elasticmachine
commented
6 months ago Pinging @elastic/security-solution (Team: SecuritySolution)
Closed maximpn closed 5 months ago
elasticmachine
commented
6 months ago Pinging @elastic/security-solution (Team: SecuritySolution)
maximpn
commented
5 months ago | Method | URL Path | OAS path (within /security_solution/common/api/detection_engine/) | Plugin | Team |
|---|---|---|---|---|
| GET | /api/detection_engine/rules/prepackaged/_status |
prebuilt_rules/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.schema.yaml |
security_solution | Rule Management |
| PUT | /api/detection_engine/rules/prepackaged |
prebuilt_rules/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.schema.yaml |
security_solution | Rule Management |
| POST | /api/detection_engine/rules/{id}/exceptions |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/rules |
rule_management/crud/create_rule/create_rule_route.schema.yaml |
security_solution | Rule Management |
| GET | /api/detection_engine/rules |
rule_management/crud/read_rule/read_rule_route.schema.yaml |
security_solution | Rule Management |
| PUT | /api/detection_engine/rules |
rule_management/crud/update_rule/update_rule_route.schema.yaml |
security_solution | Rule Management |
| PATCH | /api/detection_engine/rules |
rule_management/crud/patch_rule/patch_rule_route.schema.yaml |
security_solution | Rule Management |
| DELETE | /api/detection_engine/rules |
rule_management/crud/delete_rule/delete_rule_route.schema.yaml |
security_solution | Rule Management |
| POST | /api/detection_engine/rules/_bulk_create |
rule_management/bulk_crud/bulk_create_rules/bulk_create_rules_route.schema.yaml |
security_solution | Rule Management |
| PUT | /api/detection_engine/rules/_bulk_update |
rule_management/bulk_crud/bulk_update_rules/bulk_update_rules_route.schema.yaml |
security_solution | Rule Management |
| PATCH | /api/detection_engine/rules/_bulk_update |
rule_management/bulk_crud/bulk_patch_rules/bulk_patch_rules_route.schema.yaml |
security_solution | Rule Management |
| DELETE | /api/detection_engine/rules/_bulk_delete |
rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.schema.yaml |
security_solution | Rule Management |
| POST | /api/detection_engine/rules/_bulk_delete |
❌ | security_solution | Rule Management |
| POST | /api/detection_engine/rules/_bulk_action |
rule_management/bulk_actions/bulk_actions_route.schema.yaml |
security_solution | Rule Management |
| POST | /api/detection_engine/rules/_export |
rule_management/export_rules/export_rules_route.schema.yaml |
security_solution | Rule Management |
| POST | /api/detection_engine/rules/_import |
rule_management/import_rules/import_rules_route.schema.yaml |
security_solution | Rule Management |
| GET | /api/detection_engine/rules/_find |
rule_management/find_rules/find_rules_route.schema.yaml |
security_solution | Rule Management |
| GET | /api/detection_engine/tags |
rule_management/read_tags/read_tags_route.schema.yaml |
security_solution | Rule Management |
| POST | /api/detection_engine/rules/preview |
❌ | security_solution | Rule Management |
| POST | /api/detection_engine/signals/status |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/signals/tags |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/signals/search |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/signals/assignees |
alert_assignees/set_alert_assignees_route.schema.yaml |
security_solution | Detection Engine |
| GET | /api/detection_engine/signals/migration_status |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/signals/migration |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/signals/finalize_migration |
❌ | security_solution | Detection Engine |
| DELETE | /api/detection_engine/signals/migration |
❌ | security_solution | Detection Engine |
| POST | /api/detection_engine/index |
❌ | security_solution | Detection Engine |
| GET | /api/detection_engine/index |
❌ | security_solution | Detection Engine |
| DELETE | /api/detection_engine/index |
❌ | security_solution | Detection Engine |
| GET | /api/detection_engine/privileges |
❌ | security_solution | Detection Engine |
❌ in OAS path column means missing OAS for the specified API endpoint.
maximpn
commented
5 months ago | Method | Path | OAS Path (within /security_solution/common/api/timeline/) | Plugin | Team |
|---|---|---|---|---|
| POST | /api/timeline |
create_timelines/create_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| PATCH | /api/timeline |
patch_timelines/patch_timeline_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| POST | /api/timeline/_import |
import_timelines/import_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| POST | /api/timeline/_export |
export_timelines/export_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| GET | /api/timeline/_draft |
get_draft_timelines/get_draft_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| GET | /api/timeline |
get_timeline/get_timeline_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| GET | /api/timeline/resolve |
❌ | security_solution | Threat Hunting Investigations |
| GET | /api/timelines |
get_timelines/get_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| POST | /api/timeline/_draft |
clean_draft_timelines/clean_draft_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| DELETE | /api/timeline |
delete_timelines/delete_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| PATCH | /api/timeline/_favorite |
persist_favorite/persist_favorite_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| POST | /api/timeline/_prepackaged |
install_prepackaged_timelines/install_prepackaged_timelines_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| PATCH | /api/note |
persist_note/persist_note_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| DELETE | /api/note |
delete_note/delete_note_route_schema.yaml |
security_solution | Threat Hunting Investigations |
| PATCH | /api/pinned_event |
pinned_events/pinned_events_route_schema.yaml |
security_solution | Threat Hunting Investigations |
maximpn
commented
5 months ago | Method | Path | OAS Path (within security_solution/common/api/endpoint/) | Plugin | Team |
|---|---|---|---|---|
| GET | /api/endpoint/metadata |
metadata/metadata.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/metadata/{id} |
metadata/metadata.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/metadata/transforms |
metadata/metadata.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/suggestions/{suggestion_type} |
suggestions/get_suggestions.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/policy_response |
policy/policy.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/policy/summaries |
policy/policy.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action_status |
actions/actions_status.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action/state |
actions/actions.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action_log/{agent_id} |
actions/audit_log.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action |
actions/list.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action/{action_id} |
actions/details.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/isolate |
❌ | security_solution | Defend Workflows |
| POST | /api/endpoint/unisolate |
❌ | security_solution | Defend Workflows |
| POST | /api/endpoint/action/isolate |
actions/actions.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/unisolate |
actions/actions.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/kill_process |
actions/actions.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/suspend_process |
actions/actions.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/running_procs |
actions/actions.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/get_file |
actions/get_file.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/execute |
actions/execute.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/action/upload |
actions/file_upload.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action/{action_id}/file/{file_id}/download |
actions/file_download.schema.yaml |
security_solution | Defend Workflows |
| GET | /api/endpoint/action/{action_id}/file/{file_id} |
actions/file_info.schema.yaml |
security_solution | Defend Workflows |
| POST | /api/endpoint/protection_updates_note/{package_policy_id} |
❌ | security_solution | Defend Workflows |
| GET | /api/endpoint/protection_updates_note/{package_policy_id} |
❌ | security_solution | Defend Workflows |
maximpn
commented
5 months ago | Method | Path | OAS Path | Plugin | teams |
|---|---|---|---|---|
| POST | /api/lists |
❌ | lists | Detection Engine |
| GET | /api/lists |
❌ | lists | Detection Engine |
| PUT | /api/lists |
❌ | lists | Detection Engine |
| DELETE | /api/lists |
❌ | lists | Detection Engine |
| PATCH | /api/lists |
❌ | lists | Detection Engine |
| GET | /api/lists/_find |
❌ | lists | Detection Engine |
| GET | /api/lists/privileges |
❌ | lists | Detection Engine |
| POST | /api/lists/items |
❌ | lists | Detection Engine |
| GET | /api/lists/items |
❌ | lists | Detection Engine |
| PUT | /api/lists/items |
❌ | lists | Detection Engine |
| DELETE | /api/lists/items |
❌ | lists | Detection Engine |
| PATCH | /api/lists/items |
❌ | lists | Detection Engine |
| POST | /api/lists/items/_export |
❌ | lists | Detection Engine |
| POST | /api/lists/items/_import |
❌ | lists | Detection Engine |
| GET | /api/lists/items/_find |
❌ | lists | Detection Engine |
| POST | /api/lists/index |
❌ | lists | Detection Engine |
| GET | /api/lists/index |
❌ | lists | Detection Engine |
| DELETE | /api/lists/index |
❌ | lists | Detection Engine |
| Method | Path | OAS Path | Plugin | teams |
|---|---|---|---|---|
| POST | /api/exceptions/shared |
❌ | security_solution | Detection Engine |
| POST | /api/exception_lists/_export |
❌ | lists | Detection Engine |
| POST | /api/exception_lists/_import |
❌ | lists | Detection Engine |
| POST | /api/exception_lists |
❌ | lists | Detection Engine |
| GET | /api/exception_lists |
❌ | lists | Detection Engine |
| PUT | /api/exception_lists |
❌ | lists | Detection Engine |
| DELETE | /api/exception_lists |
❌ | lists | Detection Engine |
| GET | /api/exception_lists/_find |
❌ | lists | Detection Engine |
| POST | /api/exception_lists/_duplicate |
❌ | lists | Detection Engine |
| POST | /api/exception_lists/items |
❌ | lists | Detection Engine |
| GET | /api/exception_lists/items |
❌ | lists | Detection Engine |
| PUT | /api/exception_lists/items |
❌ | lists | Detection Engine |
| DELETE | /api/exception_lists/items |
❌ | lists | Detection Engine |
| GET | /api/exception_lists/items/_find |
❌ | lists | Detection Engine |
| GET | /api/exception_lists/summary |
❌ | lists | Detection Engine |
| Method | Path | OAS Path | Plugin | teams |
|---|---|---|---|---|
| POST | /api/endpoint_list |
❌ | lists | Detection Engine |
| POST | /api/endpoint_list/items |
❌ | lists | Detection Engine |
| GET | /api/endpoint_list/items |
❌ | lists | Detection Engine |
| PUT | /api/endpoint_list/items |
❌ | lists | Detection Engine |
| DELETE | /api/endpoint_list/items |
❌ | lists | Detection Engine |
| GET | /api/endpoint_list/items/_find |
❌ | lists | Detection Engine |
maximpn
commented
5 months ago | Method | Path | OAS Path (within osquery/common/api/) | Plugin | Team |
|---|---|---|---|---|
| GET | /api/osquery/live_queries |
live_query/live_queries.schema.yaml |
osquery | Defend Worflows |
| POST | /api/osquery/live_queries |
live_query/live_queries.schema.yaml |
osquery | Defend Worflows |
| GET | /api/osquery/live_queries/{id} |
live_query/live_queries.schema.yaml |
osquery | Defend Worflows |
| GET | /api/osquery/live_queries/{id}/results/{actionId} |
live_query/live_queries.schema.yaml |
osquery | Defend Worflows |
| POST | /api/osquery/packs |
packs/packs.schema.yaml |
osquery | Defend Worflows |
| DELETE | /api/osquery/packs/{id} |
packs/packs.schema.yaml |
osquery | Defend Worflows |
| GET | /api/osquery/packs |
packs/packs.schema.yaml |
osquery | Defend Worflows |
| GET | /api/osquery/packs/{id} |
packs/packs.schema.yaml |
osquery | Defend Worflows |
| PUT | /api/osquery/packs/{id} |
packs/packs.schema.yaml |
osquery | Defend Worflows |
| POST | /api/osquery/saved_queries |
saved_query/saved_query.schema.yaml |
osquery | Defend Worflows |
| DELETE | /api/osquery/saved_queries/{id} |
saved_query/saved_query.schema.yaml |
osquery | Defend Worflows |
| GET | /api/osquery/saved_queries |
saved_query/saved_query.schema.yaml |
osquery | Defend Worflows |
| GET | /api/osquery/saved_queries/{id} |
saved_query/saved_query.schema.yaml |
osquery | Defend Worflows |
| PUT | /api/osquery/saved_queries/{id} |
saved_query/saved_query.schema.yaml |
osquery | Defend Worflows |
maximpn
commented
5 months ago | Method | Path | OAS Path (within x-pack/packages/kbn-elastic-assistant-common/impl/schemas/) | Plugin | Team |
|---|---|---|---|---|
| POST | /api/elastic_assistant/anonymization_fields/_bulk_action |
anonymization_fields/bulk_crud_anonymization_fields_route.schema.yaml |
elastic_assistant | Generative AI |
| GET | /api/elastic_assistant/anonymization_fields/_find |
anonymization_fields/find_anonymization_fields_route.schema.yaml |
elastic_assistant | Generative AI |
| POST | /api/elastic_assistant/prompts/_bulk_action |
prompts/bulk_crud_prompts_route.schema.yaml |
elastic_assistant | Generative AI |
| GET | /api/elastic_assistant/prompts/_find |
prompts/find_prompts_route.schema.yaml |
elastic_assistant | Generative AI |
| POST | /api/elastic_assistant/current_user/conversations/{id}/messages |
❌ | elastic_assistant | Generative AI |
| POST | /api/elastic_assistant/prompts/_bulk_action |
prompts/bulk_crud_prompts_route.schema.yaml |
elastic_assistant | Generative AI |
| POST | /api/elastic_assistant/current_user/conversations |
❌ | elastic_assistant | Generative AI |
| DELETE | /api/elastic_assistant/current_user/conversations/{id} |
❌ | elastic_assistant | Generative AI |
| GET | /api/elastic_assistant/current_user/conversations/_find |
❌ | elastic_assistant | Generative AI |
| GET | /api/elastic_assistant/current_user/conversations/{id} |
❌ | elastic_assistant | Generative AI |
| PUT | /api/elastic_assistant/current_user/conversations/{id} |
❌ | elastic_assistant | Generative AI |
maximpn
commented
5 months ago Result of the research summarized in the comments above.
More detailed list including internal API endpoints is available in the Security Solution APIs spreadsheet.
Epic: https://github.com/elastic/security-team/issues/9400
Summary
Research Security Solution APIs from the OpenAPI perspective. What APIs there are in Security Solution, which of them are available in Serverless, which of them have been fully or partially migrated to OpenAPI, and what's the status of this migration.
Details
As a preliminary effort for Serverless Security Solution API documentation purpose we need to know what Security Solution public APIs exist and wether relevant OpenAPI specification are present. Security Solution here means Security Solution domain rather than
security_solutionplugin.This research should answer the following questions