As part of the Serverless project, we need to make sure OpenAPI specs for all public Osquery API endpoints are correct. We want all the APIs documented before Serverless GA. Please look for more context in the epic.
During a Security Solution public API research we discovered that for some of the public Osquery API endpoints we already have OpenAPI specs. We just need to make sure they are correct. Please see below what needs to be done exactly.
API endpoints
The following public API endpoints were discovered during research, and have OpenAPI specs:
[ ] GET /api/osquery/live_queries
[ ] POST /api/osquery/live_queries
[ ] GET /api/osquery/live_queries/{id}
[ ] GET /api/osquery/live_queries/{id}/results/{actionId}
[ ] POST /api/osquery/packs
[ ] DELETE /api/osquery/packs/{id}
[ ] GET /api/osquery/packs
[ ] GET /api/osquery/packs/{id}
[ ] PUT /api/osquery/packs/{id}
[ ] POST /api/osquery/saved_queries
[ ] DELETE /api/osquery/saved_queries/{id}
[ ] GET /api/osquery/saved_queries
[ ] GET /api/osquery/saved_queries/{id}
[ ] PUT /api/osquery/saved_queries/{id}
To do
Check if there are any other public endpoints that you own that have OpenAPI specs and add them to the list above.
Make sure your specs (including those above) are valid OpenAPI documents.
Make sure your specs (including those above) match the actual API contracts defined in the code.
Epic: https://github.com/elastic/security-team/issues/9527
Deadline: Jul 29, 2024 (see milestones in https://github.com/elastic/security-team/issues/9400)
Summary
As part of the Serverless project, we need to make sure OpenAPI specs for all public Osquery API endpoints are correct. We want all the APIs documented before Serverless GA. Please look for more context in the epic.
During a Security Solution public API research we discovered that for some of the public Osquery API endpoints we already have OpenAPI specs. We just need to make sure they are correct. Please see below what needs to be done exactly.
API endpoints
The following public API endpoints were discovered during research, and have OpenAPI specs:
GET /api/osquery/live_queries
POST /api/osquery/live_queries
GET /api/osquery/live_queries/{id}
GET /api/osquery/live_queries/{id}/results/{actionId}
POST /api/osquery/packs
DELETE /api/osquery/packs/{id}
GET /api/osquery/packs
GET /api/osquery/packs/{id}
PUT /api/osquery/packs/{id}
POST /api/osquery/saved_queries
DELETE /api/osquery/saved_queries/{id}
GET /api/osquery/saved_queries
GET /api/osquery/saved_queries/{id}
PUT /api/osquery/saved_queries/{id}
To do