[Security Solution] Make existing OpenAPI specs for Osquery API correct

[maximpn]

Epic: https://github.com/elastic/security-team/issues/9527

Deadline: Jul 29, 2024 (see milestones in https://github.com/elastic/security-team/issues/9400)

Summary

As part of the Serverless project, we need to make sure OpenAPI specs for all public Osquery API endpoints are correct. We want all the APIs documented before Serverless GA. Please look for more context in the epic.

During a Security Solution public API research we discovered that for some of the public Osquery API endpoints we already have OpenAPI specs. We just need to make sure they are correct. Please see below what needs to be done exactly.

API endpoints

The following public API endpoints were discovered during research, and have OpenAPI specs:

• [ ] GET /api/osquery/live_queries
• [ ] POST /api/osquery/live_queries
• [ ] GET /api/osquery/live_queries/{id}
• [ ] GET /api/osquery/live_queries/{id}/results/{actionId}
• [ ] POST /api/osquery/packs
• [ ] DELETE /api/osquery/packs/{id}
• [ ] GET /api/osquery/packs
• [ ] GET /api/osquery/packs/{id}
• [ ] PUT /api/osquery/packs/{id}
• [ ] POST /api/osquery/saved_queries
• [ ] DELETE /api/osquery/saved_queries/{id}
• [ ] GET /api/osquery/saved_queries
• [ ] GET /api/osquery/saved_queries/{id}
• [ ] PUT /api/osquery/saved_queries/{id}

To do

• Check if there are any other public endpoints that you own that have OpenAPI specs and add them to the list above.
• Make sure your specs (including those above) are valid OpenAPI documents.
• Make sure your specs (including those above) match the actual API contracts defined in the code.
• Mark the endpoints as available in ESS, or Serverless, or in both offerings (depends on: https://github.com/elastic/security-team/issues/9516).

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)