors_connector_response_properties_servicenow_sir - .slack_api: >- - #/components/schemas/Connectors_connector_response_properties_slack_api - .slack: >- - #/components/schemas/Connectors_connector_response_properties_slack_webhook - .swimlane: >- - #/components/schemas/Connectors_connector_response_properties_swimlane - .teams: '#/components/schemas/Connectors_connector_response_properties_teams' - .tines: '#/components/schemas/Connectors_connector_response_properties_tines' - .torq: '#/components/schemas/Connectors_connector_response_properties_torq' - .webhook: >- - #/components/schemas/Connectors_connector_response_properties_webhook - .xmatters: >- - #/components/schemas/Connectors_connector_response_properties_xmatters - Connectors_update_connector_request_bedrock: - title: Update Amazon Bedrock connector request + params: + oneOf: + - $ref: >- + #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty + - $ref: '#/components/schemas/Connectors_run_connector_params_documents' + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_email + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_serverlog + - $ref: >- + #/components/schemas/Connectors_run_connector_params_message_slack + - $ref: >- + #/components/schemas/Connectors_run_connector_params_trigger_pagerduty + - title: Subaction parameters + description: Test an action that involves a subaction. + oneOf: + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_addevent + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_closealert + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_closeincident + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_createalert + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getchoices + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getfields + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_getincident + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issue + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issues + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_issuetypes + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_postmessage + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_pushtoservice + - $ref: >- + #/components/schemas/Connectors_run_connector_subaction_validchannelid + discriminator: + propertyName: subAction + mapping: + addEvent: >- + #/components/schemas/Connectors_run_connector_subaction_addevent + closeAlert: >- + #/components/schemas/Connectors_run_connector_subaction_closealert + closeIncident: >- + #/components/schemas/Connectors_run_connector_subaction_closeincident + createAlert: >- + #/components/schemas/Connectors_run_connector_subaction_createalert + fieldsByIssueType: >- + #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype + getChoices: >- + #/components/schemas/Connectors_run_connector_subaction_getchoices + getFields: >- + #/components/schemas/Connectors_run_connector_subaction_getfields + getIncident: >- + #/components/schemas/Connectors_run_connector_subaction_getincident + issue: >- + #/components/schemas/Connectors_run_connector_subaction_issue + issues: >- + #/components/schemas/Connectors_run_connector_subaction_issues + issueTypes: >- + #/components/schemas/Connectors_run_connector_subaction_issuetypes + pushToService: >- + #/components/schemas/Connectors_run_connector_subaction_pushtoservice + Connectors_features: + type: string + description: | + The feature that uses the connector. + enum: + - alerting + - cases + - generativeAIForSecurity + - generativeAIForObservability + - generativeAIForSearchPlayground + - siem + - uptime + Connectors_connector_types: + title: Connector types + type: string + description: >- + The type of connector. For example, `.email`, `.index`, `.jira`, + `.opsgenie`, or `.server-log`. + enum: + - .bedrock + - .gemini + - .cases-webhook + - .d3security + - .email + - .gen-ai + - .index + - .jira + - .opsgenie + - .pagerduty + - .resilient + - .sentinelone + - .servicenow + - .servicenow-itom + - .servicenow-sir + - .server-log + - .slack + - .slack_api + - .swimlane + - .teams + - .tines + - .torq + - .webhook + - .xmatters + example: .server-log + Connectors_action_response_properties: + title: Action response properties + description: The properties vary depending on the action type. type: object - required: - - config - - name properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_bedrock' - name: + actionTypeId: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_bedrock' - Connectors_update_connector_request_gemini: - title: Update Google Gemini connector request - type: object - required: - - config - - name - properties: config: - $ref: '#/components/schemas/Connectors_config_properties_gemini' - name: + type: object + id: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_gemini' - Connectors_update_connector_request_cases_webhook: - title: Update Webhook - Case Managment connector request - type: object - required: - - config - - name - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_cases_webhook' + isDeprecated: + type: boolean + description: Indicates whether the action type is deprecated. + isMissingSecrets: + type: boolean + description: Indicates whether secrets are missing for the action. + isPreconfigured: + type: boolean + description: Indicates whether it is a preconfigured action. name: type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_cases_webhook' - Connectors_update_connector_request_d3security: - title: Update D3 Security connector request + Data_views_400_response: + title: Bad request type: object required: - - config - - name - - secrets + - statusCode + - error + - message properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_d3security' - name: + statusCode: + type: number + example: 400 + error: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_d3security' - Connectors_update_connector_request_email: - title: Update email connector request - type: object - required: - - config - - name - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_email' - name: + example: Bad Request + message: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_email' - Connectors_update_connector_request_index: - title: Update index connector request + Data_views_allownoindex: + type: boolean + description: Allows the data view saved object to exist before the data is available. + Data_views_fieldattrs: type: object - required: - - config - - name + description: A map of field attributes by field name. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_index' - name: + count: + type: integer + description: Popularity count for the field. + customDescription: type: string - description: The display name for the connector. - Connectors_update_connector_request_jira: - title: Update Jira connector request - type: object - required: - - config - - name - - secrets - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_jira' - name: + description: Custom description for the field. + maxLength: 300 + customLabel: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_jira' - Connectors_update_connector_request_opsgenie: - title: Update Opsgenie connector request + description: Custom label for the field. + Data_views_fieldformats: type: object - required: - - config - - name - - secrets - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_opsgenie' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_opsgenie' - Connectors_update_connector_request_pagerduty: - title: Update PagerDuty connector request + description: A map of field formats by field name. + Data_views_namespaces: + type: array + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + type: string + default: default + Data_views_runtimefieldmap: type: object + description: A map of runtime field definitions by field name. required: - - config - - name - - secrets + - script + - type properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_pagerduty' - name: + script: + type: object + properties: + source: + type: string + description: Script for the runtime field. + type: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_pagerduty' - Connectors_update_connector_request_resilient: - title: Update IBM Resilient connector request + description: Mapping type of the runtime field. + Data_views_sourcefilters: + type: array + description: The array of field names you want to filter out in Discover. + items: + type: object + required: + - value + properties: + value: + type: string + Data_views_timefieldname: + type: string + description: The timestamp field name, which you use for time-based data views. + Data_views_title: + type: string + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + Data_views_type: + type: string + description: When set to `rollup`, identifies the rollup data views. + Data_views_typemeta: type: object + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. required: - - config - - name - - secrets + - aggs + - params properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_resilient' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_resilient' - Connectors_update_connector_request_sentinelone: - title: Update SentinelOne connector request + aggs: + type: object + description: A map of rollup restrictions by aggregation type and field name. + params: + type: object + description: Properties for retrieving rollup fields. + Data_views_create_data_view_request_object: + title: Create data view request type: object required: - - config - - name - - secrets + - data_view properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_sentinelone' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_sentinelone' - Connectors_update_connector_request_serverlog: - title: Update server log connector request + data_view: + type: object + required: + - title + description: The data view object. + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + type: object + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + type: string + description: The data view name. + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + override: + type: boolean + description: >- + Override an existing data view if a data view with the provided + title already exists. + default: false + Data_views_typemeta_response: type: object - required: - - name + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true properties: - name: - type: string - description: The display name for the connector. - Connectors_update_connector_request_servicenow: - title: Update ServiceNow ITSM connector or ServiceNow SecOps request + aggs: + type: object + description: A map of rollup restrictions by aggregation type and field name. + params: + type: object + description: Properties for retrieving rollup fields. + Data_views_data_view_response_object: + title: Data view response properties type: object - required: - - config - - name - - secrets properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - Connectors_update_connector_request_servicenow_itom: - title: Create ServiceNow ITOM connector request + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + type: object + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: + type: string + description: The data view name. + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + type: string + example: WzQ2LDJd + Data_views_404_response: type: object - required: - - config - - name - - secrets properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_servicenow_itom' - name: + error: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_servicenow' - Connectors_update_connector_request_slack_api: - title: Update Slack connector request - type: object - required: - - name - - secrets - properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_slack_api' - name: + example: Not Found + enum: + - Not Found + message: type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_api' - Connectors_update_connector_request_slack_webhook: - title: Update Slack connector request + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + statusCode: + type: integer + example: 404 + enum: + - 404 + Data_views_update_data_view_request_object: + title: Update data view request type: object required: - - name - - secrets + - data_view properties: - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_slack_webhook' - Connectors_update_connector_request_swimlane: - title: Update Swimlane connector request + data_view: + type: object + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + type: boolean + description: Reloads the data view fields after the data view is updated. + default: false + Data_views_swap_data_view_request_object: + title: Data view reference swap request type: object required: - - config - - name - - secrets + - fromId + - toId properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_swimlane' - name: + delete: + type: boolean + description: Deletes referenced saved object if all references are removed. + forId: + oneOf: + - type: string + - type: array + items: + type: string + description: Limit the affected saved objects to one or more by identifier. + forType: type: string - description: The display name for the connector. - example: my-connector - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_swimlane' - Connectors_update_connector_request_teams: - title: Update Microsoft Teams connector request + description: Limit the affected saved objects by type. + fromId: + type: string + description: The saved object reference to change. + fromType: + type: string + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + toId: + type: string + description: New saved object reference value to replace the old value. + Machine_learning_APIs_mlSyncResponseSuccess: + type: boolean + description: The success or failure of the synchronization. + Machine_learning_APIs_mlSyncResponseAnomalyDetectors: type: object - required: - - name - - secrets + title: Sync API response for anomaly detection jobs + description: >- + The sync machine learning saved objects API response contains this + object when there are anomaly detection jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_teams' - Connectors_update_connector_request_tines: - title: Update Tines connector request + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + Machine_learning_APIs_mlSyncResponseDatafeeds: type: object - required: - - config - - name - - secrets + title: Sync API response for datafeeds + description: >- + The sync machine learning saved objects API response contains this + object when there are datafeeds affected by the synchronization. There + is an object for each relevant datafeed, which contains the + synchronization status. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_tines' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_tines' - Connectors_update_connector_request_torq: - title: Update Torq connector request + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: type: object - required: - - config - - name - - secrets + title: Sync API response for data frame analytics jobs + description: >- + The sync machine learning saved objects API response contains this + object when there are data frame analytics jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_torq' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_torq' - Connectors_update_connector_request_webhook: - title: Update Webhook connector request + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: type: object - required: - - config - - name - - secrets + title: Sync API response for created saved objects + description: >- + If saved objects are missing for machine learning jobs or trained + models, they are created when you run the sync machine learning saved + objects API. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_webhook' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_webhook' - Connectors_update_connector_request_xmatters: - title: Update xMatters connector request + anomaly-detector: + type: object + description: >- + If saved objects are missing for anomaly detection jobs, they are + created. + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + data-frame-analytics: + type: object + description: >- + If saved objects are missing for data frame analytics jobs, they are + created. + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + trained-model: + type: object + description: If saved objects are missing for trained models, they are created. + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: type: object - required: - - config - - name - - secrets + title: Sync API response for deleted saved objects + description: >- + If saved objects exist for machine learning jobs or trained models that + no longer exist, they are deleted when you run the sync machine learning + saved objects API. properties: - config: - $ref: '#/components/schemas/Connectors_config_properties_xmatters' - name: - type: string - description: The display name for the connector. - secrets: - $ref: '#/components/schemas/Connectors_secrets_properties_xmatters' - Connectors_update_connector_request: - title: Update connector request body properties - description: The properties vary depending on the connector type. - oneOf: - - $ref: '#/components/schemas/Connectors_update_connector_request_bedrock' - - $ref: '#/components/schemas/Connectors_update_connector_request_gemini' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_cases_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_d3security' - - $ref: '#/components/schemas/Connectors_update_connector_request_email' - - $ref: '#/components/schemas/Connectors_create_connector_request_genai' - - $ref: '#/components/schemas/Connectors_update_connector_request_index' - - $ref: '#/components/schemas/Connectors_update_connector_request_jira' - - $ref: '#/components/schemas/Connectors_update_connector_request_opsgenie' - - $ref: '#/components/schemas/Connectors_update_connector_request_pagerduty' - - $ref: '#/components/schemas/Connectors_update_connector_request_resilient' - - $ref: '#/components/schemas/Connectors_update_connector_request_sentinelone' - - $ref: '#/components/schemas/Connectors_update_connector_request_serverlog' - - $ref: '#/components/schemas/Connectors_update_connector_request_servicenow' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_servicenow_itom - - $ref: '#/components/schemas/Connectors_update_connector_request_slack_api' - - $ref: >- - #/components/schemas/Connectors_update_connector_request_slack_webhook - - $ref: '#/components/schemas/Connectors_update_connector_request_swimlane' - - $ref: '#/components/schemas/Connectors_update_connector_request_teams' - - $ref: '#/components/schemas/Connectors_update_connector_request_tines' - - $ref: '#/components/schemas/Connectors_update_connector_request_torq' - - $ref: '#/components/schemas/Connectors_update_connector_request_webhook' - - $ref: '#/components/schemas/Connectors_update_connector_request_xmatters' - Connectors_run_connector_params_acknowledge_resolve_pagerduty: - title: PagerDuty connector parameters - description: Test an action that acknowledges or resolves a PagerDuty alert. + anomaly-detector: + type: object + description: >- + If there are saved objects exist for nonexistent anomaly detection + jobs, they are deleted. + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + data-frame-analytics: + type: object + description: >- + If there are saved objects exist for nonexistent data frame + analytics jobs, they are deleted. + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + trained-model: + type: object + description: >- + If there are saved objects exist for nonexistent trained models, + they are deleted. + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + Machine_learning_APIs_mlSyncResponseTrainedModels: type: object - required: - - dedupKey - - eventAction + title: Sync API response for trained models + description: >- + The sync machine learning saved objects API response contains this + object when there are trained models affected by the synchronization. + There is an object for each relevant trained model, which contains the + synchronization status. properties: - dedupKey: - description: The deduplication key for the PagerDuty alert. - type: string - maxLength: 255 - eventAction: - description: The type of event. - type: string - enum: - - acknowledge - - resolve - Connectors_run_connector_params_documents: - title: Index connector parameters - description: Test an action that indexes a document into Elasticsearch. + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + Machine_learning_APIs_mlSync200Response: type: object - required: - - documents + title: Successful sync API response properties: - documents: - type: array - description: The documents in JSON format for index connectors. - items: - type: object - additionalProperties: true - Connectors_run_connector_params_message_email: - title: Email connector parameters - description: > - Test an action that sends an email message. There must be at least one - recipient in `to`, `cc`, or `bcc`. + datafeedsAdded: + type: object + description: >- + If a saved object for an anomaly detection job is missing a datafeed + identifier, it is added when you run the sync machine learning saved + objects API. + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + datafeedsRemoved: + type: object + description: >- + If a saved object for an anomaly detection job references a datafeed + that no longer exists, it is deleted when you run the sync machine + learning saved objects API. + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + savedObjectsCreated: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + savedObjectsDeleted: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + Machine_learning_APIs_mlSync4xxResponse: type: object - anyOf: - - required: - - bcc - - message - - subject - - required: - - cc - - message - - subject - - required: - - to - - message - - subject + title: Unsuccessful sync API response properties: - bcc: - type: array - items: - type: string - description: > - A list of "blind carbon copy" email addresses. Addresses can be - specified in `user@host-name` format or in name `` - format - cc: - type: array - items: - type: string - description: > - A list of "carbon copy" email addresses. Addresses can be specified - in `user@host-name` format or in name `` format - message: + error: type: string - description: The email message text. Markdown format is supported. - subject: + example: Unauthorized + message: type: string - description: The subject line of the email. - to: - type: array - description: > - A list of email addresses. Addresses can be specified in - `user@host-name` format or in name `` format. - items: - type: string - Connectors_run_connector_params_message_serverlog: - title: Server log connector parameters - description: Test an action that writes an entry to the Kibana server log. + statusCode: + type: integer + example: 401 + Saved_objects_400_response: + title: Bad request type: object required: + - error - message + - statusCode properties: - level: + error: type: string - description: The log level of the message for server log connectors. enum: - - debug - - error - - fatal - - info - - trace - - warn - default: info + - Bad Request message: type: string - description: The message for server log connectors. - Connectors_run_connector_params_message_slack: - title: Slack connector parameters - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack`. + statusCode: + type: integer + enum: + - 400 + Saved_objects_attributes: type: object + description: > + The data that you want to create. WARNING: When you create saved + objects, attributes are not validated, which allows you to pass + arbitrary and ill-formed data into the API that can break Kibana. Make + sure any data that you send to the API is properly formed. + Saved_objects_initial_namespaces: + type: array + description: > + Identifiers for the spaces in which this object is created. If this is + provided, the object is created only in the explicitly defined spaces. + If this is not provided, the object is created in the current space + (default behavior). For shareable object types (registered with + `namespaceType: 'multiple'`), this option can be used to specify one or + more spaces, including the "All spaces" identifier ('*'). For isolated + object types (registered with `namespaceType: 'single'` or + `namespaceType: 'multiple-isolated'`), this option can only be used to + specify a single space, and the "All spaces" identifier ('*') is not + allowed. For global object types (`registered with `namespaceType: + agnostic`), this option cannot be used. + Saved_objects_references: + type: array + description: > + Objects with `name`, `id`, and `type` properties that describe the other + saved objects that this object references. Use `name` in attributes to + refer to the other saved object, but never the `id`, which can update + automatically during migrations or import and export. + SLOs_indicator_properties_apm_availability: + title: APM availability required: - - message + - type + - params + description: Defines properties for the APM availability indicator type + type: object properties: - message: + params: + description: An object containing the indicator parameters. + type: object + nullable: false + required: + - service + - environment + - transactionType + - transactionName + - index + properties: + service: + description: The APM service name + type: string + example: o11y-app + environment: + description: The APM service environment or "*" + type: string + example: production + transactionType: + description: The APM transaction type or "*" + type: string + example: request + transactionName: + description: The APM transaction name or "*" + type: string + example: GET /my/api + filter: + description: KQL query used for filtering the data + type: string + example: 'service.foo : "bar"' + index: + description: The index used by APM metrics + type: string + example: metrics-apm*,apm* + type: + description: The type of indicator. type: string - description: >- - The Slack message text, which cannot contain Markdown, images, or - other advanced formatting. - Connectors_run_connector_params_trigger_pagerduty: - title: PagerDuty connector parameters - description: Test an action that triggers a PagerDuty alert. + example: sli.apm.transactionDuration + SLOs_filter_meta: + title: FilterMeta + description: Defines properties for a filter type: object - required: - - eventAction properties: - class: - description: The class or type of the event. + alias: type: string - example: cpu load - component: - description: >- - The component of the source machine that is responsible for the - event. + nullable: true + disabled: + type: boolean + negate: + type: boolean + controlledBy: type: string - example: eth0 - customDetails: - description: Additional details to add to the event. - type: object - dedupKey: - description: > - All actions sharing this key will be associated with the same - PagerDuty alert. This value is used to correlate trigger and - resolution. + group: type: string - maxLength: 255 - eventAction: - description: The type of event. + index: type: string - enum: - - trigger - group: - description: The logical grouping of components of a service. + isMultiIndex: + type: boolean + type: type: string - example: app-stack - links: - description: A list of links to add to the event. - type: array - items: - type: object - properties: - href: - description: The URL for the link. - type: string - text: - description: A plain text description of the purpose of the link. - type: string - severity: - description: The severity of the event on the affected system. + key: type: string - enum: - - critical - - error - - info - - warning - default: info - source: - description: > - The affected system, such as a hostname or fully qualified domain - name. Defaults to the Kibana saved object id of the action. + params: + type: object + value: type: string - summary: - description: A summery of the event. + field: + type: string + SLOs_filter: + title: Filter + description: Defines properties for a filter + type: object + properties: + query: + type: object + meta: + $ref: '#/components/schemas/SLOs_filter_meta' + SLOs_kql_with_filters: + title: KQL with filters + description: Defines properties for a filter + oneOf: + - description: the KQL query to filter the documents with. + type: string + example: 'field.environment : "production" and service.name : "my-service"' + - type: object + properties: + kqlQuery: + type: string + filters: + type: array + items: + $ref: '#/components/schemas/SLOs_filter' + SLOs_kql_with_filters_good: + title: KQL query for good events + description: The KQL query used to define the good events. + oneOf: + - description: the KQL query to filter the documents with. type: string - maxLength: 1024 - timestamp: - description: >- - An ISO-8601 timestamp that indicates when the event was detected or - generated. + example: 'request.latency <= 150 and request.status_code : "2xx"' + - type: object + properties: + kqlQuery: + type: string + filters: + type: array + items: + $ref: '#/components/schemas/SLOs_filter' + SLOs_kql_with_filters_total: + title: KQL query for all events + description: The KQL query used to define all events. + oneOf: + - description: the KQL query to filter the documents with. type: string - format: date-time - Connectors_run_connector_subaction_addevent: - title: The addEvent subaction - type: object + example: 'field.environment : "production" and service.name : "my-service"' + - type: object + properties: + kqlQuery: + type: string + filters: + type: array + items: + $ref: '#/components/schemas/SLOs_filter' + SLOs_indicator_properties_custom_kql: + title: Custom Query required: - - subAction - description: The `addEvent` subaction for ServiceNow ITOM connectors. + - type + - params + description: Defines properties for a custom query indicator type + type: object properties: - subAction: - type: string - description: The action to test. - enum: - - addEvent - subActionParams: + params: + description: An object containing the indicator parameters. type: object - description: The set of configuration properties for the action. + nullable: false + required: + - index + - timestampField + - good + - total properties: - additional_info: + index: + description: The index or index pattern to use type: string - description: Additional information about the event. - description: + example: my-service-* + dataViewId: + description: >- + The kibana data view id to use, primarily used to include data + view runtime mappings. Make sure to save SLO again if you + add/update run time fields to the data view and if those fields + are being used in slo queries. type: string - description: The details about the event. - event_class: + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + filter: + $ref: '#/components/schemas/SLOs_kql_with_filters' + good: + $ref: '#/components/schemas/SLOs_kql_with_filters_good' + total: + $ref: '#/components/schemas/SLOs_kql_with_filters_total' + timestampField: + description: | + The timestamp field used in the source indice. type: string - description: A specific instance of the source. - message_key: + example: timestamp + type: + description: The type of indicator. + type: string + example: sli.kql.custom + SLOs_indicator_properties_apm_latency: + title: APM latency + required: + - type + - params + description: Defines properties for the APM latency indicator type + type: object + properties: + params: + description: An object containing the indicator parameters. + type: object + nullable: false + required: + - service + - environment + - transactionType + - transactionName + - index + - threshold + properties: + service: + description: The APM service name type: string - description: >- - All actions sharing this key are associated with the same - ServiceNow alert. The default value is `:`. - metric_name: + example: o11y-app + environment: + description: The APM service environment or "*" type: string - description: The name of the metric. - node: + example: production + transactionType: + description: The APM transaction type or "*" type: string - description: The host that the event was triggered for. - resource: + example: request + transactionName: + description: The APM transaction name or "*" type: string - description: The name of the resource. - severity: + example: GET /my/api + filter: + description: KQL query used for filtering the data type: string - description: The severity of the event. - source: + example: 'service.foo : "bar"' + index: + description: The index used by APM metrics type: string - description: The name of the event source type. - time_of_event: + example: metrics-apm*,apm* + threshold: + description: The latency threshold in milliseconds + type: number + example: 250 + type: + description: The type of indicator. + type: string + example: sli.apm.transactionDuration + SLOs_indicator_properties_custom_metric: + title: Custom metric + required: + - type + - params + description: Defines properties for a custom metric indicator type + type: object + properties: + params: + description: An object containing the indicator parameters. + type: object + nullable: false + required: + - index + - timestampField + - good + - total + properties: + index: + description: The index or index pattern to use type: string - description: The time of the event. - type: + example: my-service-* + dataViewId: + description: >- + The kibana data view id to use, primarily used to include data + view runtime mappings. Make sure to save SLO again if you + add/update run time fields to the data view and if those fields + are being used in slo queries. type: string - description: The type of event. - Connectors_run_connector_subaction_closealert: - title: The closeAlert subaction - type: object + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + filter: + description: the KQL query to filter the documents with. + type: string + example: 'field.environment : "production" and service.name : "my-service"' + timestampField: + description: | + The timestamp field used in the source indice. + type: string + example: timestamp + good: + description: | + An object defining the "good" metrics and equation + type: object + required: + - metrics + - equation + properties: + metrics: + description: >- + List of metrics with their name, aggregation type, and + field. + type: array + items: + type: object + required: + - name + - aggregation + - field + properties: + name: + description: The name of the metric. Only valid options are A-Z + type: string + example: A + pattern: ^[A-Z]$ + aggregation: + description: >- + The aggregation type of the metric. Only valid option + is "sum" + type: string + example: sum + enum: + - sum + field: + description: The field of the metric. + type: string + example: processor.processed + filter: + description: The filter to apply to the metric. + type: string + example: 'processor.outcome: "success"' + equation: + description: The equation to calculate the "good" metric. + type: string + example: A + total: + description: | + An object defining the "total" metrics and equation + type: object + required: + - metrics + - equation + properties: + metrics: + description: >- + List of metrics with their name, aggregation type, and + field. + type: array + items: + type: object + required: + - name + - aggregation + - field + properties: + name: + description: The name of the metric. Only valid options are A-Z + type: string + example: A + pattern: ^[A-Z]$ + aggregation: + description: >- + The aggregation type of the metric. Only valid option + is "sum" + type: string + example: sum + enum: + - sum + field: + description: The field of the metric. + type: string + example: processor.processed + filter: + description: The filter to apply to the metric. + type: string + example: 'processor.outcome: *' + equation: + description: The equation to calculate the "total" metric. + type: string + example: A + type: + description: The type of indicator. + type: string + example: sli.metric.custom + SLOs_indicator_properties_histogram: + title: Histogram indicator required: - - subAction - - subActionParams - description: The `closeAlert` subaction for Opsgenie connectors. + - type + - params + description: Defines properties for a histogram indicator type + type: object properties: - subAction: - type: string - description: The action to test. - enum: - - closeAlert - subActionParams: + params: + description: An object containing the indicator parameters. type: object + nullable: false required: - - alias + - index + - timestampField + - good + - total properties: - alias: + index: + description: The index or index pattern to use type: string + example: my-service-* + dataViewId: description: >- - The unique identifier used for alert deduplication in Opsgenie. - The alias must match the value used when creating the alert. - note: + The kibana data view id to use, primarily used to include data + view runtime mappings. Make sure to save SLO again if you + add/update run time fields to the data view and if those fields + are being used in slo queries. type: string - description: Additional information for the alert. - source: + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + filter: + description: the KQL query to filter the documents with. type: string - description: The display name for the source of the alert. - user: + example: 'field.environment : "production" and service.name : "my-service"' + timestampField: + description: | + The timestamp field used in the source indice. type: string - description: The display name for the owner. - Connectors_run_connector_subaction_closeincident: - title: The closeIncident subaction - type: object - required: - - subAction - - subActionParams - description: The `closeIncident` subaction for ServiceNow ITSM connectors. - properties: - subAction: - type: string - description: The action to test. - enum: - - closeIncident - subActionParams: - type: object - required: - - incident - properties: - incident: + example: timestamp + good: + description: | + An object defining the "good" events type: object - anyOf: - - required: - - correlation_id - - required: - - externalId + required: + - aggregation + - field properties: - correlation_id: + field: + description: The field use to aggregate the good events. type: string - nullable: true - description: > - An identifier that is assigned to the incident when it is - created by the connector. NOTE: If you use the default value - and the rule generates multiple alerts that use the same - alert IDs, the latest open incident for this correlation ID - is closed unless you specify the external ID. - maxLength: 100 - default: '{{rule.id}}:{{alert.id}}' - externalId: + example: processor.latency + aggregation: + description: The type of aggregation to use. type: string - nullable: true + example: value_count + enum: + - value_count + - range + filter: + description: The filter for good events. + type: string + example: 'processor.outcome: "success"' + from: description: >- - The unique identifier (`incidentId`) for the incident in - ServiceNow. - Connectors_run_connector_subaction_createalert: - title: The createAlert subaction + The starting value of the range. Only required for "range" + aggregations. + type: number + example: 0 + to: + description: >- + The ending value of the range. Only required for "range" + aggregations. + type: number + example: 100 + total: + description: | + An object defining the "total" events + type: object + required: + - aggregation + - field + properties: + field: + description: The field use to aggregate the good events. + type: string + example: processor.latency + aggregation: + description: The type of aggregation to use. + type: string + example: value_count + enum: + - value_count + - range + filter: + description: The filter for total events. + type: string + example: 'processor.outcome : *' + from: + description: >- + The starting value of the range. Only required for "range" + aggregations. + type: number + example: 0 + to: + description: >- + The ending value of the range. Only required for "range" + aggregations. + type: number + example: 100 + type: + description: The type of indicator. + type: string + example: sli.histogram.custom + SLOs_timeslice_metric_basic_metric_with_field: + title: Timeslice Metric Basic Metric with Field + required: + - name + - aggregation + - field + type: object + properties: + name: + description: The name of the metric. Only valid options are A-Z + type: string + example: A + pattern: ^[A-Z]$ + aggregation: + description: The aggregation type of the metric. + type: string + example: sum + enum: + - sum + - avg + - min + - max + - std_deviation + - last_value + - cardinality + field: + description: The field of the metric. + type: string + example: processor.processed + filter: + description: The filter to apply to the metric. + type: string + example: 'processor.outcome: "success"' + SLOs_timeslice_metric_percentile_metric: + title: Timeslice Metric Percentile Metric + required: + - name + - aggregation + - field + - percentile type: object + properties: + name: + description: The name of the metric. Only valid options are A-Z + type: string + example: A + pattern: ^[A-Z]$ + aggregation: + description: >- + The aggregation type of the metric. Only valid option is + "percentile" + type: string + example: percentile + enum: + - percentile + field: + description: The field of the metric. + type: string + example: processor.processed + percentile: + description: The percentile value. + type: number + example: 95 + filter: + description: The filter to apply to the metric. + type: string + example: 'processor.outcome: "success"' + SLOs_timeslice_metric_doc_count_metric: + title: Timeslice Metric Doc Count Metric required: - - subAction - - subActionParams - description: The `createAlert` subaction for Opsgenie connectors. + - name + - aggregation + type: object properties: - subAction: + name: + description: The name of the metric. Only valid options are A-Z type: string - description: The action to test. + example: A + pattern: ^[A-Z]$ + aggregation: + description: The aggregation type of the metric. Only valid option is "doc_count" + type: string + example: doc_count enum: - - createAlert - subActionParams: + - doc_count + filter: + description: The filter to apply to the metric. + type: string + example: 'processor.outcome: "success"' + SLOs_indicator_properties_timeslice_metric: + title: Timeslice metric + required: + - type + - params + description: Defines properties for a timeslice metric indicator type + type: object + properties: + params: + description: An object containing the indicator parameters. type: object + nullable: false required: - - message + - index + - timestampField + - metric properties: - actions: - type: array - description: The custom actions available to the alert. - items: - type: string - alias: - type: string - description: The unique identifier used for alert deduplication in Opsgenie. - description: - type: string - description: >- - A description that provides detailed information about the - alert. - details: - type: object - description: The custom properties of the alert. - additionalProperties: true - example: - key1: value1 - key2: value2 - entity: + index: + description: The index or index pattern to use type: string + example: my-service-* + dataViewId: description: >- - The domain of the alert. For example, the application or server - name. - message: + The kibana data view id to use, primarily used to include data + view runtime mappings. Make sure to save SLO again if you + add/update run time fields to the data view and if those fields + are being used in slo queries. type: string - description: The alert message. - note: + example: 03b80ab3-003d-498b-881c-3beedbaf1162 + filter: + description: the KQL query to filter the documents with. type: string - description: Additional information for the alert. - priority: + example: 'field.environment : "production" and service.name : "my-service"' + timestampField: + description: | + The timestamp field used in the source indice. type: string - description: The priority level for the alert. - enum: - - P1 - - P2 - - P3 - - P4 - - P5 - responders: - type: array + example: timestamp + metric: description: > - The entities to receive notifications about the alert. If `type` - is `user`, either `id` or `username` is required. If `type` is - `team`, either `id` or `name` is required. - items: - type: object - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: The type of responders, in this case `escalation`. - enum: - - escalation - - schedule - - team - - user - username: - type: string - description: A valid email address for the user. - source: - type: string - description: The display name for the source of the alert. - tags: - type: array - description: The tags for the alert. - items: - type: string - user: - type: string - description: The display name for the owner. - visibleTo: - type: array - description: >- - The teams and users that the alert will be visible to without - sending a notification. Only one of `id`, `name`, or `username` - is required. - items: - type: object - required: - - type - properties: - id: - type: string - description: The identifier for the entity. - name: - type: string - description: The name of the entity. - type: - type: string - description: Valid values are `team` and `user`. - enum: - - team - - user - username: - type: string - description: >- - The user name. This property is required only when the - `type` is `user`. - Connectors_run_connector_subaction_fieldsbyissuetype: - title: The fieldsByIssueType subaction - type: object + An object defining the metrics, equation, and threshold to + determine if it's a good slice or not + type: object + required: + - metrics + - equation + - comparator + - threshold + properties: + metrics: + description: >- + List of metrics with their name, aggregation type, and + field. + type: array + items: + anyOf: + - $ref: >- + #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field + - $ref: >- + #/components/schemas/SLOs_timeslice_metric_percentile_metric + - $ref: >- + #/components/schemas/SLOs_timeslice_metric_doc_count_metric + equation: + description: The equation to calculate the metric. + type: string + example: A + comparator: + description: >- + The comparator to use to compare the equation to the + threshold. + type: string + example: GT + enum: + - GT + - GTE + - LT + - LTE + threshold: + description: >- + The threshold used to determine if the metric is a good + slice or not. + type: number + example: 100 + type: + description: The type of indicator. + type: string + example: sli.metric.timeslice + SLOs_time_window: + title: Time window required: - - subAction - - subActionParams - description: The `fieldsByIssueType` subaction for Jira connectors. + - duration + - type + description: Defines properties for the SLO time window + type: object properties: - subAction: + duration: + description: >- + the duration formatted as {duration}{unit}. Accepted values for + rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w + (weekly) or 1M (monthly) type: string - description: The action to test. + example: 30d + type: + description: >- + Indicates weither the time window is a rolling or a calendar aligned + time window. + type: string + example: rolling enum: - - fieldsByIssueType - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue type identifier. - example: 10024 - Connectors_run_connector_subaction_getchoices: - title: The getChoices subaction - type: object + - rolling + - calendarAligned + SLOs_budgeting_method: + title: Budgeting method + type: string + description: The budgeting method to use when computing the rollup data. + enum: + - occurrences + - timeslices + example: occurrences + SLOs_objective: + title: Objective required: - - subAction - - subActionParams - description: >- - The `getChoices` subaction for ServiceNow ITOM, ServiceNow ITSM, and - ServiceNow SecOps connectors. + - target + description: Defines properties for the SLO objective + type: object properties: - subAction: + target: + description: the target objective between 0 and 1 excluded + type: number + minimum: 0 + maximum: 100 + exclusiveMinimum: true + exclusiveMaximum: true + example: 0.99 + timesliceTarget: + description: >- + the target objective for each slice when using a timeslices + budgeting method + type: number + minimum: 0 + maximum: 100 + example: 0.995 + timesliceWindow: + description: >- + the duration of each slice when using a timeslices budgeting method, + as {duraton}{unit} type: string - description: The action to test. - enum: - - getChoices - subActionParams: - type: object - description: The set of configuration properties for the action. - required: - - fields - properties: - fields: - type: array - description: An array of fields. - items: - type: string - Connectors_run_connector_subaction_getfields: - title: The getFields subaction + example: 5m + SLOs_settings: + title: Settings + description: Defines properties for SLO settings. type: object - required: - - subAction - description: >- - The `getFields` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. properties: - subAction: + syncDelay: + description: The synch delay to apply to the transform. Default 1m type: string - description: The action to test. - enum: - - getFields - Connectors_run_connector_subaction_getincident: - title: The getIncident subaction + default: 1m + example: 5m + frequency: + description: Configure how often the transform runs, default 1m + type: string + default: 1m + example: 5m + preventInitialBackfill: + description: Prevents the transform from backfilling data when it starts. + type: boolean + default: false + example: true + SLOs_summary_status: + title: summary status + type: string + enum: + - NO_DATA + - HEALTHY + - DEGRADING + - VIOLATED + example: HEALTHY + SLOs_error_budget: + title: Error budget type: object - description: >- - The `getIncident` subaction for Jira, ServiceNow ITSM, and ServiceNow - SecOps connectors. required: - - subAction - - subActionParams + - initial + - consumed + - remaining + - isEstimated properties: - subAction: - type: string - description: The action to test. - enum: - - getIncident - subActionParams: - type: object - required: - - externalId - properties: - externalId: - type: string - description: >- - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. - example: 71778 - Connectors_run_connector_subaction_issue: - title: The issue subaction + initial: + type: number + description: The initial error budget, as 1 - objective + example: 0.02 + consumed: + type: number + description: The error budget consummed, as a percentage of the initial value. + example: 0.8 + remaining: + type: number + description: The error budget remaining, as a percentage of the initial value. + example: 0.2 + isEstimated: + type: boolean + description: >- + Only for SLO defined with occurrences budgeting method and calendar + aligned time window. + example: true + SLOs_summary: + title: Summary type: object + description: The SLO computed data required: - - subAction - description: The `issue` subaction for Jira connectors. + - status + - sliValue + - errorBudget properties: - subAction: - type: string - description: The action to test. - enum: - - issue - subActionParams: - type: object - required: - - id - properties: - id: - type: string - description: The Jira issue identifier. - example: 71778 - Connectors_run_connector_subaction_issues: - title: The issues subaction + status: + $ref: '#/components/schemas/SLOs_summary_status' + sliValue: + type: number + example: 0.9836 + errorBudget: + $ref: '#/components/schemas/SLOs_error_budget' + SLOs_slo_with_summary_response: + title: SLO response type: object required: - - subAction - - subActionParams - description: The `issues` subaction for Jira connectors. + - id + - name + - description + - indicator + - timeWindow + - budgetingMethod + - objective + - settings + - revision + - summary + - enabled + - groupBy + - instanceId + - tags + - createdAt + - updatedAt + - version properties: - subAction: + id: + description: The identifier of the SLO. type: string - description: The action to test. - enum: - - issues - subActionParams: - type: object - required: - - title - properties: - title: - type: string - description: The title of the Jira issue. - Connectors_run_connector_subaction_issuetypes: - title: The issueTypes subaction + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + name: + description: The name of the SLO. + type: string + example: My Service SLO + description: + description: The description of the SLO. + type: string + example: My SLO description + indicator: + discriminator: + propertyName: type + mapping: + sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' + sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' + sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' + sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' + sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' + sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' + - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' + - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' + timeWindow: + $ref: '#/components/schemas/SLOs_time_window' + budgetingMethod: + $ref: '#/components/schemas/SLOs_budgeting_method' + objective: + $ref: '#/components/schemas/SLOs_objective' + settings: + $ref: '#/components/schemas/SLOs_settings' + revision: + description: The SLO revision + type: number + example: 2 + summary: + $ref: '#/components/schemas/SLOs_summary' + enabled: + description: Indicate if the SLO is enabled + type: boolean + example: true + groupBy: + description: optional group by field to use to generate an SLO per distinct value + type: string + example: some.field + instanceId: + description: the value derived from the groupBy field, if present, otherwise '*' + type: string + example: host-abcde + tags: + description: List of tags + type: array + items: + type: string + createdAt: + description: The creation date + type: string + example: '2023-01-12T10:03:19.000Z' + updatedAt: + description: The last update date + type: string + example: '2023-01-12T10:03:19.000Z' + version: + description: The internal SLO version + type: number + example: 2 + SLOs_find_slo_response: + title: Find SLO response + description: | + A paginated response of SLOs matching the query. type: object - required: - - subAction - description: The `issueTypes` subaction for Jira connectors. properties: - subAction: - type: string - description: The action to test. - enum: - - issueTypes - Connectors_run_connector_subaction_pushtoservice: - title: The pushToService subaction + page: + type: number + example: 1 + perPage: + type: number + example: 25 + total: + type: number + example: 34 + results: + type: array + items: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + SLOs_400_response: + title: Bad request type: object required: - - subAction - - subActionParams - description: >- - The `pushToService` subaction for Jira, ServiceNow ITSM, ServiceNow - SecOps, Swimlane, and Webhook - Case Management connectors. + - statusCode + - error + - message properties: - subAction: - type: string - description: The action to test. - enum: - - pushToService - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - comments: - type: array - description: >- - Additional information that is sent to Jira, ServiceNow ITSM, - ServiceNow SecOps, or Swimlane. - items: - type: object - properties: - comment: - type: string - description: >- - A comment related to the incident. For example, describe - how to troubleshoot the issue. - commentId: - type: integer - description: A unique identifier for the comment. - incident: - type: object - description: >- - Information necessary to create or update a Jira, ServiceNow - ITSM, ServiveNow SecOps, or Swimlane incident. - properties: - alertId: - type: string - description: The alert identifier for Swimlane connectors. - caseId: - type: string - description: >- - The case identifier for the incident for Swimlane - connectors. - caseName: - type: string - description: The case name for the incident for Swimlane connectors. - category: - type: string - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - correlation_display: - type: string - description: >- - A descriptive label of the alert for correlation purposes - for ServiceNow ITSM and ServiceNow SecOps connectors. - correlation_id: - type: string - description: > - The correlation identifier for the security incident for - ServiceNow ITSM and ServiveNow SecOps connectors. Connectors - using the same correlation ID are associated with the same - ServiceNow incident. This value determines whether a new - ServiceNow incident is created or an existing one is - updated. Modifying this value is optional; if not modified, - the rule ID and alert ID are combined as `{{ruleID}}:{{alert - ID}}` to form the correlation ID value in ServiceNow. The - maximum character length for this value is 100 characters. - NOTE: Using the default configuration of `{{ruleID}}:{{alert - ID}}` ensures that ServiceNow creates a separate incident - record for every generated alert that uses a unique alert - ID. If the rule generates multiple alerts that use the same - alert IDs, ServiceNow creates and continually updates a - single incident record for the alert. - description: - type: string - description: >- - The description of the incident for Jira, ServiceNow ITSM, - ServiceNow SecOps, Swimlane, and Webhook - Case Management - connectors. - dest_ip: - description: > - A list of destination IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - externalId: - type: string - description: > - The Jira, ServiceNow ITSM, or ServiceNow SecOps issue - identifier. If present, the incident is updated. Otherwise, - a new incident is created. - id: - type: string - description: >- - The external case identifier for Webhook - Case Management - connectors. - impact: - type: string - description: The impact of the incident for ServiceNow ITSM connectors. - issueType: - type: integer - description: >- - The type of incident for Jira connectors. For example, - 10006. To obtain the list of valid values, set `subAction` - to `issueTypes`. - labels: - type: array - items: - type: string - description: > - The labels for the incident for Jira connectors. NOTE: - Labels cannot contain spaces. - malware_hash: - description: >- - A list of malware hashes related to the security incident - for ServiceNow SecOps connectors. The hashes are added as - observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - malware_url: - type: string - description: >- - A list of malware URLs related to the security incident for - ServiceNow SecOps connectors. The URLs are added as - observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - otherFields: - type: object - additionalProperties: true - maxProperties: 20 - description: > - Custom field identifiers and their values for Jira - connectors. - parent: - type: string - description: >- - The ID or key of the parent issue for Jira connectors. - Applies only to `Sub-task` types of issues. - priority: - type: string - description: >- - The priority of the incident in Jira and ServiceNow SecOps - connectors. - ruleName: - type: string - description: The rule name for Swimlane connectors. - severity: - type: string - description: >- - The severity of the incident for ServiceNow ITSM and - Swimlane connectors. - short_description: - type: string - description: > - A short description of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. It is used for searching the - contents of the knowledge base. - source_ip: - description: >- - A list of source IP addresses related to the security - incident for ServiceNow SecOps connectors. The IPs are added - as observables to the security incident. - oneOf: - - type: string - - type: array - items: - type: string - status: - type: string - description: >- - The status of the incident for Webhook - Case Management - connectors. - subcategory: - type: string - description: >- - The subcategory of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - summary: - type: string - description: A summary of the incident for Jira connectors. - tags: - type: array - items: - type: string - description: A list of tags for Webhook - Case Management connectors. - title: - type: string - description: > - A title for the incident for Jira and Webhook - Case - Management connectors. It is used for searching the contents - of the knowledge base. - urgency: - type: string - description: The urgency of the incident for ServiceNow ITSM connectors. - Connectors_run_connector_subaction_postmessage: - title: The postMessage subaction + statusCode: + type: number + example: 400 + error: + type: string + example: Bad Request + message: + type: string + example: 'Invalid value ''foo'' supplied to: [...]' + SLOs_401_response: + title: Unauthorized type: object - description: > - Test an action that sends a message to Slack. It is applicable only when - the connector type is `.slack_api`. required: - - subAction - - subActionParams + - statusCode + - error + - message properties: - subAction: + statusCode: + type: number + example: 401 + error: type: string - description: The action to test. - enum: - - postMessage - subActionParams: - type: object - description: The set of configuration properties for the action. - properties: - channelIds: - type: array - maxItems: 1 - description: > - The Slack channel identifier, which must be one of the - `allowedChannels` in the connector configuration. - items: - type: string - channels: - type: array - deprecated: true - description: | - The name of a channel that your Slack app has access to. - maxItems: 1 - items: - type: string - text: - type: string - description: > - The Slack message text. If it is a Slack webhook connector, the - text cannot contain Markdown, images, or other advanced - formatting. If it is a Slack web API connector, it can contain - either plain text or block kit messages. - minLength: 1 - Connectors_run_connector_subaction_validchannelid: - title: The validChannelId subaction + example: Unauthorized + message: + type: string + example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" + SLOs_403_response: + title: Unauthorized type: object - description: > - Retrieves information about a valid Slack channel identifier. It is - applicable only when the connector type is `.slack_api`. required: - - subAction - - subActionParams + - statusCode + - error + - message properties: - subAction: + statusCode: + type: number + example: 403 + error: type: string - description: The action to test. - enum: - - validChannelId - subActionParams: - type: object - required: - - channelId - properties: - channelId: - type: string - description: The Slack channel identifier. - example: C123ABC456 - Connectors_run_connector_request: - title: Run connector request body properties - description: The properties vary depending on the connector type. + example: Unauthorized + message: + type: string + example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" + SLOs_404_response: + title: Not found type: object required: - - params + - statusCode + - error + - message properties: - params: + statusCode: + type: number + example: 404 + error: + type: string + example: Not Found + message: + type: string + example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found + SLOs_create_slo_request: + title: Create SLO request + description: > + The create SLO API request body varies depending on the type of + indicator, time window and budgeting method. + type: object + required: + - name + - description + - indicator + - timeWindow + - budgetingMethod + - objective + properties: + id: + description: >- + A optional and unique identifier for the SLO. Must be between 8 and + 36 chars + type: string + example: my-super-slo-id + name: + description: A name for the SLO. + type: string + description: + description: A description for the SLO. + type: string + indicator: oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_params_acknowledge_resolve_pagerduty - - $ref: '#/components/schemas/Connectors_run_connector_params_documents' - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_email - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_serverlog - - $ref: >- - #/components/schemas/Connectors_run_connector_params_message_slack - - $ref: >- - #/components/schemas/Connectors_run_connector_params_trigger_pagerduty - - title: Subaction parameters - description: Test an action that involves a subaction. - oneOf: - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issue - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issues - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_postmessage - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - - $ref: >- - #/components/schemas/Connectors_run_connector_subaction_validchannelid - discriminator: - propertyName: subAction - mapping: - addEvent: >- - #/components/schemas/Connectors_run_connector_subaction_addevent - closeAlert: >- - #/components/schemas/Connectors_run_connector_subaction_closealert - closeIncident: >- - #/components/schemas/Connectors_run_connector_subaction_closeincident - createAlert: >- - #/components/schemas/Connectors_run_connector_subaction_createalert - fieldsByIssueType: >- - #/components/schemas/Connectors_run_connector_subaction_fieldsbyissuetype - getChoices: >- - #/components/schemas/Connectors_run_connector_subaction_getchoices - getFields: >- - #/components/schemas/Connectors_run_connector_subaction_getfields - getIncident: >- - #/components/schemas/Connectors_run_connector_subaction_getincident - issue: >- - #/components/schemas/Connectors_run_connector_subaction_issue - issues: >- - #/components/schemas/Connectors_run_connector_subaction_issues - issueTypes: >- - #/components/schemas/Connectors_run_connector_subaction_issuetypes - pushToService: >- - #/components/schemas/Connectors_run_connector_subaction_pushtoservice - Connectors_features: - type: string - description: | - The feature that uses the connector. - enum: - - alerting - - cases - - generativeAIForSecurity - - generativeAIForObservability - - generativeAIForSearchPlayground - - siem - - uptime - Connectors_connector_types: - title: Connector types - type: string - description: >- - The type of connector. For example, `.email`, `.index`, `.jira`, - `.opsgenie`, or `.server-log`. - enum: - - .bedrock - - .gemini - - .cases-webhook - - .d3security - - .email - - .gen-ai - - .index - - .jira - - .opsgenie - - .pagerduty - - .resilient - - .sentinelone - - .servicenow - - .servicenow-itom - - .servicenow-sir - - .server-log - - .slack - - .slack_api - - .swimlane - - .teams - - .tines - - .torq - - .webhook - - .xmatters - example: .server-log - Connectors_action_response_properties: - title: Action response properties - description: The properties vary depending on the action type. + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' + - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' + - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' + timeWindow: + $ref: '#/components/schemas/SLOs_time_window' + budgetingMethod: + $ref: '#/components/schemas/SLOs_budgeting_method' + objective: + $ref: '#/components/schemas/SLOs_objective' + settings: + $ref: '#/components/schemas/SLOs_settings' + groupBy: + description: optional group by field to use to generate an SLO per distinct value + type: string + example: some.field + tags: + description: List of tags + type: array + items: + type: string + SLOs_create_slo_response: + title: Create SLO response type: object + required: + - id properties: - actionTypeId: - type: string - config: - type: object id: type: string - isDeprecated: - type: boolean - description: Indicates whether the action type is deprecated. - isMissingSecrets: - type: boolean - description: Indicates whether secrets are missing for the action. - isPreconfigured: - type: boolean - description: Indicates whether it is a preconfigured action. - name: - type: string - Data_views_400_response: - title: Bad request + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + SLOs_409_response: + title: Conflict type: object required: - statusCode @@ -16030,1665 +21557,2468 @@ components: properties: statusCode: type: number - example: 400 + example: 409 error: type: string - example: Bad Request + example: Conflict message: type: string - Data_views_allownoindex: - type: boolean - description: Allows the data view saved object to exist before the data is available. - Data_views_fieldattrs: + example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists + SLOs_update_slo_request: + title: Update SLO request + description: > + The update SLO API request body varies depending on the type of + indicator, time window and budgeting method. Partial update is handled. type: object - description: A map of field attributes by field name. properties: - count: - type: integer - description: Popularity count for the field. - customDescription: + name: + description: A name for the SLO. type: string - description: Custom description for the field. - maxLength: 300 - customLabel: + description: + description: A description for the SLO. type: string - description: Custom label for the field. - Data_views_fieldformats: + indicator: + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' + - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' + - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' + timeWindow: + $ref: '#/components/schemas/SLOs_time_window' + budgetingMethod: + $ref: '#/components/schemas/SLOs_budgeting_method' + objective: + $ref: '#/components/schemas/SLOs_objective' + settings: + $ref: '#/components/schemas/SLOs_settings' + tags: + description: List of tags + type: array + items: + type: string + SLOs_slo_definition_response: + title: SLO definition response type: object - description: A map of field formats by field name. - Data_views_namespaces: - type: array - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - type: string - default: default - Data_views_runtimefieldmap: + required: + - id + - name + - description + - indicator + - timeWindow + - budgetingMethod + - objective + - settings + - revision + - enabled + - groupBy + - tags + - createdAt + - updatedAt + - version + properties: + id: + description: The identifier of the SLO. + type: string + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + name: + description: The name of the SLO. + type: string + example: My Service SLO + description: + description: The description of the SLO. + type: string + example: My SLO description + indicator: + discriminator: + propertyName: type + mapping: + sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' + sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' + sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' + sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' + sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' + sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' + oneOf: + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' + - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' + - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' + - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' + - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' + timeWindow: + $ref: '#/components/schemas/SLOs_time_window' + budgetingMethod: + $ref: '#/components/schemas/SLOs_budgeting_method' + objective: + $ref: '#/components/schemas/SLOs_objective' + settings: + $ref: '#/components/schemas/SLOs_settings' + revision: + description: The SLO revision + type: number + example: 2 + enabled: + description: Indicate if the SLO is enabled + type: boolean + example: true + groupBy: + description: optional group by field to use to generate an SLO per distinct value + type: string + example: some.field + tags: + description: List of tags + type: array + items: + type: string + createdAt: + description: The creation date + type: string + example: '2023-01-12T10:03:19.000Z' + updatedAt: + description: The last update date + type: string + example: '2023-01-12T10:03:19.000Z' + version: + description: The internal SLO version + type: number + example: 2 + SLOs_delete_slo_instances_request: + title: Delete SLO instances request + description: > + The delete SLO instances request takes a list of SLO id and instance id, + then delete the rollup and summary data. This API can be used to remove + the staled data of an instance SLO that no longer get updated. type: object - description: A map of runtime field definitions by field name. required: - - script - - type + - list + properties: + list: + description: An array of slo id and instance id + type: array + items: + type: object + required: + - sloId + - instanceId + properties: + sloId: + description: The SLO unique identifier + type: string + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + instanceId: + description: The SLO instance identifier + type: string + example: 8853df00-ae2e-11ed-90af-09bb6422b258 + Fleet_fleet_setup_response: + title: Fleet Setup response + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + type: array + items: + type: object + properties: + name: + type: string + message: + type: string + required: + - name + - message + required: + - isInitialized + - nonFatalErrors + Fleet_settings: + title: Settings + type: object + properties: + id: + type: string + has_seen_add_data_notice: + type: boolean + fleet_server_hosts: + deprecated: true + type: array + items: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_fleet_settings_response: + title: Fleet settings response + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_server_host: + title: Fleet Server Host + type: object + properties: + id: + type: string + name: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + proxy_id: + type: string + host_urls: + type: array + items: + type: string + required: + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + Fleet_proxies: + title: Fleet Proxy + type: object properties: - script: + id: + type: string + name: + type: string + url: + type: string + proxy_headers: type: object - properties: - source: - type: string - description: Script for the runtime field. - type: + certificate_authorities: type: string - description: Mapping type of the runtime field. - Data_views_sourcefilters: - type: array - description: The array of field names you want to filter out in Discover. - items: - type: object - required: - - value - properties: - value: - type: string - Data_views_timefieldname: - type: string - description: The timestamp field name, which you use for time-based data views. - Data_views_title: - type: string - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - Data_views_type: - type: string - description: When set to `rollup`, identifies the rollup data views. - Data_views_typemeta: + certificate: + type: string + certificate_key: + type: string + required: + - name + - url + Fleet_download_sources: + title: Download Source type: object - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + properties: + id: + type: string + is_default: + type: boolean + name: + type: string + host: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the proxies + API for more information. + type: string + nullable: true required: - - aggs - - params + - is_default + - name + - host + Fleet_fleet_settings_enrollment_response: + title: Fleet settings response + type: object properties: - aggs: - type: object - description: A map of rollup restrictions by aggregation type and field name. - params: + fleet_server: type: object - description: Properties for retrieving rollup fields. - Data_views_create_data_view_request_object: - title: Create data view request + properties: + policies: + type: array + items: + type: object + properties: + id: + type: string + name: + type: string + is_managed: + type: boolean + is_default_fleet_server: + type: boolean + has_fleet_server: + type: boolean + fleet_server_host_id: + type: string + download_source_id: + type: string + required: + - id + - name + - is_managed + has_active: + type: boolean + host: + $ref: '#/components/schemas/Fleet_fleet_server_host' + host_proxy: + $ref: '#/components/schemas/Fleet_proxies' + required: + - agent_policies + - has_active + download_source: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - fleet_server + Fleet_saved_object_type: + title: Saved Object type + oneOf: + - type: string + enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + - type: string + enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model + Fleet_get_bulk_assets_response: + title: Bulk get assets response type: object + deprecated: true + properties: + items: + type: array + items: + type: object + properties: + id: + type: string + type: + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: + type: string + attributes: + type: object + properties: + title: + type: string + description: + type: string + appLink: + type: string required: - - data_view + - items + Fleet_get_categories_response: + title: Get categories response + type: object properties: - data_view: + response: + type: array + items: + type: object + deprecated: true + properties: + id: + type: string + title: + type: string + count: + type: number + required: + - id + - title + - count + items: + type: array + items: + type: object + properties: + id: + type: string + title: + type: string + count: + type: number + required: + - id + - title + - count + required: + - items + Fleet_kibana_saved_object_type: + title: Kibana saved object asset type + type: string + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + Fleet_elasticsearch_asset_type: + title: Elasticsearch asset type + type: string + enum: + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + Fleet_installation_info: + title: Installation info object + type: object + properties: + type: + type: string + created_at: + type: string + updated_at: + type: string + namespaces: + type: array + items: + type: string + installed_kibana: type: object - required: - - title - description: The data view object. properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - type: object - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object id: type: string - name: - type: string - description: The data view name. - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - type: object - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - override: - type: boolean - description: >- - Override an existing data view if a data view with the provided - title already exists. - default: false - Data_views_typemeta_response: - type: object - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - properties: - aggs: - type: object - description: A map of rollup restrictions by aggregation type and field name. - params: - type: object - description: Properties for retrieving rollup fields. - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + installed_es: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - type: object - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object id: type: string - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: - type: string - description: The data view name. - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - type: object - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - type: string - example: WzQ2LDJd - Data_views_404_response: - type: object - properties: - error: + deferred: + type: boolean + type: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + name: type: string - example: Not Found - enum: - - Not Found - message: + version: + type: string + install_status: + type: string + enum: + - installed + - installing + - install_failed + install_source: type: string - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found - statusCode: - type: integer - example: 404 enum: - - 404 - Data_views_update_data_view_request_object: - title: Update data view request - type: object - required: - - data_view - properties: - data_view: + - registry + - upload + - bundled + install_kibana_space_id: + type: string + install_format_schema_version: + type: string + latest_install_failed_attempts: + description: Latest failed install errors + type: array + items: + type: object + properties: + created_at: + type: string + target_version: + type: string + error: + type: object + properties: + name: + type: string + message: + type: string + stack: + type: string + latest_executed_state: + description: Latest successfully executed state in package install state machine type: object - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object name: type: string - runtimeFieldMap: + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so + started_at: + type: string + error: + type: string + verification_status: + type: string + enum: + - verified + - unverified + - unknown + verification_key_id: + type: string + nullable: true + experimental_data_stream_features: + type: array + properties: + data_stream: + type: string + features: type: object - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - type: boolean - description: Reloads the data view fields after the data view is updated. - default: false - Data_views_swap_data_view_request_object: - title: Data view reference swap request - type: object + properties: + synthetic_source: + type: boolean + nullable: true + tsdb: + type: boolean + nullable: true + doc_value_only_numeric: + type: boolean + nullable: true + doc_value_only_other: + type: boolean + nullable: true required: - - fromId - - toId + - installed_kibana + - installed_es + - name + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_search_result: + title: Search result + type: object properties: - delete: - type: boolean - description: Deletes referenced saved object if all references are removed. - forId: - oneOf: - - type: string - - type: array - items: - type: string - description: Limit the affected saved objects to one or more by identifier. - forType: + description: type: string - description: Limit the affected saved objects by type. - fromId: + download: type: string - description: The saved object reference to change. - fromType: + icons: type: string - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - toId: + name: type: string - description: New saved object reference value to replace the old value. - Machine_learning_APIs_mlSyncResponseSuccess: - type: boolean - description: The success or failure of the synchronization. - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - type: object - title: Sync API response for anomaly detection jobs - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - Machine_learning_APIs_mlSyncResponseDatafeeds: + path: + type: string + title: + type: string + type: + type: string + version: + type: string + status: + type: string + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + savedObject: + type: object + deprecated: true + required: + - description + - download + - icons + - name + - path + - title + - type + - version + - status + Fleet_get_packages_response: + title: Get Packages response type: object - title: Sync API response for datafeeds - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: + response: + type: array + deprecated: true + items: + $ref: '#/components/schemas/Fleet_search_result' + items: + type: array + items: + $ref: '#/components/schemas/Fleet_search_result' + required: + - items + Fleet_bulk_install_packages_response: + title: Bulk install packages response type: object - title: Sync API response for data frame analytics jobs - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: + response: + type: array + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + items: + type: array + items: + type: object + properties: + name: + type: string + version: + type: string + required: + - items + Fleet_package_info: + title: Package information type: object - title: Sync API response for created saved objects - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. properties: - anomaly-detector: - type: object + name: + type: string + title: + type: string + version: + type: string + release: + type: string + deprecated: true description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - data-frame-analytics: + release label is deprecated, derive from the version instead + (packages follow semver) + enum: + - experimental + - beta + - ga + source: type: object - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - trained-model: + properties: + license: + type: string + enum: + - Apache-2.0 + - Elastic-2.0 + readme: + type: string + description: + type: string + type: + type: string + categories: + type: array + items: + type: string + conditions: + type: object + properties: + kibana: + type: object + properties: + versions: + type: string + elasticsearch: + type: object + properties: + subscription: + type: string + enum: + - basic + - gold + - platinum + - enterprise + screenshots: + type: array + items: + type: object + properties: + src: + type: string + path: + type: string + title: + type: string + size: + type: string + type: + type: string + required: + - src + - path + icons: + type: array + items: + type: string + assets: + type: array + items: + type: string + internal: + type: boolean + format_version: + type: string + data_streams: + type: array + items: + type: object + properties: + title: + type: string + name: + type: string + release: + type: string + ingeset_pipeline: + type: string + vars: + type: array + items: + type: object + properties: + name: + type: string + default: + type: string + required: + - name + - default + type: + type: string + package: + type: string + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + download: + type: string + path: + type: string + elasticsearch: type: object - description: If saved objects are missing for trained models, they are created. - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: + properties: + privileges: + type: object + properties: + cluster: + type: array + items: + type: string + required: + - name + - title + - version + - description + - type + - categories + - conditions + - assets + - format_version + - download + - path + Fleet_package_usage_stats: + title: Package usage stats type: object - title: Sync API response for deleted saved objects - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. properties: - anomaly-detector: - type: object - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - data-frame-analytics: - type: object - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - trained-model: - type: object - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - Machine_learning_APIs_mlSyncResponseTrainedModels: + agent_policy_count: + type: integer + required: + - agent_policy_count + Fleet_fleet_status_response: + title: Fleet status response type: object - title: Sync API response for trained models - description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - Machine_learning_APIs_mlSync200Response: + isReady: + type: boolean + missing_requirements: + type: array + items: + type: string + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + missing_optional_features: + type: array + items: + type: string + enum: + - encrypted_saved_object_encryption_key_required + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + Fleet_agent_type: + type: string + title: Agent type + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + Fleet_agent_metadata: + title: Agent metadata + type: object + Fleet_agent_status: + type: string + title: Elastic Agent status + enum: + - offline + - error + - online + - inactive + - warning + Fleet_agent_component_status: + title: Agent component status + type: string + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + Fleet_agent_component_unit_type: + title: Agent component unit type + type: string + enum: + - input + - output + Fleet_agent_component_unit: + title: Agent component unit type: object - title: Successful sync API response properties: - datafeedsAdded: - type: object - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - datafeedsRemoved: + id: + type: string + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + message: + type: string + payload: type: object - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - Machine_learning_APIs_mlSync4xxResponse: + Fleet_agent_component: + title: Agent component type: object - title: Unsuccessful sync API response properties: - error: + id: type: string - example: Unauthorized + type: + type: string + status: + $ref: '#/components/schemas/Fleet_agent_component_status' message: type: string - statusCode: - type: integer - example: 401 - Saved_objects_400_response: - title: Bad request + units: + type: array + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' + Fleet_agent: + title: Agent type: object - required: - - error - - message - - statusCode properties: - error: + type: + $ref: '#/components/schemas/Fleet_agent_type' + active: + type: boolean + enrolled_at: type: string - enum: - - Bad Request - message: + unenrolled_at: type: string - statusCode: - type: integer - enum: - - 400 - Saved_objects_attributes: + unenrollment_started_at: + type: string + access_api_key_id: + type: string + default_api_key_id: + type: string + policy_id: + type: string + policy_revision: + type: number + last_checkin: + type: string + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + id: + type: string + access_api_key: + type: string + status: + $ref: '#/components/schemas/Fleet_agent_status' + default_api_key: + type: string + components: + type: array + items: + $ref: '#/components/schemas/Fleet_agent_component' + metrics: + type: object + properties: + cpu_avg: + type: number + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 + memory_size_byte_avg: + type: number + description: Average agent memory consumption during the last 5 minutes + required: + - type + - active + - enrolled_at + - id + - status + Fleet_get_agents_response: + title: Get Agent response type: object - description: > - The data that you want to create. WARNING: When you create saved - objects, attributes are not validated, which allows you to pass - arbitrary and ill-formed data into the API that can break Kibana. Make - sure any data that you send to the API is properly formed. - Saved_objects_initial_namespaces: - type: array - description: > - Identifiers for the spaces in which this object is created. If this is - provided, the object is created only in the explicitly defined spaces. - If this is not provided, the object is created in the current space - (default behavior). For shareable object types (registered with - `namespaceType: 'multiple'`), this option can be used to specify one or - more spaces, including the "All spaces" identifier ('*'). For isolated - object types (registered with `namespaceType: 'single'` or - `namespaceType: 'multiple-isolated'`), this option can only be used to - specify a single space, and the "All spaces" identifier ('*') is not - allowed. For global object types (`registered with `namespaceType: - agnostic`), this option cannot be used. - Saved_objects_references: + properties: + list: + type: array + items: + $ref: '#/components/schemas/Fleet_agent' + deprecated: true + items: + type: array + items: + $ref: '#/components/schemas/Fleet_agent' + total: + type: number + page: + type: number + perPage: + type: number + statusSummary: + type: object + properties: + offline: + type: number + error: + type: number + online: + type: number + inactive: + type: number + enrolling: + type: number + unenrolling: + type: number + unenrolled: + type: number + updating: + type: number + degraded': + type: number + required: + - items + - total + - page + - perPage + Fleet_agent_get_by_actions: + title: Agents get by action ids type: array - description: > - Objects with `name`, `id`, and `type` properties that describe the other - saved objects that this object references. Use `name` in attributes to - refer to the other saved object, but never the `id`, which can update - automatically during migrations or import and export. - SLOs_indicator_properties_apm_availability: - title: APM availability + items: + type: array + items: + type: string + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents + type: object + properties: + version: + type: string + description: version to upgrade to + source_uri: + type: string + description: alternative upgrade binary download url + rollout_duration_seconds: + type: number + description: rolling upgrade window duration in seconds + start_time: + type: string + description: start time of upgrade in ISO 8601 format + agents: + oneOf: + - type: string + description: KQL query string, leave empty to action all agents + - type: array + items: + type: string + description: list of agent IDs + force: + type: boolean + description: Force upgrade, skipping validation (should be used with caution) + skipRateLimitCheck: + type: boolean + description: Skip rate limit check for upgrade required: - - type - - params - description: Defines properties for the APM availability indicator type - type: object - properties: - params: - description: An object containing the indicator parameters. - type: object - nullable: false - required: - - service - - environment - - transactionType - - transactionName - - index - properties: - service: - description: The APM service name - type: string - example: o11y-app - environment: - description: The APM service environment or "*" - type: string - example: production - transactionType: - description: The APM transaction type or "*" + - agents + - version + Fleet_agent_action: + title: Agent action + oneOf: + - properties: + data: type: string - example: request - transactionName: - description: The APM transaction name or "*" + ack_data: type: string - example: GET /my/api - filter: - description: KQL query used for filtering the data + type: type: string - example: 'service.foo : "bar"' - index: - description: The index used by APM metrics + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + - properties: + type: type: string - example: metrics-apm*,apm* - type: - description: The type of indicator. - type: string - example: sli.apm.transactionDuration - SLOs_filter_meta: - title: FilterMeta - description: Defines properties for a filter + data: + type: object + properties: + log_level: + type: string + nullable: true + enum: + - debug + - info + - warning + - error + Fleet_upgrade_agent: + title: Upgrade agent type: object properties: - alias: + version: type: string - nullable: true - disabled: + source_uri: + type: string + force: type: boolean - negate: + description: Force upgrade, skipping validation (should be used with caution) + skipRateLimitCheck: type: boolean - controlledBy: - type: string - group: - type: string - index: + description: Skip rate limit check for upgrade + required: + - version + Fleet_agent_diagnostics: + title: Agent diagnostics + type: object + properties: + id: type: string - isMultiIndex: - type: boolean - type: + name: type: string - key: + createTime: type: string - params: - type: object - value: + filePath: type: string - field: + actionId: type: string - SLOs_filter: - title: Filter - description: Defines properties for a filter + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS + required: + - id + - name + - createTime + - filePath + - actionId + - status + Fleet_get_agent_tags_response: + title: Get Agent Tags response type: object properties: - query: + items: + type: array + items: + type: string + Fleet_new_package_policy: + title: New package policy + type: object + description: '' + properties: + enabled: + type: boolean + package: type: object - meta: - $ref: '#/components/schemas/SLOs_filter_meta' - SLOs_kql_with_filters: - title: KQL with filters - description: Defines properties for a filter - oneOf: - - description: the KQL query to filter the documents with. - type: string - example: 'field.environment : "production" and service.name : "my-service"' - - type: object properties: - kqlQuery: + name: type: string - filters: - type: array - items: - $ref: '#/components/schemas/SLOs_filter' - SLOs_kql_with_filters_good: - title: KQL query for good events - description: The KQL query used to define the good events. - oneOf: - - description: the KQL query to filter the documents with. - type: string - example: 'request.latency <= 150 and request.status_code : "2xx"' - - type: object - properties: - kqlQuery: + version: type: string - filters: - type: array - items: - $ref: '#/components/schemas/SLOs_filter' - SLOs_kql_with_filters_total: - title: KQL query for all events - description: The KQL query used to define all events. - oneOf: - - description: the KQL query to filter the documents with. + title: + type: string + requires_root: + type: boolean + required: + - name + - version + namespace: type: string - example: 'field.environment : "production" and service.name : "my-service"' + output_id: + type: string + deprecated: true + inputs: + type: array + items: + type: object + properties: + type: + type: string + enabled: + type: boolean + processors: + type: array + items: + type: string + streams: + type: array + items: {} + config: + type: object + vars: + type: object + required: + - type + - enabled + policy_id: + type: string + deprecated: true + policy_ids: + type: array + items: + type: string + name: + type: string + description: + type: string + overrides: + type: object + required: + - inputs + - name + Fleet_package_policy: + title: Package policy + allOf: - type: object properties: - kqlQuery: + id: type: string - filters: - type: array - items: - $ref: '#/components/schemas/SLOs_filter' - SLOs_indicator_properties_custom_kql: - title: Custom Query - required: - - type - - params - description: Defines properties for a custom query indicator type + revision: + type: number + inputs: + oneOf: + - type: array + items: {} + - type: object + required: + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + Fleet_agent_policy: + title: Agent Policy type: object properties: - params: - description: An object containing the indicator parameters. - type: object - nullable: false - required: - - index - - timestampField - - good - - total - properties: - index: - description: The index or index pattern to use - type: string - example: my-service-* - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - type: string - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - filter: - $ref: '#/components/schemas/SLOs_kql_with_filters' - good: - $ref: '#/components/schemas/SLOs_kql_with_filters_good' - total: - $ref: '#/components/schemas/SLOs_kql_with_filters_total' - timestampField: - description: | - The timestamp field used in the source indice. - type: string - example: timestamp - type: - description: The type of indicator. + id: type: string - example: sli.kql.custom - SLOs_indicator_properties_apm_latency: - title: APM latency + name: + type: string + namespace: + type: string + description: + type: string + monitoring_enabled: + type: array + items: + type: string + enum: + - metrics + - logs + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + type: boolean + nullable: true + data_output_id: + type: string + nullable: true + monitoring_output_id: + type: string + nullable: true + fleet_server_host_id: + type: string + nullable: true + download_source_id: + type: string + nullable: true + unenroll_timeout: + type: integer + inactivity_timeout: + type: integer + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter + type: array + items: + $ref: '#/components/schemas/Fleet_package_policy' + updated_on: + type: string + format: date-time + updated_by: + type: string + revision: + type: number + agents: + type: number + unprivileged_agents: + type: number + agent_features: + type: array + items: + type: object + properties: + name: + type: string + enabled: + type: boolean + required: + - name + - enabled + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + overrides: + type: object + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true + advanced_settings: + type: object + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs + nullable: true + supports_agentless: + type: boolean + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + global_data_tags: + type: array + items: + type: object + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. required: - - type - - params - description: Defines properties for the APM latency indicator type + - id + - status + - name + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request type: object properties: - params: - description: An object containing the indicator parameters. - type: object - nullable: false - required: - - service - - environment - - transactionType - - transactionName - - index - - threshold - properties: - service: - description: The APM service name - type: string - example: o11y-app - environment: - description: The APM service environment or "*" - type: string - example: production - transactionType: - description: The APM transaction type or "*" - type: string - example: request - transactionName: - description: The APM transaction name or "*" - type: string - example: GET /my/api - filter: - description: KQL query used for filtering the data - type: string - example: 'service.foo : "bar"' - index: - description: The index used by APM metrics - type: string - example: metrics-apm*,apm* - threshold: - description: The latency threshold in milliseconds - type: number - example: 250 - type: - description: The type of indicator. + id: type: string - example: sli.apm.transactionDuration - SLOs_indicator_properties_custom_metric: - title: Custom metric + name: + type: string + namespace: + type: string + description: + type: string + monitoring_enabled: + type: array + items: + type: string + enum: + - metrics + - logs + data_output_id: + type: string + nullable: true + monitoring_output_id: + type: string + nullable: true + fleet_server_host_id: + type: string + nullable: true + download_source_id: + type: string + nullable: true + unenroll_timeout: + type: integer + inactivity_timeout: + type: integer + agent_features: + type: array + items: + type: object + properties: + name: + type: string + enabled: + type: boolean + required: + - name + - enabled + is_protected: + type: boolean + force: + type: boolean + description: Force agent policy creation even if packages are not verified. + global_data_tags: + type: array + items: + type: object + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. required: - - type - - params - description: Defines properties for a custom metric indicator type + - name + - namespace + Fleet_agent_policy_update_request: + title: Update agent policy request type: object properties: - params: - description: An object containing the indicator parameters. - type: object - nullable: false - required: - - index - - timestampField - - good - - total - properties: - index: - description: The index or index pattern to use - type: string - example: my-service-* - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - type: string - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - filter: - description: the KQL query to filter the documents with. - type: string - example: 'field.environment : "production" and service.name : "my-service"' - timestampField: - description: | - The timestamp field used in the source indice. - type: string - example: timestamp - good: - description: | - An object defining the "good" metrics and equation - type: object - required: - - metrics - - equation - properties: - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - type: array - items: - type: object - required: - - name - - aggregation - - field - properties: - name: - description: The name of the metric. Only valid options are A-Z - type: string - example: A - pattern: ^[A-Z]$ - aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" - type: string - example: sum - enum: - - sum - field: - description: The field of the metric. - type: string - example: processor.processed - filter: - description: The filter to apply to the metric. - type: string - example: 'processor.outcome: "success"' - equation: - description: The equation to calculate the "good" metric. - type: string - example: A - total: - description: | - An object defining the "total" metrics and equation - type: object - required: - - metrics - - equation - properties: - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - type: array - items: - type: object - required: - - name - - aggregation - - field - properties: - name: - description: The name of the metric. Only valid options are A-Z - type: string - example: A - pattern: ^[A-Z]$ - aggregation: - description: >- - The aggregation type of the metric. Only valid option - is "sum" - type: string - example: sum - enum: - - sum - field: - description: The field of the metric. - type: string - example: processor.processed - filter: - description: The filter to apply to the metric. - type: string - example: 'processor.outcome: *' - equation: - description: The equation to calculate the "total" metric. - type: string - example: A - type: - description: The type of indicator. + name: + type: string + namespace: + type: string + description: + type: string + monitoring_enabled: + type: array + items: + type: string + enum: + - metrics + - logs + data_output_id: + type: string + nullable: true + monitoring_output_id: + type: string + nullable: true + fleet_server_host_id: type: string - example: sli.metric.custom - SLOs_indicator_properties_histogram: - title: Histogram indicator + nullable: true + download_source_id: + type: string + nullable: true + unenroll_timeout: + type: integer + inactivity_timeout: + type: integer + agent_features: + type: array + items: + type: object + properties: + name: + type: string + enabled: + type: boolean + required: + - name + - enabled + is_protected: + type: boolean + force: + type: boolean + description: Force agent policy creation even if packages are not verified. required: - - type - - params - description: Defines properties for a histogram indicator type + - name + - namespace + Fleet_full_agent_policy_output: + title: Full agent policy type: object properties: - params: - description: An object containing the indicator parameters. + hosts: + type: array + items: + type: string + ca_sha256: + type: string + nullable: true + proxy_url: + type: string + proxy_headers: {} + type: {} + additionalProperties: type: object - nullable: false - required: - - index - - timestampField - - good - - total properties: - index: - description: The index or index pattern to use - type: string - example: my-service-* - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. - type: string - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - filter: - description: the KQL query to filter the documents with. - type: string - example: 'field.environment : "production" and service.name : "my-service"' - timestampField: - description: | - The timestamp field used in the source indice. - type: string - example: timestamp - good: - description: | - An object defining the "good" events - type: object - required: - - aggregation - - field - properties: - field: - description: The field use to aggregate the good events. - type: string - example: processor.latency - aggregation: - description: The type of aggregation to use. - type: string - example: value_count - enum: - - value_count - - range - filter: - description: The filter for good events. + text: {} + required: + - type + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + title: Full agent policy output permissions + additionalProperties: + type: object + properties: + packagePolicyName: + type: string + data: + type: object + properties: + cluster: + type: array + items: type: string - example: 'processor.outcome: "success"' - from: - description: >- - The starting value of the range. Only required for "range" - aggregations. - type: number - example: 0 - to: - description: >- - The ending value of the range. Only required for "range" - aggregations. - type: number - example: 100 - total: - description: | - An object defining the "total" events - type: object - required: - - aggregation - - field + indices: + type: array + items: + type: object + properties: + names: + type: array + items: + type: string + privileges: + type: array + items: + type: string + Fleet_full_agent_policy: + title: Full agent policy + type: object + properties: + id: + type: string + outputs: + type: object + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + output_permissions: + type: object + additionalProperties: + type: object + properties: + output: + type: integer + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + fleet: + oneOf: + - type: object properties: - field: - description: The field use to aggregate the good events. - type: string - example: processor.latency - aggregation: - description: The type of aggregation to use. - type: string - example: value_count - enum: - - value_count - - range - filter: - description: The filter for total events. + hosts: + type: array + items: + type: string + proxy_url: type: string - example: 'processor.outcome : *' - from: - description: >- - The starting value of the range. Only required for "range" - aggregations. - type: number - example: 0 - to: - description: >- - The ending value of the range. Only required for "range" - aggregations. - type: number - example: 100 - type: - description: The type of indicator. + proxy_headers: {} + ssl: + type: object + properties: + verification_mode: + type: string + certificate: + type: string + key: + type: string + certificate_authorities: + type: array + items: + type: string + renegotiation: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + type: array + items: + type: string + protocol: + type: string + path: + type: string + inputs: type: string - example: sli.histogram.custom - SLOs_timeslice_metric_basic_metric_with_field: - title: Timeslice Metric Basic Metric with Field + revision: + type: number + agent: + type: string + nullable: true + secret_references: + type: array + items: + type: object + properties: + id: + type: string required: - - name - - aggregation - - field + - id + - outputs + - inputs + Fleet_agent_policy_full: + title: Agent policy full response + type: object + oneOf: + - type: object + properties: + item: + type: string + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + Fleet_data_stream: + title: Data stream type: object properties: - name: - description: The name of the metric. Only valid options are A-Z - type: string - example: A - pattern: ^[A-Z]$ - aggregation: - description: The aggregation type of the metric. + index: type: string - example: sum - enum: - - sum - - avg - - min - - max - - std_deviation - - last_value - - cardinality - field: - description: The field of the metric. + dataset: type: string - example: processor.processed - filter: - description: The filter to apply to the metric. + namespace: type: string - example: 'processor.outcome: "success"' - SLOs_timeslice_metric_percentile_metric: - title: Timeslice Metric Percentile Metric - required: - - name - - aggregation - - field - - percentile - type: object - properties: - name: - description: The name of the metric. Only valid options are A-Z + type: type: string - example: A - pattern: ^[A-Z]$ - aggregation: - description: >- - The aggregation type of the metric. Only valid option is - "percentile" + package: type: string - example: percentile - enum: - - percentile - field: - description: The field of the metric. + package_version: type: string - example: processor.processed - percentile: - description: The percentile value. + last_activity_ms: + type: number + size_in_bytes: type: number - example: 95 - filter: - description: The filter to apply to the metric. + size_in_bytes_formatted: type: string - example: 'processor.outcome: "success"' - SLOs_timeslice_metric_doc_count_metric: - title: Timeslice Metric Doc Count Metric - required: - - name - - aggregation + dashboard: + type: array + items: + type: object + properties: + id: + type: string + title: + type: string + Fleet_enrollment_api_key: + title: Enrollment API key type: object properties: + id: + type: string + api_key_id: + type: string + api_key: + type: string name: - description: The name of the metric. Only valid options are A-Z type: string - example: A - pattern: ^[A-Z]$ - aggregation: - description: The aggregation type of the metric. Only valid option is "doc_count" + active: + type: boolean + policy_id: type: string - example: doc_count - enum: - - doc_count - filter: - description: The filter to apply to the metric. + created_at: type: string - example: 'processor.outcome: "success"' - SLOs_indicator_properties_timeslice_metric: - title: Timeslice metric required: - - type - - params - description: Defines properties for a timeslice metric indicator type + - id + - api_key_id + - api_key + - active + - created_at + Fleet_package_policy_request: + title: Package Policy Request type: object properties: - params: - description: An object containing the indicator parameters. + id: + type: string + description: Package policy unique identifier + name: + type: string + description: Package policy name (should be unique) + example: nginx-123 + description: + type: string + description: Package policy description + example: my description + namespace: + type: string + description: >- + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace + policy_id: + type: string + description: Agent policy ID where that package policy will be added + example: agent-policy-id + deprecated: true + policy_ids: + type: array + items: + type: string + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id + package: type: object - nullable: false - required: - - index - - timestampField - - metric properties: - index: - description: The index or index pattern to use - type: string - example: my-service-* - dataViewId: - description: >- - The kibana data view id to use, primarily used to include data - view runtime mappings. Make sure to save SLO again if you - add/update run time fields to the data view and if those fields - are being used in slo queries. + name: type: string - example: 03b80ab3-003d-498b-881c-3beedbaf1162 - filter: - description: the KQL query to filter the documents with. + description: Package name + example: nginx + version: type: string - example: 'field.environment : "production" and service.name : "my-service"' - timestampField: - description: | - The timestamp field used in the source indice. + description: Package version + example: 1.6.0 + required: + - name + - version + vars: + type: object + description: >- + Package root level variable (see integration documentation for more + information) + inputs: + type: object + description: >- + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + paths: + - /var/log/nginx/access.log* + tags: + - nginx-access + preserve_original_event: false + ignore_older: 72h + additionalProperties: + type: object + properties: + enabled: + type: boolean + description: enable or disable that input, (default to true) + vars: + type: object + description: >- + Input level variable (see integration documentation for more + information) + streams: + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + additionalProperties: + type: object + properties: + enabled: + type: boolean + description: enable or disable that stream, (default to true) + vars: + type: object + description: >- + Stream level variable (see integration documentation for + more information) + overrides: + type: object + properties: + inputs: + type: object + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true + force: + type: boolean + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + required: + - name + - package + Fleet_upgrade_diff: + title: Package policy Upgrade dryrun + type: array + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - type: object + allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + type: array + items: + type: object + properties: + key: + type: string + message: + type: string + missingVars: + type: array + items: + type: string + Fleet_full_agent_policy_input_stream: + title: Full agent policy input stream + allOf: + - type: object + additionalProperties: true + properties: + id: type: string - example: timestamp - metric: - description: > - An object defining the metrics, equation, and threshold to - determine if it's a good slice or not + data_stream: type: object - required: - - metrics - - equation - - comparator - - threshold properties: - metrics: - description: >- - List of metrics with their name, aggregation type, and - field. - type: array - items: - anyOf: - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_basic_metric_with_field - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_percentile_metric - - $ref: >- - #/components/schemas/SLOs_timeslice_metric_doc_count_metric - equation: - description: The equation to calculate the metric. + dataset: type: string - example: A - comparator: - description: >- - The comparator to use to compare the equation to the - threshold. + type: type: string - example: GT - enum: - - GT - - GTE - - LT - - LTE - threshold: - description: >- - The threshold used to determine if the metric is a good - slice or not. - type: number - example: 100 - type: - description: The type of indicator. - type: string - example: sli.metric.timeslice - SLOs_time_window: - title: Time window - required: - - duration - - type - description: Defines properties for the SLO time window - type: object - properties: - duration: - description: >- - the duration formatted as {duration}{unit}. Accepted values for - rolling: 7d, 30d, 90d. Accepted values for calendar aligned: 1w - (weekly) or 1M (monthly) - type: string - example: 30d - type: - description: >- - Indicates weither the time window is a rolling or a calendar aligned - time window. - type: string - example: rolling - enum: - - rolling - - calendarAligned - SLOs_budgeting_method: - title: Budgeting method - type: string - description: The budgeting method to use when computing the rollup data. - enum: - - occurrences - - timeslices - example: occurrences - SLOs_objective: - title: Objective - required: - - target - description: Defines properties for the SLO objective - type: object - properties: - target: - description: the target objective between 0 and 1 excluded - type: number - minimum: 0 - maximum: 100 - exclusiveMinimum: true - exclusiveMaximum: true - example: 0.99 - timesliceTarget: - description: >- - the target objective for each slice when using a timeslices - budgeting method - type: number - minimum: 0 - maximum: 100 - example: 0.995 - timesliceWindow: - description: >- - the duration of each slice when using a timeslices budgeting method, - as {duraton}{unit} - type: string - example: 5m - SLOs_settings: - title: Settings - description: Defines properties for SLO settings. + required: + - dataset + - type + required: + - id + - data_stream + Fleet_full_agent_policy_input: + title: Full agent policy input + allOf: + - type: object + additionalProperties: true + properties: + id: + type: string + name: + type: string + revision: + type: number + type: + type: string + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + use_output: + type: string + meta: + type: object + additionalProperties: true + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + required: + - id + - name + - revision + - type + - data_stream + - use_output + Fleet_upgrade_agent_diff: + title: Package policy Upgrade dryrun + type: array + items: + type: array + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + Fleet_output_create_request_elasticsearch: + title: elasticsearch type: object properties: - syncDelay: - description: The synch delay to apply to the transform. Default 1m - type: string - default: 1m - example: 5m - frequency: - description: Configure how often the transform runs, default 1m + id: type: string - default: 1m - example: 5m - preventInitialBackfill: - description: Prevents the transform from backfilling data when it starts. + is_default: type: boolean - default: false - example: true - SLOs_summary_status: - title: summary status - type: string - enum: - - NO_DATA - - HEALTHY - - DEGRADING - - VIOLATED - example: HEALTHY - SLOs_error_budget: - title: Error budget - type: object - required: - - initial - - consumed - - remaining - - isEstimated - properties: - initial: - type: number - description: The initial error budget, as 1 - objective - example: 0.02 - consumed: - type: number - description: The error budget consummed, as a percentage of the initial value. - example: 0.8 - remaining: - type: number - description: The error budget remaining, as a percentage of the initial value. - example: 0.2 - isEstimated: + is_default_monitoring: type: boolean - description: >- - Only for SLO defined with occurrences budgeting method and calendar - aligned time window. - example: true - SLOs_summary: - title: Summary - type: object - description: The SLO computed data - required: - - status - - sliValue - - errorBudget - properties: - status: - $ref: '#/components/schemas/SLOs_summary_status' - sliValue: - type: number - example: 0.9836 - errorBudget: - $ref: '#/components/schemas/SLOs_error_budget' - SLOs_slo_with_summary_response: - title: SLO response - type: object + is_internal: + type: boolean + name: + type: string + type: + type: string + enum: + - elasticsearch + hosts: + type: array + items: + type: string + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + preset: + type: string + enum: + - balanced + - custom + - throughput + - scale + - latency + config_yaml: + type: string + ssl: + type: object + properties: + certificate_authorities: + type: array + items: + type: string + certificate: + type: string + key: + type: string + proxy_id: + type: string + shipper: + type: object + properties: + disk_queue_enabled: + type: boolean + disk_queue_path: + type: string + disk_queue_max_size: + type: number + disk_queue_encryption_enabled: + type: boolean + disk_queue_compression_enabled: + type: boolean + compression_level: + type: number + loadbalance: + type: boolean required: - - id - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - - settings - - revision - - summary - - enabled - - groupBy - - instanceId - - tags - - createdAt - - updatedAt - - version + Fleet_output_create_request_kafka: + title: kafka + type: object properties: id: - description: The identifier of the SLO. type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The name of the SLO. type: string - example: My Service SLO - description: - description: The description of the SLO. + type: type: string - example: My SLO description - indicator: - discriminator: - propertyName: type - mapping: - sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' - sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' - sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' - sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' - sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' - sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - revision: - description: The SLO revision + enum: + - kafka + hosts: + type: array + items: + type: string + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + ssl: + type: object + properties: + certificate_authorities: + type: array + items: + type: string + certificate: + type: string + key: + type: string + verification_mode: + type: string + enum: + - none + - full + - certificate + - strict + proxy_id: + type: string + shipper: + type: object + properties: + disk_queue_enabled: + type: boolean + disk_queue_path: + type: string + disk_queue_max_size: + type: number + disk_queue_encryption_enabled: + type: boolean + disk_queue_compression_enabled: + type: boolean + compression_level: + type: number + loadbalance: + type: boolean + version: + type: string + key: + type: string + compression: + type: string + compression_level: type: number - example: 2 - summary: - $ref: '#/components/schemas/SLOs_summary' - enabled: - description: Indicate if the SLO is enabled - type: boolean - example: true - groupBy: - description: optional group by field to use to generate an SLO per distinct value + client_id: type: string - example: some.field - instanceId: - description: the value derived from the groupBy field, if present, otherwise '*' + auth_type: type: string - example: host-abcde - tags: - description: List of tags + connection_type: + type: string + enum: + - plaintext + - encryption + username: + type: string + password: + type: string + sasl: + type: object + properties: + mechanism: + type: string + partition: + type: string + random: + type: object + properties: + group_events: + type: number + round_robin: + type: object + properties: + group_events: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + type: array + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + type: + type: string + condition: + type: string + headers: type: array items: - type: string - createdAt: - description: The creation date - type: string - example: '2023-01-12T10:03:19.000Z' - updatedAt: - description: The last update date - type: string - example: '2023-01-12T10:03:19.000Z' - version: - description: The internal SLO version - type: number - example: 2 - SLOs_find_slo_response: - title: Find SLO response - description: | - A paginated response of SLOs matching the query. - type: object - properties: - page: + type: object + properties: + key: + type: string + value: + type: string + timeout: type: number - example: 1 - perPage: + broker_timeout: type: number - example: 25 - total: + required_acks: type: number - example: 34 - results: - type: array - items: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - SLOs_400_response: - title: Bad request - type: object + secrets: + type: object + properties: + password: + type: string + ssl: + type: object + properties: + key: + type: string required: - - statusCode - - error - - message - properties: - statusCode: - type: number - example: 400 - error: - type: string - example: Bad Request - message: - type: string - example: 'Invalid value ''foo'' supplied to: [...]' - SLOs_401_response: - title: Unauthorized + - name + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash type: object - required: - - statusCode - - error - - message properties: - statusCode: - type: number - example: 401 - error: + id: type: string - example: Unauthorized - message: + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: type: string - example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" - SLOs_403_response: - title: Unauthorized - type: object - required: - - statusCode - - error - - message - properties: - statusCode: - type: number - example: 403 - error: + type: type: string - example: Unauthorized - message: + enum: + - logstash + hosts: + type: array + items: + type: string + ca_sha256: type: string - example: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastics] for REST request [/_security/_authenticate]]: unable to authenticate user [elastics] for REST request [/_security/_authenticate]" - SLOs_404_response: - title: Not found - type: object - required: - - statusCode - - error - - message - properties: - statusCode: - type: number - example: 404 - error: + ca_trusted_fingerprint: type: string - example: Not Found - message: + config: + type: object + config_yaml: type: string - example: SLO [3749f390-03a3-11ee-8139-c7ff60a1692d] not found - SLOs_create_slo_request: - title: Create SLO request - description: > - The create SLO API request body varies depending on the type of - indicator, time window and budgeting method. - type: object + ssl: + type: object + properties: + certificate_authorities: + type: array + items: + type: string + certificate: + type: string + key: + type: string + proxy_id: + type: string + shipper: + type: object + properties: + disk_queue_enabled: + type: boolean + disk_queue_path: + type: string + disk_queue_max_size: + type: number + disk_queue_encryption_enabled: + type: boolean + disk_queue_compression_enabled: + type: boolean + compression_level: + type: number + loadbalance: + type: boolean + secrets: + type: object + properties: + ssl: + type: object + properties: + key: + type: string required: - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective + - hosts + - type + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch + type: object properties: id: - description: >- - A optional and unique identifier for the SLO. Must be between 8 and - 36 chars type: string - example: my-super-slo-id + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: A name for the SLO. type: string - description: - description: A description for the SLO. - type: string - indicator: - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - groupBy: - description: optional group by field to use to generate an SLO per distinct value + type: type: string - example: some.field - tags: - description: List of tags + enum: + - remote_elasticsearch + hosts: type: array items: type: string - SLOs_create_slo_response: - title: Create SLO response - type: object - required: - - id - properties: - id: + service_token: type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - SLOs_409_response: - title: Conflict - type: object + secrets: + type: object + properties: + service_token: + type: string required: - - statusCode - - error - - message - properties: - statusCode: - type: number - example: 409 - error: - type: string - example: Conflict - message: - type: string - example: SLO [d077e940-1515-11ee-9c50-9d096392f520] already exists - SLOs_update_slo_request: - title: Update SLO request - description: > - The update SLO API request body varies depending on the type of - indicator, time window and budgeting method. Partial update is handled. + - name + Fleet_output_create_request: + title: Output + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + discriminator: + propertyName: type + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + Fleet_output_update_request_elasticsearch: + title: elasticsearch type: object properties: - name: - description: A name for the SLO. + id: type: string - description: - description: A description for the SLO. + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: type: string - indicator: - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - tags: - description: List of tags + type: + type: string + enum: + - elasticsearch + hosts: type: array items: type: string - SLOs_slo_definition_response: - title: SLO definition response - type: object + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + preset: + type: string + enum: + - balanced + - custom + - throughput + - scale + - latency + config_yaml: + type: string + ssl: + type: object + properties: + certificate_authorities: + type: array + items: + type: string + certificate: + type: string + key: + type: string + proxy_id: + type: string + shipper: + type: object + properties: + disk_queue_enabled: + type: boolean + disk_queue_path: + type: string + disk_queue_max_size: + type: number + disk_queue_encryption_enabled: + type: boolean + disk_queue_compression_enabled: + type: boolean + compression_level: + type: number + loadbalance: + type: boolean required: - - id - name - - description - - indicator - - timeWindow - - budgetingMethod - - objective - - settings - - revision - - enabled - - groupBy - - tags - - createdAt - - updatedAt - - version + - hosts + - type + Fleet_output_update_request_kafka: + title: kafka + type: object properties: id: - description: The identifier of the SLO. type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The name of the SLO. - type: string - example: My Service SLO - description: - description: The description of the SLO. type: string - example: My SLO description - indicator: - discriminator: - propertyName: type - mapping: - sli.apm.transactionErrorRate: '#/components/schemas/SLOs_indicator_properties_apm_availability' - sli.kql.custom: '#/components/schemas/SLOs_indicator_properties_custom_kql' - sli.apm.transactionDuration: '#/components/schemas/SLOs_indicator_properties_apm_latency' - sli.metric.custom: '#/components/schemas/SLOs_indicator_properties_custom_metric' - sli.histogram.custom: '#/components/schemas/SLOs_indicator_properties_histogram' - sli.metric.timeslice: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - oneOf: - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_kql' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_availability' - - $ref: '#/components/schemas/SLOs_indicator_properties_apm_latency' - - $ref: '#/components/schemas/SLOs_indicator_properties_custom_metric' - - $ref: '#/components/schemas/SLOs_indicator_properties_histogram' - - $ref: '#/components/schemas/SLOs_indicator_properties_timeslice_metric' - timeWindow: - $ref: '#/components/schemas/SLOs_time_window' - budgetingMethod: - $ref: '#/components/schemas/SLOs_budgeting_method' - objective: - $ref: '#/components/schemas/SLOs_objective' - settings: - $ref: '#/components/schemas/SLOs_settings' - revision: - description: The SLO revision - type: number - example: 2 - enabled: - description: Indicate if the SLO is enabled - type: boolean - example: true - groupBy: - description: optional group by field to use to generate an SLO per distinct value + type: type: string - example: some.field - tags: - description: List of tags + enum: + - kafka + hosts: type: array items: type: string - createdAt: - description: The creation date + ca_sha256: type: string - example: '2023-01-12T10:03:19.000Z' - updatedAt: - description: The last update date + ca_trusted_fingerprint: type: string - example: '2023-01-12T10:03:19.000Z' + config: + type: object + config_yaml: + type: string + ssl: + type: object + properties: + certificate_authorities: + type: array + items: + type: string + certificate: + type: string + key: + type: string + verification_mode: + type: string + enum: + - none + - full + - certificate + - strict + proxy_id: + type: string + shipper: + type: object + properties: + disk_queue_enabled: + type: boolean + disk_queue_path: + type: string + disk_queue_max_size: + type: number + disk_queue_encryption_enabled: + type: boolean + disk_queue_compression_enabled: + type: boolean + compression_level: + type: number + loadbalance: + type: boolean version: - description: The internal SLO version + type: string + key: + type: string + compression: + type: string + compression_level: type: number - example: 2 - SLOs_delete_slo_instances_request: - title: Delete SLO instances request - description: > - The delete SLO instances request takes a list of SLO id and instance id, - then delete the rollup and summary data. This API can be used to remove - the staled data of an instance SLO that no longer get updated. - type: object - required: - - list - properties: - list: - description: An array of slo id and instance id + client_id: + type: string + auth_type: + type: string + connection_type: + type: string + enum: + - plaintext + - encryption + username: + type: string + password: + type: string + sasl: + type: object + properties: + mechanism: + type: string + partition: + type: string + random: + type: object + properties: + group_events: + type: number + round_robin: + type: object + properties: + group_events: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. type: array items: type: object - required: - - sloId - - instanceId properties: - sloId: - description: The SLO unique identifier + topic: type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 - instanceId: - description: The SLO instance identifier + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + type: + type: string + condition: + type: string + headers: + type: array + items: + type: object + properties: + key: type: string - example: 8853df00-ae2e-11ed-90af-09bb6422b258 + value: + type: string + timeout: + type: number + broker_timeout: + type: number + required_acks: + type: number + required: + - name + Fleet_output_update_request_logstash: + title: logstash + type: object + properties: + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + type: + type: string + enum: + - logstash + hosts: + type: array + items: + type: string + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + ssl: + type: object + properties: + certificate_authorities: + type: array + items: + type: string + certificate: + type: string + key: + type: string + proxy_id: + type: string + shipper: + type: object + properties: + disk_queue_enabled: + type: boolean + disk_queue_path: + type: string + disk_queue_max_size: + type: number + disk_queue_encryption_enabled: + type: boolean + disk_queue_compression_enabled: + type: boolean + compression_level: + type: number + loadbalance: + type: boolean + required: + - name + Fleet_output_update_request: + title: Output + oneOf: + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + discriminator: + propertyName: type + mapping: + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' Kibana_HTTP_APIs_core_status_redactedResponse: additionalProperties: false description: A minimal representation of Kibana's operational status. @@ -22134,7 +28464,33 @@ components: application/json: schema: $ref: '#/components/schemas/Connectors_action_response_properties' + Fleet_error: + description: Generic Error + content: + application/json: + schema: + type: object + properties: + statusCode: + type: number + error: + type: string + message: + type: string securitySchemes: + Fleet_basicAuth: + type: http + scheme: basic + Fleet_Enrollment_API_Key: + name: Authorization + type: apiKey + in: header + description: 'e.g. Authorization: ApiKey base64EnrollmentApiKey' + Fleet_Access_API_Key: + name: Authorization + type: apiKey + in: header + description: 'e.g. Authorization: ApiKey base64AccessApiKey' Kibana_HTTP_APIs_apiKeyAuth: in: header name: Authorization @@ -22168,6 +28524,24 @@ x-tagGroups: - name: SLOs tags: - slo + - name: Fleet + tags: + - Data streams + - Elastic Agents + - Elastic Agent actions + - Elastic Agent binary download sources + - Elastic Agent policies + - Elastic Agent status + - Elastic Package Manager (EPM) + - Fleet enrollment API keys + - Fleet internals + - Fleet Server hosts + - Fleet Kubernetes + - Fleet outputs + - Fleet package policies + - Fleet proxies + - Fleet service tokens + - Fleet uninstall tokens - name: Kibana HTTP APIs tags: - system diff --git a/oas_docs/overlays/kibana.overlays.yaml b/oas_docs/overlays/kibana.overlays.yaml index 948f81f522017..6204abce7cb65 100644 --- a/oas_docs/overlays/kibana.overlays.yaml +++ b/oas_docs/overlays/kibana.overlays.yaml @@ -67,58 +67,99 @@ actions: If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier. To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/current/xpack-spaces.html). - # Add some tag descriptions and displayNames - - target: '$.tags[?(@.name=="alerting")]' - description: Change tag description and displayName - update: - description: > - Alerting enables you to define rules, which detect complex conditions within your data. - When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. - Actions typically involve the use of connectors to interact with Kibana services or third party integrations. - externalDocs: - description: Alerting documentation - url: https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html - x-displayName: "Alerting" - - target: '$.tags[?(@.name=="cases")]' - description: Change tag description and displayName - update: - description: > - Cases are used to open and track issues. - You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. - You can also send cases to external incident management systems by configuring connectors. - externalDocs: - description: Cases documentation - url: https://www.elastic.co/guide/en/kibana/current/cases.html - x-displayName: "Cases" - - target: '$.tags[?(@.name=="connectors")]' - description: Change tag description and displayName - update: - description: > - Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. - Alerting rules can use connectors to run actions when rule conditions are met. - externalDocs: - description: Connector documentation - url: https://www.elastic.co/guide/en/kibana/current/action-types.html - x-displayName: "Connectors" - - target: '$.tags[?(@.name=="data views")]' - description: Change displayName - update: - x-displayName: "Data views" - - target: '$.tags[?(@.name=="ml")]' - description: Change displayName - update: - x-displayName: "Machine learning" - - target: '$.tags[?(@.name=="saved objects")]' - description: Change displayName - update: - x-displayName: "Saved objects" - - target: '$.tags[?(@.name=="slo")]' - description: Change displayName - update: - x-displayName: "Service level objectives" - - target: '$.tags[?(@.name=="system")]' - description: Change displayName + # Fix tag sorting + - target: '$.tags' + description: Remove global tags + remove: true + - target: '$' + description: Add sorted list of tags update: - x-displayName: "System" - description: > - Get information about the system status, resource usage, and installed plugins. + tags: + - name: alerting + description: > + Alerting enables you to define rules, which detect complex conditions within your data. + When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. + Actions typically involve the use of connectors to interact with Kibana services or third party integrations. + externalDocs: + description: Alerting documentation + url: https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html + x-displayName: "Alerting" + - name: APM agent keys + description: > + Configure APM agent keys to authorize requests from APM agents to the APM + Server. + x-displayName: APM agent keys + - name: APM annotations + description: > + Annotate visualizations in the APM app with significant events. + Annotations enable you to easily see how events are impacting the + performance of your applications. + x-displayName: APM annotations + - name: cases + description: > + Cases are used to open and track issues. + You can add assignees and tags to your cases, set their severity and status, and add alerts, comments, and visualizations. + You can also send cases to external incident management systems by configuring connectors. + externalDocs: + description: Cases documentation + url: https://www.elastic.co/guide/en/kibana/current/cases.html + x-displayName: "Cases" + - name: connectors + description: > + Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. + Alerting rules can use connectors to run actions when rule conditions are met. + externalDocs: + description: Connector documentation + url: https://www.elastic.co/guide/en/kibana/current/action-types.html + x-displayName: "Connectors" + - name: Data streams + x-displayName: Data streams + - name: data views + description: >- + Data view APIs enable you to manage data views, formerly known as Kibana + index patterns. + x-displayName: "Data views" + - name: Elastic Agents + x-displayName: Elastic Agents + - name: Elastic Agent actions + x-displayName: Elastic Agent actions + - name: Elastic Agent binary download sources + x-displayName: Elastic Agent binary download sources + - name: Elastic Agent policies + x-displayName: Elastic Agent policies + - name: Elastic Agent status + x-displayName: Elastic Agent status + - name: Elastic Package Manager (EPM) + x-displayName: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + x-displayName: Fleet enrollment API keys + - name: Fleet internals + x-displayName: Fleet internals + - name: Fleet Kubernetes + x-displayName: Fleet Kubernetes + - name: Fleet outputs + x-displayName: Fleet outputs + - name: Fleet package policies + x-displayName: Fleet package policies + - name: Fleet proxies + x-displayName: Fleet proxies + - name: Fleet Server hosts + x-displayName: Fleet Server hosts + - name: Fleet service tokens + x-displayName: Fleet service tokens + - name: Fleet uninstall tokens + x-displayName: Fleet uninstall tokens + - name: ml + x-displayName: "Machine learning" + - name: saved objects + description: >- + Manage Kibana saved objects, including dashboards, visualizations, and + more. + x-displayName: "Saved objects" + - name: slo + description: SLO APIs enable you to define, manage and track service-level objectives + x-displayName: "Service level objectives" + - name: system + x-displayName: "System" + description: > + Get information about the system status, resource usage, and installed plugins. \ No newline at end of file diff --git a/x-pack/plugins/fleet/common/openapi/bundled.json b/x-pack/plugins/fleet/common/openapi/bundled.json index cf3ee35fca6df..8e40077992671 100644 --- a/x-pack/plugins/fleet/common/openapi/bundled.json +++ b/x-pack/plugins/fleet/common/openapi/bundled.json @@ -1,6 +1,55 @@ { "openapi": "3.0.0", - "tags": [], + "tags": [ + { + "name": "Data streams" + }, + { + "name": "Elastic Agents" + }, + { + "name": "Elastic Agent actions" + }, + { + "name": "Elastic Agent binary download sources" + }, + { + "name": "Elastic Agent policies" + }, + { + "name": "Elastic Agent status" + }, + { + "name": "Elastic Package Manager (EPM)" + }, + { + "name": "Fleet enrollment API keys" + }, + { + "name": "Fleet internals" + }, + { + "name": "Fleet Server hosts" + }, + { + "name": "Fleet Kubernetes" + }, + { + "name": "Fleet outputs" + }, + { + "name": "Fleet package policies" + }, + { + "name": "Fleet proxies" + }, + { + "name": "Fleet service tokens" + }, + { + "name": "Fleet uninstall tokens" + } + ], "info": { "title": "Fleet", "description": "OpenAPI schema for Fleet API endpoints", @@ -243,7 +292,7 @@ "post": { "summary": "Create service token", "tags": [ - "Service tokens" + "Fleet service tokens" ], "responses": { "200": { @@ -281,7 +330,7 @@ "post": { "summary": "Create service token", "tags": [ - "Service tokens" + "Fleet service tokens" ], "responses": { "200": { @@ -1649,7 +1698,7 @@ "get": { "summary": "Get agent setup info", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -1676,7 +1725,7 @@ "post": { "summary": "Initiate agent setup", "tags": [ - "Agents" + "Elastic Agents" ], "operationId": "setup-agents", "responses": { @@ -1726,7 +1775,7 @@ "get": { "summary": "Get agent status summary", "tags": [ - "Agent status" + "Elastic Agent status" ], "responses": { "200": { @@ -1797,7 +1846,7 @@ "get": { "summary": "Get agent status summary", "tags": [ - "Agent status" + "Elastic Agent status" ], "responses": { "200": { @@ -1888,7 +1937,7 @@ "get": { "summary": "Get incoming agent data", "tags": [ - "Agent status" + "Elastic Agent status" ], "responses": { "200": { @@ -1941,7 +1990,7 @@ "get": { "summary": "List agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2002,7 +2051,7 @@ "post": { "summary": "List agents by action ids", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2052,7 +2101,7 @@ "post": { "summary": "Bulk upgrade agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2106,7 +2155,7 @@ "get": { "summary": "Get agent action status", "tags": [ - "Agent actions" + "Elastic Agent actions" ], "parameters": [ { @@ -2276,7 +2325,7 @@ "get": { "summary": "Get agent by ID", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2311,7 +2360,7 @@ "put": { "summary": "Update agent by ID", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2367,7 +2416,7 @@ "delete": { "summary": "Delete agent by ID", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2417,7 +2466,7 @@ "post": { "summary": "Create agent action", "tags": [ - "Agent actions" + "Elastic Agent actions" ], "responses": { "200": { @@ -2493,7 +2542,7 @@ "post": { "summary": "Cancel agent action", "tags": [ - "Agent actions" + "Elastic Agent actions" ], "responses": { "200": { @@ -2545,7 +2594,7 @@ "get": { "summary": "Get file uploaded by agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2593,7 +2642,7 @@ "delete": { "summary": "Delete file uploaded by agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2640,7 +2689,7 @@ "post": { "summary": "Reassign agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2685,7 +2734,7 @@ "put": { "summary": "Reassign agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2743,7 +2792,7 @@ "post": { "summary": "Unenroll agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2820,7 +2869,7 @@ "post": { "summary": "Upgrade agent", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2869,7 +2918,7 @@ "get": { "summary": "List agent uploads", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2906,7 +2955,7 @@ "post": { "summary": "Bulk reassign agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -2978,7 +3027,7 @@ "post": { "summary": "Bulk unenroll agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3061,7 +3110,7 @@ "post": { "summary": "Bulk update agent tags", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3151,7 +3200,7 @@ "get": { "summary": "List agent tags", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3185,7 +3234,7 @@ "post": { "summary": "Request agent diagnostics", "tags": [ - "Agents" + "Elastic Agents" ], "requestBody": { "content": { @@ -3243,7 +3292,7 @@ "post": { "summary": "Bulk request diagnostics from agents", "tags": [ - "Agents" + "Elastic Agents" ], "responses": { "200": { @@ -3325,7 +3374,7 @@ "get": { "summary": "List agent policies", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3398,7 +3447,7 @@ "post": { "summary": "Create agent policy", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3452,7 +3501,7 @@ "get": { "summary": "Get agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3484,7 +3533,7 @@ "put": { "summary": "Update agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "responses": { "200": { @@ -3540,7 +3589,7 @@ "post": { "summary": "Copy agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "agent-policy-copy", "parameters": [ @@ -3598,7 +3647,7 @@ "get": { "summary": "Get full agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "agent-policy-full", "responses": { @@ -3668,7 +3717,7 @@ "get": { "summary": "Download agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "agent-policy-download", "responses": { @@ -3731,7 +3780,7 @@ "post": { "summary": "Bulk get agent policies", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "requestBody": { "content": { @@ -3796,7 +3845,7 @@ "post": { "summary": "Delete agent policy by ID", "tags": [ - "Agent policies" + "Elastic Agent policies" ], "operationId": "delete-agent-policy", "responses": { @@ -3892,7 +3941,7 @@ "get": { "summary": "List enrollment API keys", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -3946,7 +3995,7 @@ "post": { "summary": "Create enrollment API key", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -3997,7 +4046,7 @@ "get": { "summary": "Get enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4028,7 +4077,7 @@ "delete": { "summary": "Delete enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4069,7 +4118,7 @@ "get": { "summary": "List enrollment API keys", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4122,7 +4171,7 @@ "post": { "summary": "Create enrollment API key", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4172,7 +4221,7 @@ "get": { "summary": "Get enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4202,7 +4251,7 @@ "delete": { "summary": "Delete enrollment API key by ID", "tags": [ - "Enrollment API keys" + "Fleet enrollment API keys" ], "responses": { "200": { @@ -4242,7 +4291,7 @@ "get": { "summary": "List package policies", "tags": [ - "Package policies" + "Fleet package policies" ], "responses": { "200": { @@ -4300,7 +4349,7 @@ "post": { "summary": "Create package policy", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "create-package-policy", "responses": { @@ -4353,7 +4402,7 @@ "post": { "summary": "Bulk get package policies", "tags": [ - "Package policies" + "Fleet package policies" ], "requestBody": { "content": { @@ -4418,7 +4467,7 @@ "post": { "summary": "Delete package policy", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "post-delete-package-policy", "requestBody": { @@ -4488,7 +4537,7 @@ "post": { "summary": "Upgrade package policy to a newer package version", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "upgrade-package-policy", "requestBody": { @@ -4553,7 +4602,7 @@ "post": { "summary": "Dry run package policy upgrade", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "upgrade-package-policy-dry-run", "requestBody": { @@ -4627,7 +4676,7 @@ "get": { "summary": "Get package policy by ID", "tags": [ - "Package policies" + "Fleet package policies" ], "responses": { "200": { @@ -4662,7 +4711,7 @@ "put": { "summary": "Update package policy by ID", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "update-package-policy", "requestBody": { @@ -4713,7 +4762,7 @@ "delete": { "summary": "Delete package policy by ID", "tags": [ - "Package policies" + "Fleet package policies" ], "operationId": "delete-package-policy", "responses": { @@ -4754,7 +4803,7 @@ "get": { "summary": "List outputs", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4793,7 +4842,7 @@ "post": { "summary": "Create output", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4832,7 +4881,7 @@ "get": { "summary": "Get output by ID", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4869,7 +4918,7 @@ "delete": { "summary": "Delete output by ID", "tags": [ - "Outputs" + "Fleet outputs" ], "operationId": "delete-output", "responses": { @@ -4904,7 +4953,7 @@ "put": { "summary": "Update output by ID", "tags": [ - "Outputs" + "Fleet outputs" ], "operationId": "update-output", "requestBody": { @@ -4947,7 +4996,7 @@ "get": { "summary": "Get latest output health", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -4995,7 +5044,7 @@ "post": { "summary": "Generate Logstash API key", "tags": [ - "Outputs" + "Fleet outputs" ], "responses": { "200": { @@ -5029,7 +5078,7 @@ "get": { "summary": "List agent binary download sources", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "responses": { "200": { @@ -5068,7 +5117,7 @@ "post": { "summary": "Create agent binary download source", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "responses": { "200": { @@ -5125,7 +5174,7 @@ "get": { "summary": "Get agent binary download source by ID", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "responses": { "200": { @@ -5165,7 +5214,7 @@ "delete": { "summary": "Delete agent binary download source by ID", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "operationId": "delete-download-source", "responses": { @@ -5200,7 +5249,7 @@ "put": { "summary": "Update agent binary download source by ID", "tags": [ - "Agent binary download sources" + "Elastic Agent binary download sources" ], "operationId": "update-download-source", "requestBody": { @@ -5510,7 +5559,7 @@ "get": { "summary": "List proxies", "tags": [ - "Proxies" + "Fleet proxies" ], "responses": { "200": { @@ -5549,7 +5598,7 @@ "post": { "summary": "Create proxy", "tags": [ - "Proxies" + "Fleet proxies" ], "responses": { "200": { @@ -5614,7 +5663,7 @@ "get": { "summary": "Get proxy by ID", "tags": [ - "Proxies" + "Fleet proxies" ], "responses": { "200": { @@ -5654,7 +5703,7 @@ "delete": { "summary": "Delete proxy by ID", "tags": [ - "Proxies" + "Fleet proxies" ], "operationId": "delete-fleet-proxies", "responses": { @@ -5689,7 +5738,7 @@ "put": { "summary": "Update proxy by ID", "tags": [ - "Proxies" + "Fleet proxies" ], "operationId": "update-fleet-proxies", "requestBody": { @@ -5755,7 +5804,7 @@ "get": { "summary": "Get full K8s agent manifest", "tags": [ - "Kubernetes" + "Fleet Kubernetes" ], "responses": { "200": { @@ -5810,7 +5859,7 @@ "get": { "summary": "List metadata for latest uninstall tokens per agent policy", "tags": [ - "Uninstall tokens" + "Fleet uninstall tokens" ], "responses": { "200": { @@ -5898,7 +5947,7 @@ "get": { "summary": "Get one decrypted uninstall token by its ID", "tags": [ - "Uninstall tokens" + "Fleet uninstall tokens" ], "responses": { "200": { @@ -7054,7 +7103,7 @@ }, "agent_status": { "type": "string", - "title": "Agent status", + "title": "Elastic Agent status", "enum": [ "offline", "error", diff --git a/x-pack/plugins/fleet/common/openapi/bundled.yaml b/x-pack/plugins/fleet/common/openapi/bundled.yaml index ad592b9ea1847..26836db8fd3e6 100644 --- a/x-pack/plugins/fleet/common/openapi/bundled.yaml +++ b/x-pack/plugins/fleet/common/openapi/bundled.yaml @@ -1,5 +1,21 @@ openapi: 3.0.0 -tags: [] +tags: + - name: Data streams + - name: Elastic Agents + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet Server hosts + - name: Fleet Kubernetes + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet service tokens + - name: Fleet uninstall tokens info: title: Fleet description: OpenAPI schema for Fleet API endpoints @@ -155,7 +171,7 @@ paths: post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK @@ -178,7 +194,7 @@ paths: post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK @@ -1044,7 +1060,7 @@ paths: get: summary: Get agent setup info tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1060,7 +1076,7 @@ paths: post: summary: Initiate agent setup tags: - - Agents + - Elastic Agents operationId: setup-agents responses: '200': @@ -1090,7 +1106,7 @@ paths: get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK @@ -1138,7 +1154,7 @@ paths: get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK @@ -1200,7 +1216,7 @@ paths: get: summary: Get incoming agent data tags: - - Agent status + - Elastic Agent status responses: '200': description: OK @@ -1233,7 +1249,7 @@ paths: get: summary: List agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1263,7 +1279,7 @@ paths: post: summary: List agents by action ids tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1293,7 +1309,7 @@ paths: post: summary: Bulk upgrade agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1327,7 +1343,7 @@ paths: get: summary: Get agent action status tags: - - Agent actions + - Elastic Agent actions parameters: - $ref: '#/components/parameters/page_size' - $ref: '#/components/parameters/page_index' @@ -1448,7 +1464,7 @@ paths: get: summary: Get agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1469,7 +1485,7 @@ paths: put: summary: Update agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1503,7 +1519,7 @@ paths: delete: summary: Delete agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1533,7 +1549,7 @@ paths: post: summary: Create agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK @@ -1579,7 +1595,7 @@ paths: post: summary: Cancel agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK @@ -1610,7 +1626,7 @@ paths: get: summary: Get file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1640,7 +1656,7 @@ paths: delete: summary: Delete file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1669,7 +1685,7 @@ paths: post: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1696,7 +1712,7 @@ paths: put: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1731,7 +1747,7 @@ paths: post: summary: Unenroll agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1777,7 +1793,7 @@ paths: post: summary: Upgrade agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1806,7 +1822,7 @@ paths: get: summary: List agent uploads tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1829,7 +1845,7 @@ paths: post: summary: Bulk reassign agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1872,7 +1888,7 @@ paths: post: summary: Bulk unenroll agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1925,7 +1941,7 @@ paths: post: summary: Bulk update agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -1979,7 +1995,7 @@ paths: get: summary: List agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -2000,7 +2016,7 @@ paths: post: summary: Request agent diagnostics tags: - - Agents + - Elastic Agents requestBody: content: application/json: @@ -2033,7 +2049,7 @@ paths: post: summary: Bulk request diagnostics from agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -2080,7 +2096,7 @@ paths: get: summary: List agent policies tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2131,7 +2147,7 @@ paths: post: summary: Create agent policy tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2163,7 +2179,7 @@ paths: get: summary: Get agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2184,7 +2200,7 @@ paths: put: summary: Update agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -2217,7 +2233,7 @@ paths: post: summary: Copy agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-copy parameters: - $ref: '#/components/parameters/kbn_xsrf' @@ -2252,7 +2268,7 @@ paths: get: summary: Get full agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-full responses: '200': @@ -2293,7 +2309,7 @@ paths: get: summary: Download agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-download responses: '200': @@ -2332,7 +2348,7 @@ paths: post: summary: Bulk get agent policies tags: - - Agent policies + - Elastic Agent policies requestBody: content: application/json: @@ -2374,7 +2390,7 @@ paths: post: summary: Delete agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: delete-agent-policy responses: '200': @@ -2436,7 +2452,7 @@ paths: get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2473,7 +2489,7 @@ paths: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2504,7 +2520,7 @@ paths: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2524,7 +2540,7 @@ paths: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2549,7 +2565,7 @@ paths: get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2585,7 +2601,7 @@ paths: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2615,7 +2631,7 @@ paths: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2634,7 +2650,7 @@ paths: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -2658,7 +2674,7 @@ paths: get: summary: List package policies tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -2692,7 +2708,7 @@ paths: post: summary: Create package policy tags: - - Package policies + - Fleet package policies operationId: create-package-policy responses: '200': @@ -2725,7 +2741,7 @@ paths: post: summary: Bulk get package policies tags: - - Package policies + - Fleet package policies requestBody: content: application/json: @@ -2765,7 +2781,7 @@ paths: post: summary: Delete package policy tags: - - Package policies + - Fleet package policies operationId: post-delete-package-policy requestBody: content: @@ -2808,7 +2824,7 @@ paths: post: summary: Upgrade package policy to a newer package version tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy requestBody: content: @@ -2849,7 +2865,7 @@ paths: post: summary: Dry run package policy upgrade tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy-dry-run requestBody: content: @@ -2895,7 +2911,7 @@ paths: get: summary: Get package policy by ID tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -2916,7 +2932,7 @@ paths: put: summary: Update package policy by ID tags: - - Package policies + - Fleet package policies operationId: update-package-policy requestBody: content: @@ -2946,7 +2962,7 @@ paths: delete: summary: Delete package policy by ID tags: - - Package policies + - Fleet package policies operationId: delete-package-policy responses: '200': @@ -2971,7 +2987,7 @@ paths: get: summary: List outputs tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -2996,7 +3012,7 @@ paths: post: summary: Create output tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3020,7 +3036,7 @@ paths: get: summary: Get output by ID tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3043,7 +3059,7 @@ paths: delete: summary: Delete output by ID tags: - - Outputs + - Fleet outputs operationId: delete-output responses: '200': @@ -3064,7 +3080,7 @@ paths: put: summary: Update output by ID tags: - - Outputs + - Fleet outputs operationId: update-output requestBody: content: @@ -3089,7 +3105,7 @@ paths: get: summary: Get latest output health tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3120,7 +3136,7 @@ paths: post: summary: Generate Logstash API key tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -3140,7 +3156,7 @@ paths: get: summary: List agent binary download sources tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -3165,7 +3181,7 @@ paths: post: summary: Create agent binary download source tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -3201,7 +3217,7 @@ paths: get: summary: Get agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -3226,7 +3242,7 @@ paths: delete: summary: Delete agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: delete-download-source responses: '200': @@ -3247,7 +3263,7 @@ paths: put: summary: Update agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: update-download-source requestBody: content: @@ -3444,7 +3460,7 @@ paths: get: summary: List proxies tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -3469,7 +3485,7 @@ paths: post: summary: Create proxy tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -3510,7 +3526,7 @@ paths: get: summary: Get proxy by ID tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -3535,7 +3551,7 @@ paths: delete: summary: Delete proxy by ID tags: - - Proxies + - Fleet proxies operationId: delete-fleet-proxies responses: '200': @@ -3556,7 +3572,7 @@ paths: put: summary: Update proxy by ID tags: - - Proxies + - Fleet proxies operationId: update-fleet-proxies requestBody: content: @@ -3596,7 +3612,7 @@ paths: get: summary: Get full K8s agent manifest tags: - - Kubernetes + - Fleet Kubernetes responses: '200': description: OK @@ -3630,7 +3646,7 @@ paths: get: summary: List metadata for latest uninstall tokens per agent policy tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK @@ -3688,7 +3704,7 @@ paths: get: summary: Get one decrypted uninstall token by its ID tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK @@ -4504,7 +4520,7 @@ components: type: object agent_status: type: string - title: Agent status + title: Elastic Agent status enum: - offline - error diff --git a/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml b/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml index da6df3a1b776d..14eacb2162b04 100644 --- a/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml +++ b/x-pack/plugins/fleet/common/openapi/components/schemas/agent_status.yaml @@ -1,5 +1,5 @@ type: string -title: Agent status +title: Elastic Agent status enum: - offline - error diff --git a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml index 04203cc5d2e6b..2de74e31a9a35 100644 --- a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml +++ b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml @@ -1,5 +1,21 @@ openapi: 3.0.0 -tags: [] +tags: + - name: Data streams + - name: Elastic Agents + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet Server hosts + - name: Fleet Kubernetes + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet service tokens + - name: Fleet uninstall tokens info: title: Fleet description: OpenAPI schema for Fleet API endpoints @@ -183,7 +199,6 @@ paths: $ref: paths/uninstall_tokens.yaml /uninstall_tokens/{uninstallTokenId}: $ref: paths/uninstall_tokens@{uninstall_token_id}.yaml - components: securitySchemes: basicAuth: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml index 89a69c9adfdaf..8b6857727a0d7 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources.yaml @@ -1,7 +1,7 @@ get: summary: List agent binary download sources tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -26,7 +26,7 @@ get: post: summary: Create agent binary download source tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml index afb7771283e59..1c10656883686 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_download_sources@{source_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources responses: '200': description: OK @@ -26,7 +26,7 @@ parameters: delete: summary: Delete agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: delete-download-source responses: '200': @@ -47,7 +47,7 @@ delete: put: summary: Update agent binary download source by ID tags: - - Agent binary download sources + - Elastic Agent binary download sources operationId: update-download-source requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml index cbf29f3859519..542ded8b91c18 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies.yaml @@ -1,7 +1,7 @@ get: summary: List agent policies tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -47,7 +47,7 @@ get: post: summary: Create agent policy tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml index ace09ef721677..b0846dc695ad7 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@_bulk_get.yaml @@ -1,7 +1,7 @@ post: summary: Bulk get agent policies tags: - - Agent policies + - Elastic Agent policies requestBody: content: application/json: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml index 284eaad198c0f..6a4ae2488c3e4 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@delete.yaml @@ -1,7 +1,7 @@ post: summary: Delete agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: delete-agent-policy responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml index 55d644ab0aab2..e6e73779691ed 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK @@ -28,7 +28,7 @@ get: put: summary: Update agent policy by ID tags: - - Agent policies + - Elastic Agent policies responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml index dab79eef58dff..63df499c4bf2a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@copy.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Copy agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-copy parameters: - $ref: ../components/headers/kbn_xsrf.yaml diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml index 1748950fdaf09..69cc96d572be9 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@download.yaml @@ -1,7 +1,7 @@ get: summary: Download agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-download responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml index dc5a1b996b2e4..ea3f6ac5923a6 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_policies@{agent_policy_id}@full.yaml @@ -1,7 +1,7 @@ get: summary: Get full agent policy by ID tags: - - Agent policies + - Elastic Agent policies operationId: agent-policy-full responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml index d382989e15289..eecff760d035a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_status.yaml @@ -1,7 +1,7 @@ get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml index 7e90097c3b4dd..ebf255fa22394 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_status@data.yaml @@ -1,7 +1,7 @@ get: summary: Get incoming agent data tags: - - Agent status + - Elastic Agent status responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml index fe44311fa9801..8ebc02a06d3d5 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_status_deprecated.yaml @@ -1,7 +1,7 @@ get: summary: Get agent status summary tags: - - Agent status + - Elastic Agent status responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml b/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml index 85a6f6c7ab30a..5961e0a3e0974 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agent_tags.yaml @@ -1,7 +1,7 @@ get: summary: List agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents.yaml index 0bad4c2de354f..224c15b2ec5d0 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents.yaml @@ -1,7 +1,7 @@ get: summary: List agents tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -31,7 +31,7 @@ get: post: summary: List agents by action ids tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml index c0e81da8331d5..c55d924564cf3 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@action_status.yaml @@ -1,7 +1,7 @@ get: summary: Get agent action status tags: - - Agent actions + - Elastic Agent actions parameters: - $ref: ../components/parameters/page_size.yaml - $ref: ../components/parameters/page_index.yaml diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml index b93b2bd6b9a08..7876e51ea341c 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_reassign.yaml @@ -1,7 +1,7 @@ post: summary: Bulk reassign agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml index 2ef2d1c1ff5d5..8d8e03539650d 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_request_diagnostics.yaml @@ -1,7 +1,7 @@ post: summary: Bulk request diagnostics from agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml index a765e4868442b..b0e40b1f70408 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_unenroll.yaml @@ -1,7 +1,7 @@ post: summary: Bulk unenroll agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml index ff4c6597b6be0..075068d1faa41 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_update_tags.yaml @@ -1,7 +1,7 @@ post: summary: Bulk update agent tags tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml index ccb55c7c62b17..5bb61e7f841b9 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@bulk_upgrade.yaml @@ -1,7 +1,7 @@ post: summary: Bulk upgrade agents tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml index 36ae723527f9b..bae7b2ababf08 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@current_upgrades.yaml @@ -1,7 +1,7 @@ get: summary: List current bulk upgrade operations tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml index 4507cb8ce456d..85448279111aa 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}.yaml @@ -7,7 +7,7 @@ parameters: delete: summary: Delete file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml index 15f6dd8a421d1..057fae5672007 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@files@{file_id}@{file_name}.yaml @@ -12,7 +12,7 @@ parameters: get: summary: Get file uploaded by agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml index 214f3a8e68240..1a623eb9cf3c3 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@setup.yaml @@ -1,7 +1,7 @@ get: summary: Get agent setup info tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -17,7 +17,7 @@ get: post: summary: Initiate agent setup tags: - - Agents + - Elastic Agents operationId: setup-agents responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml index 93242e5912a17..108ea113c8e5e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -28,7 +28,7 @@ get: put: summary: Update agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -62,7 +62,7 @@ put: delete: summary: Delete agent by ID tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml index cd327e453b9a7..4443bb4573985 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Create agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml index f91acd133355d..5b939e8c5fdf4 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@actions@{action_id}@cancel.yaml @@ -12,7 +12,7 @@ parameters: post: summary: Cancel agent action tags: - - Agent actions + - Elastic Agent actions responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml index c210cee12d424..3f6ce412fc51e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@reassign.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK @@ -34,7 +34,7 @@ post: put: summary: Reassign agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml index eba9a695d1cbc..4ecfe08e5b783 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@request_diagnostics.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Request agent diagnostics tags: - - Agents + - Elastic Agents requestBody: content: application/json: diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml index c30bebfad328a..8a44b0219ed8a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@unenroll.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Unenroll agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml index d824d4a54f985..eb23e39018f2e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@upgrade.yaml @@ -7,7 +7,7 @@ parameters: post: summary: Upgrade agent tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml index f92acc7fe5086..1e751bc338c52 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/agents@{agent_id}@uploads.yaml @@ -7,7 +7,7 @@ parameters: get: summary: List agent uploads tags: - - Agents + - Elastic Agents responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml index 3351b63026e57..625ad82e3f3f2 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys.yaml @@ -1,7 +1,7 @@ get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -37,7 +37,7 @@ get: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml index d64b1053f0dc4..f3bdc459d6ccf 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -26,7 +26,7 @@ get: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml index c0f5be7521e8a..ff3a6e8962557 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys@{key_id}_deprecated.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -27,7 +27,7 @@ get: delete: summary: Delete enrollment API key by ID tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml index 19022a0b08223..9ac906cb1dc0f 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/enrollment_api_keys_deprecated.yaml @@ -1,7 +1,7 @@ get: summary: List enrollment API keys tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK @@ -38,7 +38,7 @@ get: post: summary: Create enrollment API key tags: - - Enrollment API keys + - Fleet enrollment API keys responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml b/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml index 41110808cd62d..ccd20bbb8dd7b 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/kubernetes.yaml @@ -1,7 +1,7 @@ get: summary: Get full K8s agent manifest tags: - - Kubernetes + - Fleet Kubernetes responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml b/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml index 74e3bdde4cac8..3fcec0937916f 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/logstash_api_keys.yaml @@ -1,7 +1,7 @@ post: summary: Generate Logstash API key tags: - - Outputs + - Fleet outputs responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml index b53936b8859ea..9b7dbb1888963 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/output_health@{output_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get latest output health tags: - - Outputs + - Fleet outputs responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml b/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml index 85ce75e2762d2..39d527d6e1bb4 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/outputs.yaml @@ -1,7 +1,7 @@ get: summary: List outputs tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -26,7 +26,7 @@ get: post: summary: Create output tags: - - Outputs + - Fleet outputs responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml index ec2ce9dc0be71..c10d93a8483dd 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/outputs@{output_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get output by ID tags: - - Outputs + - Fleet outputs responses: '200': description: OK @@ -24,7 +24,7 @@ parameters: delete: summary: Delete output by ID tags: - - Outputs + - Fleet outputs operationId: delete-output responses: '200': @@ -45,7 +45,7 @@ delete: put: summary: Update output by ID tags: - - Outputs + - Fleet outputs operationId: update-output requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml index 8cfef762478e9..e7f54ab25c193 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies.yaml @@ -1,7 +1,7 @@ get: summary: List package policies tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -35,7 +35,7 @@ parameters: [] post: summary: Create package policy tags: - - Package policies + - Fleet package policies operationId: create-package-policy responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml index 704cd041e40a6..7ce575c740fc2 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@_bulk_get.yaml @@ -1,7 +1,7 @@ post: summary: Bulk get package policies tags: - - Package policies + - Fleet package policies requestBody: content: application/json: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml index f21111c23757a..789e8fb94b15b 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@delete.yaml @@ -1,7 +1,7 @@ post: summary: Delete package policy tags: - - Package policies + - Fleet package policies operationId: post-delete-package-policy requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml index 1837675a15f22..b9efafda38dce 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade.yaml @@ -1,7 +1,7 @@ post: summary: Upgrade package policy to a newer package version tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml index 5019aba15898d..a6899cc927900 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@upgrade_dryrun.yaml @@ -1,7 +1,7 @@ post: summary: Dry run package policy upgrade tags: - - Package policies + - Fleet package policies operationId: upgrade-package-policy-dry-run requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml index 92f63dc1f6267..a0dc916bebde9 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/package_policies@{package_policy_id}.yaml @@ -7,7 +7,7 @@ parameters: get: summary: Get package policy by ID tags: - - Package policies + - Fleet package policies responses: '200': description: OK @@ -28,7 +28,7 @@ get: put: summary: Update package policy by ID tags: - - Package policies + - Fleet package policies operationId: update-package-policy requestBody: content: @@ -58,7 +58,7 @@ put: delete: summary: Delete package policy by ID tags: - - Package policies + - Fleet package policies operationId: delete-package-policy responses: '200': diff --git a/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml b/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml index 6c2844a9ac3ef..e787fba82d782 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/proxies.yaml @@ -1,7 +1,7 @@ get: summary: List proxies tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -26,7 +26,7 @@ get: post: summary: Create proxy tags: - - Proxies + - Fleet proxies responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml index 3a0a10cb35662..037adb73bbbf3 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/proxies@{item_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get proxy by ID tags: - - Proxies + - Fleet proxies responses: '200': description: OK @@ -26,7 +26,7 @@ parameters: delete: summary: Delete proxy by ID tags: - - Proxies + - Fleet proxies operationId: delete-fleet-proxies responses: '200': @@ -47,7 +47,7 @@ delete: put: summary: Update proxy by ID tags: - - Proxies + - Fleet proxies operationId: update-fleet-proxies requestBody: content: diff --git a/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml b/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml index e76f18c5b57d7..8a3c1c94e5b5e 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/service_tokens.yaml @@ -1,7 +1,7 @@ post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml b/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml index 73069830be9e1..9690278f24f5a 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/service_tokens_deprecated.yaml @@ -1,7 +1,7 @@ post: summary: Create service token tags: - - Service tokens + - Fleet service tokens responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml index daa6727007b2d..bee6157175777 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens.yaml @@ -1,7 +1,7 @@ get: summary: List metadata for latest uninstall tokens per agent policy tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK diff --git a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml index 549a2c61f542d..7cae06ba6be2d 100644 --- a/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml +++ b/x-pack/plugins/fleet/common/openapi/paths/uninstall_tokens@{uninstall_token_id}.yaml @@ -1,7 +1,7 @@ get: summary: Get one decrypted uninstall token by its ID tags: - - Uninstall tokens + - Fleet uninstall tokens responses: '200': description: OK