There are a some Kibana APIs for Security and App Search endpoints that support PATCH.
It would be helpful to add PATCH support as their PUT equivalents can be cumbersome/tedious to build.
Equivalent request body comparison to update a rule's max_signals. This one is of particular interest as it cannot be changed via the UI, even for custom rules.
PUT
```
{
"name": "DNS Tunneling",
"tags": [
"Elastic",
"Network",
"Threat Detection",
"ML",
"Command and Control"
],
"interval": "15m",
"enabled": false,
"description": "A machine learning job detected unusually large numbers of DNS queries for a single top-level DNS domain, which is often used for DNS tunneling. DNS tunneling can be used for command-and-control, persistence, or data exfiltration activity. For example, dnscat tends to generate many DNS questions for a top-level domain as it uses the DNS protocol to tunnel data.",
"risk_score": 21,
"severity": "low",
"license": "Elastic License v2",
"output_index": ".siem-signals-default",
"author": [
"Elastic"
],
"false_positives": [
"DNS domains that use large numbers of child domains, such as software or content distribution networks, can trigger this alert and such parent domains can be excluded."
],
"from": "now-45m",
"rule_id": "91f02f01-969f-4167-8f66-07827ac3bdd9",
"max_signals": 50,
"risk_score_mapping": [],
"severity_mapping": [],
"threat": [
{
"framework": "MITRE ATT&CK",
"tactic": {
"id": "TA0011",
"name": "Command and Control",
"reference": "https://attack.mitre.org/tactics/TA0011/"
},
"technique": [
{
"id": "T1572",
"name": "Protocol Tunneling",
"reference": "https://attack.mitre.org/techniques/T1572/"
}
]
}
],
"to": "now",
"references": [
"https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
],
"version": 100,
"exceptions_list": [],
"type": "machine_learning",
"anomaly_threshold": 50,
"machine_learning_job_id": [
"packetbeat_dns_tunneling"
],
"throttle": "no_actions",
"actions": []
}
```
PATCH (much easier but would require an external REST client)
```
{ "id": "fa50e480-d617-11ec-950b-65e90b697d15",
"max_signals": 50
}'
```
Equivalent request body comparison to update a document's field
PUT
```
'[
{
"description": "Death Valley is the hottest, lowest, and driest place in the United States. Daytime temperatures have topped 130 °F (54 °C) and it is home to Badwater Basin, the lowest elevation in North America. The park contains canyons, badlands, sand dunes, and mountain ranges, while more than 1000 species of plants grow in this geologic graben. Additional points of interest include salt flats, historic mines, and springs.",
"nps_link": "https://www.nps.gov/deva/index.htm",
"states": [
"California",
"Nevada"
],
"title": "Death Valley",
"visitors": "1296283",
"world_heritage_site": "false",
"location": "36.24,-116.82",
"acres": "3373063.14",
"square_km": "13650.3",
"date_established": "1994-10-31T06:00:00Z",
"id": "park_death-valley"
}
]'
```
PATCH
```
'[
{ "id": "park_death-valley", "date_established": "1994-10-31T06:00:00Z" }
]'
```
Describe the feature: Support PATCH requests in dev tools console for Kibana APIs
Describe a specific use case for the feature: PATCH requests are not supported in Kibana Dev Tools Console.
Source:https://www.elastic.co/guide/en/kibana/8.7/api.html#api-calls
There are a some Kibana APIs for Security and App Search endpoints that support PATCH. It would be helpful to add PATCH support as their PUT equivalents can be cumbersome/tedious to build.
EXAMPLES:
(Security) Update Rule - https://www.elastic.co/guide/en/security/8.7/rules-api-update.html
Equivalent request body comparison to update a rule's
max_signals
. This one is of particular interest as it cannot be changed via the UI, even for custom rules.PUT
``` { "name": "DNS Tunneling", "tags": [ "Elastic", "Network", "Threat Detection", "ML", "Command and Control" ], "interval": "15m", "enabled": false, "description": "A machine learning job detected unusually large numbers of DNS queries for a single top-level DNS domain, which is often used for DNS tunneling. DNS tunneling can be used for command-and-control, persistence, or data exfiltration activity. For example, dnscat tends to generate many DNS questions for a top-level domain as it uses the DNS protocol to tunnel data.", "risk_score": 21, "severity": "low", "license": "Elastic License v2", "output_index": ".siem-signals-default", "author": [ "Elastic" ], "false_positives": [ "DNS domains that use large numbers of child domains, such as software or content distribution networks, can trigger this alert and such parent domains can be excluded." ], "from": "now-45m", "rule_id": "91f02f01-969f-4167-8f66-07827ac3bdd9", "max_signals": 50, "risk_score_mapping": [], "severity_mapping": [], "threat": [ { "framework": "MITRE ATT&CK", "tactic": { "id": "TA0011", "name": "Command and Control", "reference": "https://attack.mitre.org/tactics/TA0011/" }, "technique": [ { "id": "T1572", "name": "Protocol Tunneling", "reference": "https://attack.mitre.org/techniques/T1572/" } ] } ], "to": "now", "references": [ "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html" ], "version": 100, "exceptions_list": [], "type": "machine_learning", "anomaly_threshold": 50, "machine_learning_job_id": [ "packetbeat_dns_tunneling" ], "throttle": "no_actions", "actions": [] } ```PATCH (much easier but would require an external REST client)
``` { "id": "fa50e480-d617-11ec-950b-65e90b697d15", "max_signals": 50 }' ```(App Search) Documents API - Update doc field: https://www.elastic.co/guide/en/app-search/8.7/documents.html#documents-partial
Equivalent request body comparison to update a document's field
PUT
``` '[ { "description": "Death Valley is the hottest, lowest, and driest place in the United States. Daytime temperatures have topped 130 °F (54 °C) and it is home to Badwater Basin, the lowest elevation in North America. The park contains canyons, badlands, sand dunes, and mountain ranges, while more than 1000 species of plants grow in this geologic graben. Additional points of interest include salt flats, historic mines, and springs.", "nps_link": "https://www.nps.gov/deva/index.htm", "states": [ "California", "Nevada" ], "title": "Death Valley", "visitors": "1296283", "world_heritage_site": "false", "location": "36.24,-116.82", "acres": "3373063.14", "square_km": "13650.3", "date_established": "1994-10-31T06:00:00Z", "id": "park_death-valley" } ]' ```PATCH
``` '[ { "id": "park_death-valley", "date_established": "1994-10-31T06:00:00Z" } ]' ```