[Security Solution] Make existing OpenAPI specs for Detections API correct

maximpn commented 2 weeks ago

Epic: https://github.com/elastic/security-team/issues/9398

Deadline: Jul 29, 2024 (see milestones in https://github.com/elastic/security-team/issues/9400)

Summary

As part of the Serverless project, we need to make sure OpenAPI specs for all public Detections API endpoints are correct. We want all the APIs documented before Serverless GA. Please look for more context in the epic.

During a Security Solution public API research we discovered that for some of the public Detections API endpoints we already have OpenAPI specs. We just need to make sure they are correct. Please see below what needs to be done exactly.

API endpoints

The following public API endpoints are available in both Serverless and ESS, and have OpenAPI specs:

[ ] GET /api/detection_engine/rules
[ ] POST /api/detection_engine/rules
[ ] PUT /api/detection_engine/rules
[ ] PATCH /api/detection_engine/rules
[ ] DELETE /api/detection_engine/rules
[ ] POST /api/detection_engine/rules/_bulk_action
[ ] POST /api/detection_engine/rules/_export
[ ] POST /api/detection_engine/rules/_import
[ ] GET /api/detection_engine/rules/_find
[ ] GET /api/detection_engine/tags
[ ] GET /api/detection_engine/rules/prepackaged/_status
[ ] PUT /api/detection_engine/rules/prepackaged
[ ] POST /api/detection_engine/signals/assignees
[ ] POST /api/exceptions/shared

The following public API endpoints are available in ESS only, and have OpenAPI specs:

[ ] POST /api/detection_engine/rules/_bulk_create
[ ] PUT /api/detection_engine/rules/_bulk_update
[ ] PATCH /api/detection_engine/rules/_bulk_update
[ ] DELETE /api/detection_engine/rules/_bulk_delete

To do

Make sure your specs (including those above) are valid OpenAPI documents.
Make sure your specs (including those above) match the actual API contracts defined in the code.
Mark the endpoints as available in ESS, or Serverless, or in both offerings (depends on: https://github.com/elastic/security-team/issues/9516).

elasticmachine commented 2 weeks ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 2 weeks ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine commented 2 weeks ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 2 weeks ago

Pinging @elastic/security-detection-engine (Team:Detection Engine)

elastic / kibana