From b8bd3608c510718838e6d1a0c15e3cd712a72836 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Fri, 11 Oct 2024 10:15:34 +0100 Subject: [PATCH] Direct users to new API reference site (#5911) (cherry picked from commit 2d2a22b5a579ecb592d0673368cc8392351916bf) --- .../api/anonymization-fields-api-find.asciidoc | 6 ++++++ .../api/assistant-api-overview.asciidoc | 6 ++++++ ...k-actions-anonymization-fields-api.asciidoc | 6 ++++++ .../api/bulk-actions-prompts-api.asciidoc | 6 ++++++ .../api/chat-complete-api.asciidoc | 6 ++++++ .../api/conversation-api-create.asciidoc | 6 ++++++ .../api/conversation-api-delete.asciidoc | 6 ++++++ .../api/conversation-api-find.asciidoc | 6 ++++++ .../api/conversation-api-get.asciidoc | 6 ++++++ .../api/conversation-api-update.asciidoc | 6 ++++++ .../api/prompts-api-find.asciidoc | 6 ++++++ .../asset-criticality-api-bulk-upsert.asciidoc | 6 ++++++ .../api/asset-criticality-api-delete.asciidoc | 6 ++++++ .../api/asset-criticality-api-get.asciidoc | 6 ++++++ .../api/asset-criticality-api-list.asciidoc | 6 ++++++ .../asset-criticality-api-overview.asciidoc | 6 ++++++ .../api/asset-criticality-api-upsert.asciidoc | 6 ++++++ .../cases-actions-api-intro.asciidoc | 6 ++++++ docs/cases/api/cases-api/cases-api.asciidoc | 6 ++++++ .../api-create-exception-container.asciidoc | 6 ++++++ .../api-create-exception-item.asciidoc | 6 ++++++ .../api-create-shared-exception-list.asciidoc | 6 ++++++ .../api-delete-exception-container.asciidoc | 6 ++++++ .../api-delete-exception-item.asciidoc | 6 ++++++ .../api-export-exception-list.asciidoc | 6 ++++++ .../api-find-exception-containers.asciidoc | 6 ++++++ .../api-find-exception-items.asciidoc | 6 ++++++ .../api-get-exception-containers.asciidoc | 6 ++++++ .../api-get-exception-items.asciidoc | 6 ++++++ .../api-import-exception-list.asciidoc | 6 ++++++ .../api-summary-exception-container.asciidoc | 6 ++++++ .../api-update-exception-container.asciidoc | 6 ++++++ .../api-update-exception-item.asciidoc | 6 ++++++ .../exceptions-api-overview.asciidoc | 6 ++++++ .../lists-index-api-overview.asciidoc | 6 ++++++ .../lists/api-create-list-container.asciidoc | 6 ++++++ .../api/lists/api-create-list-item.asciidoc | 6 ++++++ .../lists/api-delete-list-container.asciidoc | 6 ++++++ .../api/lists/api-delete-list-item.asciidoc | 6 ++++++ .../api/lists/api-export-list-item.asciidoc | 6 ++++++ .../lists/api-find-list-containers.asciidoc | 6 ++++++ .../api/lists/api-find-list-items.asciidoc | 6 ++++++ .../api/lists/api-get-list-containers.asciidoc | 6 ++++++ .../api/lists/api-get-list-items.asciidoc | 6 ++++++ .../api/lists/api-import-list-items.asciidoc | 6 ++++++ .../lists/api-update-list-container.asciidoc | 6 ++++++ .../api/lists/api-update-list-item.asciidoc | 6 ++++++ .../api/lists/lists-api-overview.asciidoc | 6 ++++++ .../api/rules/index-api-overview.asciidoc | 6 ++++++ .../api/rules/privileges-api-overview.asciidoc | 6 ++++++ .../api/rules/rules-api-bulk-actions.asciidoc | 6 ++++++ .../api/rules/rules-api-create.asciidoc | 6 ++++++ .../api/rules/rules-api-delete.asciidoc | 6 ++++++ .../api/rules/rules-api-export.asciidoc | 6 ++++++ .../api/rules/rules-api-find.asciidoc | 6 ++++++ .../api/rules/rules-api-get.asciidoc | 6 ++++++ .../api/rules/rules-api-import.asciidoc | 6 ++++++ .../api/rules/rules-api-overview.asciidoc | 6 ++++++ .../api/rules/rules-api-prebuilt.asciidoc | 6 ++++++ .../api/rules/rules-api-update.asciidoc | 6 ++++++ .../api/rules/signals-api-overview.asciidoc | 6 ++++++ .../api/rules/tags-api-overview.asciidoc | 6 ++++++ .../api/signals-migration-api.asciidoc | 6 ++++++ docs/events/api/timeline-api-create.asciidoc | 6 ++++++ docs/events/api/timeline-api-delete.asciidoc | 6 ++++++ docs/events/api/timeline-api-get.asciidoc | 18 ++++++++++++++++++ docs/events/api/timeline-api-import.asciidoc | 6 ++++++ docs/events/api/timeline-api-overview.asciidoc | 6 ++++++ docs/events/api/timeline-api-update.asciidoc | 12 ++++++++++++ .../api/timeline-template-api-update.asciidoc | 6 ++++++ docs/management/api/blocklist-api.asciidoc | 6 ++++++ docs/management/api/event-filters-api.asciidoc | 6 ++++++ docs/management/api/execute-api.asciidoc | 6 ++++++ docs/management/api/get-action-api.asciidoc | 6 ++++++ docs/management/api/get-endpoint-api.asciidoc | 6 ++++++ docs/management/api/get-file-api.asciidoc | 6 ++++++ .../management/api/host-isolation-api.asciidoc | 6 ++++++ .../api/host-isolation-exceptions-api.asciidoc | 6 ++++++ .../api/host-isolation-release-api.asciidoc | 6 ++++++ docs/management/api/kill-process-api.asciidoc | 6 ++++++ docs/management/api/list-actions-api.asciidoc | 6 ++++++ .../management/api/list-endpoints-api.asciidoc | 6 ++++++ .../api/management-api-index.asciidoc | 6 ++++++ docs/management/api/running-procs-api.asciidoc | 6 ++++++ docs/management/api/scan-api.asciidoc | 6 ++++++ .../api/suspend-process-api.asciidoc | 6 ++++++ docs/management/api/trusted-apps-api.asciidoc | 6 ++++++ docs/management/api/upload-api.asciidoc | 6 ++++++ docs/siem-apis.asciidoc | 5 +++++ 89 files changed, 551 insertions(+) diff --git a/docs/AI-for-security/api/anonymization-fields-api-find.asciidoc b/docs/AI-for-security/api/anonymization-fields-api-find.asciidoc index a846f5df69..ed601429b0 100644 --- a/docs/AI-for-security/api/anonymization-fields-api-find.asciidoc +++ b/docs/AI-for-security/api/anonymization-fields-api-find.asciidoc @@ -1,6 +1,12 @@ [[anonymization-fields-api-find]] === Find anonymization fields +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Retrieve a list of anonymization fields that can be included in the LLM context. [discrete] diff --git a/docs/AI-for-security/api/assistant-api-overview.asciidoc b/docs/AI-for-security/api/assistant-api-overview.asciidoc index af646679f0..1d815c3672 100644 --- a/docs/AI-for-security/api/assistant-api-overview.asciidoc +++ b/docs/AI-for-security/api/assistant-api-overview.asciidoc @@ -2,4 +2,10 @@ [role="xpack"] == Elastic AI Assistant API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + The Elastic AI Assistant API allows you to interact with and manage Elastic AI Assistant. diff --git a/docs/AI-for-security/api/bulk-actions-anonymization-fields-api.asciidoc b/docs/AI-for-security/api/bulk-actions-anonymization-fields-api.asciidoc index b440f3a0d9..225bf99e28 100644 --- a/docs/AI-for-security/api/bulk-actions-anonymization-fields-api.asciidoc +++ b/docs/AI-for-security/api/bulk-actions-anonymization-fields-api.asciidoc @@ -1,6 +1,12 @@ [[bulk-actions-anonymization-fields-api]] === Bulk anonymization field actions +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Apply a bulk action (create, update, or delete) to multiple anonymization fields. The bulk action is applied to all anonymization fields that match the filter or to the list of anonymization fields by their IDs. [discrete] diff --git a/docs/AI-for-security/api/bulk-actions-prompts-api.asciidoc b/docs/AI-for-security/api/bulk-actions-prompts-api.asciidoc index 9b7e4a800d..be9cdfd25d 100644 --- a/docs/AI-for-security/api/bulk-actions-prompts-api.asciidoc +++ b/docs/AI-for-security/api/bulk-actions-prompts-api.asciidoc @@ -1,6 +1,12 @@ [[bulk-actions-prompts-api]] === Bulk prompt actions +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Apply a bulk action (create, update, or delete) to multiple prompts. The bulk action is applied to all prompts that match the filter or to the list of prompts by their IDs. [discrete] diff --git a/docs/AI-for-security/api/chat-complete-api.asciidoc b/docs/AI-for-security/api/chat-complete-api.asciidoc index 2c6ffd1352..6ff8cb7213 100644 --- a/docs/AI-for-security/api/chat-complete-api.asciidoc +++ b/docs/AI-for-security/api/chat-complete-api.asciidoc @@ -1,6 +1,12 @@ [[chat-complete-api]] === Complete chat +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + The complete chat API allows you to communicate with the configured large language model (LLM) and, if needed, persist the result as a conversation (create new or extend existing). [discrete] diff --git a/docs/AI-for-security/api/conversation-api-create.asciidoc b/docs/AI-for-security/api/conversation-api-create.asciidoc index 4784035051..5df8ee9a8e 100644 --- a/docs/AI-for-security/api/conversation-api-create.asciidoc +++ b/docs/AI-for-security/api/conversation-api-create.asciidoc @@ -1,6 +1,12 @@ [[conversation-api-create]] === Create conversation +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Create a new Elastic AI Assistant conversation. [discrete] diff --git a/docs/AI-for-security/api/conversation-api-delete.asciidoc b/docs/AI-for-security/api/conversation-api-delete.asciidoc index 981676a3cc..a84ffc5bba 100644 --- a/docs/AI-for-security/api/conversation-api-delete.asciidoc +++ b/docs/AI-for-security/api/conversation-api-delete.asciidoc @@ -1,6 +1,12 @@ [[conversation-api-delete]] === Delete conversation +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Delete an existing Elastic AI Assistant conversation by conversation ID. [discrete] diff --git a/docs/AI-for-security/api/conversation-api-find.asciidoc b/docs/AI-for-security/api/conversation-api-find.asciidoc index 99cb9b4305..8a7c9f1c8e 100644 --- a/docs/AI-for-security/api/conversation-api-find.asciidoc +++ b/docs/AI-for-security/api/conversation-api-find.asciidoc @@ -1,6 +1,12 @@ [[conversation-api-find]] === Find conversations +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Retrieve a list of Elastic AI Assistant conversations for the current user. [discrete] diff --git a/docs/AI-for-security/api/conversation-api-get.asciidoc b/docs/AI-for-security/api/conversation-api-get.asciidoc index 67869b1efc..07d932eb2d 100644 --- a/docs/AI-for-security/api/conversation-api-get.asciidoc +++ b/docs/AI-for-security/api/conversation-api-get.asciidoc @@ -1,6 +1,12 @@ [[conversation-api-get]] === Get conversation +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Retrieve an existing Elastic AI Assistant conversation by conversation ID. [discrete] diff --git a/docs/AI-for-security/api/conversation-api-update.asciidoc b/docs/AI-for-security/api/conversation-api-update.asciidoc index 89f935216f..eb2c5b9a93 100644 --- a/docs/AI-for-security/api/conversation-api-update.asciidoc +++ b/docs/AI-for-security/api/conversation-api-update.asciidoc @@ -1,6 +1,12 @@ [[conversation-api-update]] === Update conversation +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Update an existing Elastic AI Assistant conversation by conversation ID. ==== Request URL diff --git a/docs/AI-for-security/api/prompts-api-find.asciidoc b/docs/AI-for-security/api/prompts-api-find.asciidoc index d64d6e08cd..bdc641e8c5 100644 --- a/docs/AI-for-security/api/prompts-api-find.asciidoc +++ b/docs/AI-for-security/api/prompts-api-find.asciidoc @@ -1,6 +1,12 @@ [[prompts-api-find]] === Find prompts +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-ai-assistant-api[AI Assistant APIs]. +-- + Retrieve a list of Elastic AI Assistant prompts. [discrete] diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-bulk-upsert.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-bulk-upsert.asciidoc index d1d86c9688..fa72db2047 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-bulk-upsert.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-bulk-upsert.asciidoc @@ -1,6 +1,12 @@ [[asset-criticality-api-bulk-upsert]] === Bulk upsert (create or update) asset criticality records +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + Create or update asset criticality records for multiple entities. If asset criticality records already exist for the entities specified in the request, this API overwrites those records with the specified values. diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-delete.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-delete.asciidoc index 6604b2db28..4231cba07e 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-delete.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-delete.asciidoc @@ -1,6 +1,12 @@ [[delete-criticality-api-delete]] === Delete asset criticality record +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + Delete a single asset criticality record by ID field and ID value. ==== Request URL diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-get.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-get.asciidoc index 1cb4752b7f..79d5dc1b97 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-get.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-get.asciidoc @@ -1,6 +1,12 @@ [[asset-criticality-api-get]] === Get asset criticality record +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + Retrieve a single asset criticality record by ID field and ID value. ==== Request URL diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-list.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-list.asciidoc index 67dc37f549..9b57169812 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-list.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-list.asciidoc @@ -1,6 +1,12 @@ [[asset-criticality-api-list]] === List asset criticality records +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + Retrieve a list of asset criticality records. Use the query parameters to filter and sort the results as needed. By default, the first page is returned, with 10 results per page. diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc index 22c657b031..ac19c135a6 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-overview.asciidoc @@ -2,4 +2,10 @@ [role="xpack"] == Asset criticality API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + You can manage <> records through the API. To use this API, you must first turn on the `securitySolution:enableAssetCriticality` <>. \ No newline at end of file diff --git a/docs/advanced-entity-analytics/api/asset-criticality-api-upsert.asciidoc b/docs/advanced-entity-analytics/api/asset-criticality-api-upsert.asciidoc index 17e248da5a..b58687b407 100644 --- a/docs/advanced-entity-analytics/api/asset-criticality-api-upsert.asciidoc +++ b/docs/advanced-entity-analytics/api/asset-criticality-api-upsert.asciidoc @@ -1,6 +1,12 @@ [[asset-criticality-api-upsert]] === Upsert (create or update) asset criticality record +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-entity-analytics-api[Entity Analytics APIs]. +-- + Create or update an asset criticality record. If an asset criticality record already exists for the entity specified in the request, this API overwrites that record with the specified value. diff --git a/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc b/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc index b8210ad463..8912603f3c 100644 --- a/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc +++ b/docs/cases/api/actions-api/cases-actions-api-intro.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] == Actions API (for pushing cases to external systems) +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-cases[cases APIs] and {api-kibana}/group/endpoint-connectors[connectors APIs]. +-- + You can push {elastic-sec} cases to these third-party systems: * {sn} diff --git a/docs/cases/api/cases-api/cases-api.asciidoc b/docs/cases/api/cases-api/cases-api.asciidoc index 49fd60a650..1bb4a59beb 100644 --- a/docs/cases/api/cases-api/cases-api.asciidoc +++ b/docs/cases/api/cases-api/cases-api.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] == Cases API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-cases[cases APIs] and {api-kibana}/group/endpoint-connectors[connectors APIs]. +-- + You can create, manage, configure, and send cases to external systems with these APIs: NOTE: Cases return a warning header for deprecated endpoints. The value of the warning header is in the form `299 Kibana-{kibana_version} "{warning_text}"` diff --git a/docs/detections/api/exceptions/api-create-exception-container.asciidoc b/docs/detections/api/exceptions/api-create-exception-container.asciidoc index 3dadd40a0f..1e1c367f63 100644 --- a/docs/detections/api/exceptions/api-create-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-create-exception-container.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-create-container]] === Create exception container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Creates an exception container. An exception container groups <> diff --git a/docs/detections/api/exceptions/api-create-exception-item.asciidoc b/docs/detections/api/exceptions/api-create-exception-item.asciidoc index faa6d8192f..1e4aa5be29 100644 --- a/docs/detections/api/exceptions/api-create-exception-item.asciidoc +++ b/docs/detections/api/exceptions/api-create-exception-item.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-create-exception-item]] === Create exception item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Creates an exception item and associates it with the specified <>. diff --git a/docs/detections/api/exceptions/api-create-shared-exception-list.asciidoc b/docs/detections/api/exceptions/api-create-shared-exception-list.asciidoc index 75a3d468d7..c228c87a56 100644 --- a/docs/detections/api/exceptions/api-create-shared-exception-list.asciidoc +++ b/docs/detections/api/exceptions/api-create-shared-exception-list.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-create-shared-exception-list]] === Create shared exception list +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Creates a shared exception list. An exception list groups <> diff --git a/docs/detections/api/exceptions/api-delete-exception-container.asciidoc b/docs/detections/api/exceptions/api-delete-exception-container.asciidoc index a11ee7d98b..ba043bf9a6 100644 --- a/docs/detections/api/exceptions/api-delete-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-delete-exception-container.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-delete-container]] === Delete exception container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Deletes an exception container. ==== Request URL diff --git a/docs/detections/api/exceptions/api-delete-exception-item.asciidoc b/docs/detections/api/exceptions/api-delete-exception-item.asciidoc index e9291409f7..150832acda 100644 --- a/docs/detections/api/exceptions/api-delete-exception-item.asciidoc +++ b/docs/detections/api/exceptions/api-delete-exception-item.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-delete-item]] === Delete exception item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Deletes an exception item. ==== Request URL diff --git a/docs/detections/api/exceptions/api-export-exception-list.asciidoc b/docs/detections/api/exceptions/api-export-exception-list.asciidoc index a3b4a583a0..0ecf7bf9ca 100644 --- a/docs/detections/api/exceptions/api-export-exception-list.asciidoc +++ b/docs/detections/api/exceptions/api-export-exception-list.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-export-exception-list]] === Export exception list +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Exports an exception list and its associated items to an `.ndjson` file. ==== Request URL diff --git a/docs/detections/api/exceptions/api-find-exception-containers.asciidoc b/docs/detections/api/exceptions/api-find-exception-containers.asciidoc index da709a6805..0d2bf15678 100644 --- a/docs/detections/api/exceptions/api-find-exception-containers.asciidoc +++ b/docs/detections/api/exceptions/api-find-exception-containers.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-find-exception-containers]] === Find exception containers +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Retrieves a paginated subset of exception containers. By default, the first page is returned with 20 results per page. diff --git a/docs/detections/api/exceptions/api-find-exception-items.asciidoc b/docs/detections/api/exceptions/api-find-exception-items.asciidoc index eacf871ef9..3fb46306e9 100644 --- a/docs/detections/api/exceptions/api-find-exception-items.asciidoc +++ b/docs/detections/api/exceptions/api-find-exception-items.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-find-exception-items]] === Find exception items +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Retrieves a paginated subset of exception items in the specified container. By default, the first page is returned with 20 results per page. diff --git a/docs/detections/api/exceptions/api-get-exception-containers.asciidoc b/docs/detections/api/exceptions/api-get-exception-containers.asciidoc index ef77d442b8..a7ad8c61a7 100644 --- a/docs/detections/api/exceptions/api-get-exception-containers.asciidoc +++ b/docs/detections/api/exceptions/api-get-exception-containers.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-get-container]] === Get exception container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Retrieves an exception container using its `id` or `list_id` field. ==== Request URL diff --git a/docs/detections/api/exceptions/api-get-exception-items.asciidoc b/docs/detections/api/exceptions/api-get-exception-items.asciidoc index bc29508f87..de57f24270 100644 --- a/docs/detections/api/exceptions/api-get-exception-items.asciidoc +++ b/docs/detections/api/exceptions/api-get-exception-items.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-get-item]] === Get exception item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Retrieves an exception item using its `id` or `item_id` field. ==== Request URL diff --git a/docs/detections/api/exceptions/api-import-exception-list.asciidoc b/docs/detections/api/exceptions/api-import-exception-list.asciidoc index 35e957f3c0..bc1d708bcd 100644 --- a/docs/detections/api/exceptions/api-import-exception-list.asciidoc +++ b/docs/detections/api/exceptions/api-import-exception-list.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-import-exception-list]] === Import exception list +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Imports an exception list and associated items. An exception list groups <> diff --git a/docs/detections/api/exceptions/api-summary-exception-container.asciidoc b/docs/detections/api/exceptions/api-summary-exception-container.asciidoc index 282309f701..1833d64e68 100644 --- a/docs/detections/api/exceptions/api-summary-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-summary-exception-container.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-summary-exception-container]] === Summary exception container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Retrieves an exception container summary. ==== Request URL diff --git a/docs/detections/api/exceptions/api-update-exception-container.asciidoc b/docs/detections/api/exceptions/api-update-exception-container.asciidoc index e8aaa0edfd..5afead7f7a 100644 --- a/docs/detections/api/exceptions/api-update-exception-container.asciidoc +++ b/docs/detections/api/exceptions/api-update-exception-container.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-update-container]] === Update exception container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Updates an existing exception container. ==== Request URL diff --git a/docs/detections/api/exceptions/api-update-exception-item.asciidoc b/docs/detections/api/exceptions/api-update-exception-item.asciidoc index 243c537480..5db11fcf94 100644 --- a/docs/detections/api/exceptions/api-update-exception-item.asciidoc +++ b/docs/detections/api/exceptions/api-update-exception-item.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-update-item]] === Update exception item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Updates an existing exception item. ==== Request URL diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc index 1967b83b5f..5b2bd89706 100644 --- a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc +++ b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc @@ -1,6 +1,12 @@ [[exceptions-api-overview]] == Exceptions API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-exceptions-api[exceptions APIs]. +-- + Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. They can be used to reduce the number of false diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc index 4bd0e5590a..0fe0cd4abe 100644 --- a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc +++ b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc @@ -1,6 +1,12 @@ [[lists-index-api-overview]] === Lists index endpoint +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Before using exceptions and lists, use the `index` endpoint to create `.lists` and `.items` system data streams in the relevant {kibana-ref}/xpack-spaces.html[{kib} space]. diff --git a/docs/detections/api/lists/api-create-list-container.asciidoc b/docs/detections/api/lists/api-create-list-container.asciidoc index 98e1007bf3..bb82ee70bc 100644 --- a/docs/detections/api/lists/api-create-list-container.asciidoc +++ b/docs/detections/api/lists/api-create-list-container.asciidoc @@ -1,6 +1,12 @@ [[lists-api-create-container]] === Create list container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Creates a list container. A list container groups common <> that diff --git a/docs/detections/api/lists/api-create-list-item.asciidoc b/docs/detections/api/lists/api-create-list-item.asciidoc index 71096fe420..ab20fc9527 100644 --- a/docs/detections/api/lists/api-create-list-item.asciidoc +++ b/docs/detections/api/lists/api-create-list-item.asciidoc @@ -1,6 +1,12 @@ [[lists-api-create-list-item]] === Create list item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Creates a list item and associates it with the specified <>. diff --git a/docs/detections/api/lists/api-delete-list-container.asciidoc b/docs/detections/api/lists/api-delete-list-container.asciidoc index 2ecee2ea78..6479886c6a 100644 --- a/docs/detections/api/lists/api-delete-list-container.asciidoc +++ b/docs/detections/api/lists/api-delete-list-container.asciidoc @@ -1,6 +1,12 @@ [[lists-api-delete-container]] === Delete list container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Deletes a list container. NOTE: When you delete a list container, all of its list items are also deleted. diff --git a/docs/detections/api/lists/api-delete-list-item.asciidoc b/docs/detections/api/lists/api-delete-list-item.asciidoc index 33f08b316a..40a8149302 100644 --- a/docs/detections/api/lists/api-delete-list-item.asciidoc +++ b/docs/detections/api/lists/api-delete-list-item.asciidoc @@ -1,6 +1,12 @@ [[lists-api-delete-item]] === Delete list item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Deletes list items. ==== Request URL diff --git a/docs/detections/api/lists/api-export-list-item.asciidoc b/docs/detections/api/lists/api-export-list-item.asciidoc index 3740c2a0f9..74cf58a01d 100644 --- a/docs/detections/api/lists/api-export-list-item.asciidoc +++ b/docs/detections/api/lists/api-export-list-item.asciidoc @@ -1,6 +1,12 @@ [[lists-api-export-items]] === Export list items +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Exports list item values from the specified list container. ==== Request URL diff --git a/docs/detections/api/lists/api-find-list-containers.asciidoc b/docs/detections/api/lists/api-find-list-containers.asciidoc index 06f8eb703b..015aac113c 100644 --- a/docs/detections/api/lists/api-find-list-containers.asciidoc +++ b/docs/detections/api/lists/api-find-list-containers.asciidoc @@ -1,6 +1,12 @@ [[lists-api-find-list-containers]] === Find list containers +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Retrieves a paginated subset of list containers. By default, the first page is returned with 20 results per page. diff --git a/docs/detections/api/lists/api-find-list-items.asciidoc b/docs/detections/api/lists/api-find-list-items.asciidoc index 4076436093..c848b0bb34 100644 --- a/docs/detections/api/lists/api-find-list-items.asciidoc +++ b/docs/detections/api/lists/api-find-list-items.asciidoc @@ -1,6 +1,12 @@ [[lists-api-find-list-items]] === Find list items +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Retrieves a paginated subset of list items in the specified container. By default, the first page is returned with 20 results per page. diff --git a/docs/detections/api/lists/api-get-list-containers.asciidoc b/docs/detections/api/lists/api-get-list-containers.asciidoc index 6b44a26571..3cf6e5eb4f 100644 --- a/docs/detections/api/lists/api-get-list-containers.asciidoc +++ b/docs/detections/api/lists/api-get-list-containers.asciidoc @@ -1,6 +1,12 @@ [[lists-api-get-container]] === Get list container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Retrieves a list container using its `id` field. ==== Request URL diff --git a/docs/detections/api/lists/api-get-list-items.asciidoc b/docs/detections/api/lists/api-get-list-items.asciidoc index 8d796b23e9..fadf97363a 100644 --- a/docs/detections/api/lists/api-get-list-items.asciidoc +++ b/docs/detections/api/lists/api-get-list-items.asciidoc @@ -1,6 +1,12 @@ [[lists-api-get-item]] === Get list item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Retrieves list items using its `id`, or its `list_id` and `value` fields. IMPORTANT: For `ip` and `ip_range` list containers, you can retrieve up to diff --git a/docs/detections/api/lists/api-import-list-items.asciidoc b/docs/detections/api/lists/api-import-list-items.asciidoc index 67b81cca90..843b828bfe 100644 --- a/docs/detections/api/lists/api-import-list-items.asciidoc +++ b/docs/detections/api/lists/api-import-list-items.asciidoc @@ -1,6 +1,12 @@ [[lists-api-import-list-items]] === Import list items +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Imports a list of items from a `.txt` or `.csv` file. The maximum file size is 9 million bytes. You can import items to a new or existing diff --git a/docs/detections/api/lists/api-update-list-container.asciidoc b/docs/detections/api/lists/api-update-list-container.asciidoc index b7c6a6436b..abf5b2ad76 100644 --- a/docs/detections/api/lists/api-update-list-container.asciidoc +++ b/docs/detections/api/lists/api-update-list-container.asciidoc @@ -1,6 +1,12 @@ [[lists-api-update-container]] === Update list container +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Updates an existing list container. You can use `PUT` or `PATCH` methods to update list containers, where: diff --git a/docs/detections/api/lists/api-update-list-item.asciidoc b/docs/detections/api/lists/api-update-list-item.asciidoc index e27afd95a4..0a29877d1a 100644 --- a/docs/detections/api/lists/api-update-list-item.asciidoc +++ b/docs/detections/api/lists/api-update-list-item.asciidoc @@ -1,6 +1,12 @@ [[lists-api-update-item]] === Update list item +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Updates an existing list item. You can use `PUT` or `PATCH` methods to update list items, where: diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc index 0cd1e28ebb..39a0cbbb55 100644 --- a/docs/detections/api/lists/lists-api-overview.asciidoc +++ b/docs/detections/api/lists/lists-api-overview.asciidoc @@ -1,6 +1,12 @@ [[lists-api-overview]] == Lists API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-lists-api[lists APIs]. +-- + Lists can be used with detection rule <> to define values that prevent a rule from generating alerts. diff --git a/docs/detections/api/rules/index-api-overview.asciidoc b/docs/detections/api/rules/index-api-overview.asciidoc index 161221386e..912ce99c6f 100644 --- a/docs/detections/api/rules/index-api-overview.asciidoc +++ b/docs/detections/api/rules/index-api-overview.asciidoc @@ -1,6 +1,12 @@ [[index-api-overview]] === Index endpoint +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + You use the index endpoint to create, get, and delete `.siem-signals-` system indices in a {kib} space. diff --git a/docs/detections/api/rules/privileges-api-overview.asciidoc b/docs/detections/api/rules/privileges-api-overview.asciidoc index 65f41580a8..cb5bb87df7 100644 --- a/docs/detections/api/rules/privileges-api-overview.asciidoc +++ b/docs/detections/api/rules/privileges-api-overview.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] === Privileges endpoint +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Retrieves whether or not the user is authenticated, and the user's {kib} space and index privileges, which determine if the user can create an index (`.siem-signals-*`) for the {elastic-sec} alerts generated by detection engine rules. diff --git a/docs/detections/api/rules/rules-api-bulk-actions.asciidoc b/docs/detections/api/rules/rules-api-bulk-actions.asciidoc index 5b37d8aa3a..5c29656519 100644 --- a/docs/detections/api/rules/rules-api-bulk-actions.asciidoc +++ b/docs/detections/api/rules/rules-api-bulk-actions.asciidoc @@ -2,6 +2,12 @@ [[bulk-actions-rules-api]] === Bulk rule actions +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + You can bulk create, update, and delete rules. ''' diff --git a/docs/detections/api/rules/rules-api-create.asciidoc b/docs/detections/api/rules/rules-api-create.asciidoc index a39dfefb66..5131205069 100644 --- a/docs/detections/api/rules/rules-api-create.asciidoc +++ b/docs/detections/api/rules/rules-api-create.asciidoc @@ -6,6 +6,12 @@ :frontmatter-tags-content-type: [reference] :frontmatter-tags-user-goals: [manage] +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + [WARNING] ==== When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. diff --git a/docs/detections/api/rules/rules-api-delete.asciidoc b/docs/detections/api/rules/rules-api-delete.asciidoc index 588c53cd48..b9984f3ac0 100644 --- a/docs/detections/api/rules/rules-api-delete.asciidoc +++ b/docs/detections/api/rules/rules-api-delete.asciidoc @@ -1,6 +1,12 @@ [[rules-api-delete]] === Delete rule +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Deletes a single rule using the `rule_id` or `id` field. ==== Request URL diff --git a/docs/detections/api/rules/rules-api-export.asciidoc b/docs/detections/api/rules/rules-api-export.asciidoc index cccd664cfd..b63830e9cc 100644 --- a/docs/detections/api/rules/rules-api-export.asciidoc +++ b/docs/detections/api/rules/rules-api-export.asciidoc @@ -1,6 +1,12 @@ [[rules-api-export]] === Export rules +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Exports rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: * Actions diff --git a/docs/detections/api/rules/rules-api-find.asciidoc b/docs/detections/api/rules/rules-api-find.asciidoc index 0d3df2c205..c9a4306a83 100644 --- a/docs/detections/api/rules/rules-api-find.asciidoc +++ b/docs/detections/api/rules/rules-api-find.asciidoc @@ -1,6 +1,12 @@ [[rules-api-find]] === Find rules +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Retrieves a paginated subset of detection rules. By default, the first page is returned with 20 results per page. diff --git a/docs/detections/api/rules/rules-api-get.asciidoc b/docs/detections/api/rules/rules-api-get.asciidoc index 66248aa203..443d800104 100644 --- a/docs/detections/api/rules/rules-api-get.asciidoc +++ b/docs/detections/api/rules/rules-api-get.asciidoc @@ -1,6 +1,12 @@ [[rules-api-get]] === Get rule +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Retrieves a single rule using the `rule_id` or `id` field. ==== Request URL diff --git a/docs/detections/api/rules/rules-api-import.asciidoc b/docs/detections/api/rules/rules-api-import.asciidoc index 0ac2bf2f49..6c554ccb86 100644 --- a/docs/detections/api/rules/rules-api-import.asciidoc +++ b/docs/detections/api/rules/rules-api-import.asciidoc @@ -1,6 +1,12 @@ [[rules-api-import]] === Import rules +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Imports rules from an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: * Actions diff --git a/docs/detections/api/rules/rules-api-overview.asciidoc b/docs/detections/api/rules/rules-api-overview.asciidoc index eebf54add1..85be0089f8 100644 --- a/docs/detections/api/rules/rules-api-overview.asciidoc +++ b/docs/detections/api/rules/rules-api-overview.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] == Detections API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + You can create rules that automatically turn events and external alerts sent to {elastic-sec} into detection alerts. These alerts are displayed on the Detections page. diff --git a/docs/detections/api/rules/rules-api-prebuilt.asciidoc b/docs/detections/api/rules/rules-api-prebuilt.asciidoc index dbe1b3c3db..009a3c3b3c 100644 --- a/docs/detections/api/rules/rules-api-prebuilt.asciidoc +++ b/docs/detections/api/rules/rules-api-prebuilt.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] === Prebuilt rules +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + The prepackaged endpoint is for retrieving rule statuses and loading Elastic prebuilt detection rules. diff --git a/docs/detections/api/rules/rules-api-update.asciidoc b/docs/detections/api/rules/rules-api-update.asciidoc index cac28ad2ff..e640580db4 100644 --- a/docs/detections/api/rules/rules-api-update.asciidoc +++ b/docs/detections/api/rules/rules-api-update.asciidoc @@ -1,6 +1,12 @@ [[rules-api-update]] === Update rule +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + [WARNING] ==== When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. diff --git a/docs/detections/api/rules/signals-api-overview.asciidoc b/docs/detections/api/rules/signals-api-overview.asciidoc index 4d04f35739..2936722c83 100644 --- a/docs/detections/api/rules/signals-api-overview.asciidoc +++ b/docs/detections/api/rules/signals-api-overview.asciidoc @@ -7,6 +7,12 @@ :frontmatter-tags-content-type: [reference] :frontmatter-tags-user-goals: [manage] +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + The signals endpoint is for retrieving, aggregating, and updating detection alerts. For detailed information on how to retrieve and aggregate results from the indices, see: diff --git a/docs/detections/api/rules/tags-api-overview.asciidoc b/docs/detections/api/rules/tags-api-overview.asciidoc index 7d4bcbb68a..5ecde95f95 100644 --- a/docs/detections/api/rules/tags-api-overview.asciidoc +++ b/docs/detections/api/rules/tags-api-overview.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] === Tags endpoint +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + Aggregates and returns all rule tags. ==== Get tags diff --git a/docs/detections/api/signals-migration-api.asciidoc b/docs/detections/api/signals-migration-api.asciidoc index 699ba41bf1..52111fa4e1 100644 --- a/docs/detections/api/signals-migration-api.asciidoc +++ b/docs/detections/api/signals-migration-api.asciidoc @@ -2,6 +2,12 @@ [role="xpack"] == Detection Alerts Migration API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-detections-api[detections APIs]. +-- + After upgrading {kib}, the latest {elastic-sec} features will be available for any newly generated detection alerts. However, in order to enable new features for existing detection alerts, migration may be necessary. See {security-guide}/upgrade-intro.html[Upgrade {elastic-sec}] for instructions specific to your upgrade. Migrating detection alerts is performed at the index level and requires the following steps: diff --git a/docs/events/api/timeline-api-create.asciidoc b/docs/events/api/timeline-api-create.asciidoc index 78644d2402..311732be10 100644 --- a/docs/events/api/timeline-api-create.asciidoc +++ b/docs/events/api/timeline-api-create.asciidoc @@ -1,6 +1,12 @@ [[timeline-api-create]] === Create Timeline or Timeline template +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Creates a new Timeline or Timeline template. Use the `timeline` object's <> field diff --git a/docs/events/api/timeline-api-delete.asciidoc b/docs/events/api/timeline-api-delete.asciidoc index f8d18e902f..310023872f 100644 --- a/docs/events/api/timeline-api-delete.asciidoc +++ b/docs/events/api/timeline-api-delete.asciidoc @@ -1,6 +1,12 @@ [[timeline-api-delete]] === Delete Timelines or Timeline templates +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Delete multiple Timelines or Timeline templates. ==== Request URL diff --git a/docs/events/api/timeline-api-get.asciidoc b/docs/events/api/timeline-api-get.asciidoc index acdcef7cc3..ac6c44ec65 100644 --- a/docs/events/api/timeline-api-get.asciidoc +++ b/docs/events/api/timeline-api-get.asciidoc @@ -1,6 +1,12 @@ [[timeline-api-get]] === Get Timelines or Timeline templates +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Retrieves a list of all Timelines or Timeline templates. ==== Request URL @@ -282,6 +288,12 @@ GET api/timelines?page_size=10&page_index=1&sort_field=updated&sort_order=desc&t === Get Timeline or Timeline template by savedObjectId +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Retrieves details of a single Timeline or Timeline template using `savedObjectId`. ==== Request URL @@ -432,6 +444,12 @@ GET /api/timeline?id=9115e3bc-444c-4c91-b844-c62717253c4e === Get Timeline template by templateTimelineId +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Retrieves details of a single Timeline template using `templateTimelineId`. diff --git a/docs/events/api/timeline-api-import.asciidoc b/docs/events/api/timeline-api-import.asciidoc index 4e86fb30c4..1d18d2c680 100644 --- a/docs/events/api/timeline-api-import.asciidoc +++ b/docs/events/api/timeline-api-import.asciidoc @@ -1,6 +1,12 @@ [[timeline-api-import]] === Import timelines and timeline templates +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Imports timelines and timeline templates from an `ndjson` file. If you are updating an existing timeline template, make sure: diff --git a/docs/events/api/timeline-api-overview.asciidoc b/docs/events/api/timeline-api-overview.asciidoc index ceee61794b..4f4f1710e5 100644 --- a/docs/events/api/timeline-api-overview.asciidoc +++ b/docs/events/api/timeline-api-overview.asciidoc @@ -2,4 +2,10 @@ [role="xpack"] == Timeline API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + You can create Timelines and Timeline templates via the API, as well as import new Timelines from an `ndjson` file. diff --git a/docs/events/api/timeline-api-update.asciidoc b/docs/events/api/timeline-api-update.asciidoc index 6764741b21..882571cb2f 100644 --- a/docs/events/api/timeline-api-update.asciidoc +++ b/docs/events/api/timeline-api-update.asciidoc @@ -1,6 +1,12 @@ [[timeline-api-update]] === Add a note to an existing Timeline +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Add a note to an existing Timeline or Timeline event. ==== Request URL @@ -61,6 +67,12 @@ PATCH api/note === Pin an event to an existing Timeline +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + ==== Request URL `PATCH :/api/pinned_event` diff --git a/docs/events/api/timeline-template-api-update.asciidoc b/docs/events/api/timeline-template-api-update.asciidoc index 0b5c12dcd5..0fcc754e0a 100644 --- a/docs/events/api/timeline-template-api-update.asciidoc +++ b/docs/events/api/timeline-template-api-update.asciidoc @@ -1,6 +1,12 @@ [[timeline-template-api-update]] === Update Timeline or Timeline template +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-timeline-api[Timeline APIs]. +-- + Updates an existing Timeline or Timeline template. Use the `timeline` object's <> field diff --git a/docs/management/api/blocklist-api.asciidoc b/docs/management/api/blocklist-api.asciidoc index 1b9210b722..612517117b 100644 --- a/docs/management/api/blocklist-api.asciidoc +++ b/docs/management/api/blocklist-api.asciidoc @@ -8,6 +8,12 @@ [[blocklist-api]] === {endpoint-artifact-page-title} +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Create, retrieve, update, and delete endpoint <> entries with the <>. Endpoint {endpoint-artifact-name} are managed using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding the {endpoint-artifact-name}. To use these APIs, you must have privileges to manage endpoints. Refer to <> for more information. diff --git a/docs/management/api/event-filters-api.asciidoc b/docs/management/api/event-filters-api.asciidoc index 4c10bf7b1b..2627c7a8b4 100644 --- a/docs/management/api/event-filters-api.asciidoc +++ b/docs/management/api/event-filters-api.asciidoc @@ -8,6 +8,12 @@ [[event-filters-api]] === {endpoint-artifact-name-sentence-start} +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Create, retrieve, update and delete endpoint <> via API. {endpoint-artifact-name-sentence-start} are managed via the <> using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding an event filter. To access these APIs, users must have permission to manage endpoints. diff --git a/docs/management/api/execute-api.asciidoc b/docs/management/api/execute-api.asciidoc index 5679491581..89c890bfba 100644 --- a/docs/management/api/execute-api.asciidoc +++ b/docs/management/api/execute-api.asciidoc @@ -1,6 +1,12 @@ [[execute-api]] === Execute a command on a host +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Execute a command on a host running {elastic-defend}. You must have the `Execute Operations` {kib} privilege in the Security feature as part of your role and an Enterprise license to perform this action. diff --git a/docs/management/api/get-action-api.asciidoc b/docs/management/api/get-action-api.asciidoc index 763203cf97..ee15573ee3 100644 --- a/docs/management/api/get-action-api.asciidoc +++ b/docs/management/api/get-action-api.asciidoc @@ -1,6 +1,12 @@ [[get-action-api]] === Get action details +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Retrieves the details of an individual response action. ==== Request URL diff --git a/docs/management/api/get-endpoint-api.asciidoc b/docs/management/api/get-endpoint-api.asciidoc index 4c5da6308c..1fa21947cd 100644 --- a/docs/management/api/get-endpoint-api.asciidoc +++ b/docs/management/api/get-endpoint-api.asciidoc @@ -1,6 +1,12 @@ [[get-endpoint-api]] === Get endpoint +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Retrieves metadata about a single host running {elastic-defend}. ==== Request URL diff --git a/docs/management/api/get-file-api.asciidoc b/docs/management/api/get-file-api.asciidoc index 4909c554ff..2896ef7476 100644 --- a/docs/management/api/get-file-api.asciidoc +++ b/docs/management/api/get-file-api.asciidoc @@ -1,6 +1,12 @@ [[get-file-api]] === Get a file from a host +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Retrieve a file from a host running {elastic-defend}. You must have the `File Operations` {kib} privilege in the Security feature as part of your role and an Enterprise license to perform this action. diff --git a/docs/management/api/host-isolation-api.asciidoc b/docs/management/api/host-isolation-api.asciidoc index b3e8712ed9..99d9a9fb54 100644 --- a/docs/management/api/host-isolation-api.asciidoc +++ b/docs/management/api/host-isolation-api.asciidoc @@ -1,6 +1,12 @@ [[host-isolation-api]] === Isolate a host +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Isolates a host running {elastic-defend} from the network. `Isolated` is a persistent status until the endpoint is given a release command. You must have the *Host Isolation* <> and at least a Platinum license to perform this action. diff --git a/docs/management/api/host-isolation-exceptions-api.asciidoc b/docs/management/api/host-isolation-exceptions-api.asciidoc index 70276eead9..0ed905773e 100644 --- a/docs/management/api/host-isolation-exceptions-api.asciidoc +++ b/docs/management/api/host-isolation-exceptions-api.asciidoc @@ -9,6 +9,12 @@ [[host-isolation-exceptions-api]] === {endpoint-artifact-name-sentence-start} +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Create, retrieve, update, and delete endpoint <> via API. {endpoint-artifact-name-sentence-start} are managed via the <> using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding the {endpoint-artifact-name}. Access to these APIs requires that a user has authorization to manage endpoints. diff --git a/docs/management/api/host-isolation-release-api.asciidoc b/docs/management/api/host-isolation-release-api.asciidoc index 3aa39113df..af68fa486d 100644 --- a/docs/management/api/host-isolation-release-api.asciidoc +++ b/docs/management/api/host-isolation-release-api.asciidoc @@ -1,6 +1,12 @@ [[host-isolation-release-api]] === Release an isolated host +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Removes a host's isolation status and allows it to rejoin a network. You must have the *Host Isolation* <> to perform this action. It is available to all license levels. diff --git a/docs/management/api/kill-process-api.asciidoc b/docs/management/api/kill-process-api.asciidoc index 10e3b5488a..3f309db765 100644 --- a/docs/management/api/kill-process-api.asciidoc +++ b/docs/management/api/kill-process-api.asciidoc @@ -1,6 +1,12 @@ [[kill-process-api]] === Terminate a process +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Terminates a process on a host running {elastic-defend} or a supported third-party agent type. You must have the *Process Operations* <> and an Enterprise license to perform this action. diff --git a/docs/management/api/list-actions-api.asciidoc b/docs/management/api/list-actions-api.asciidoc index 50b0f329fa..dba43439e0 100644 --- a/docs/management/api/list-actions-api.asciidoc +++ b/docs/management/api/list-actions-api.asciidoc @@ -1,6 +1,12 @@ [[list-actions-api]] === List response actions +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Retrieves a list of response actions. ==== Request URL diff --git a/docs/management/api/list-endpoints-api.asciidoc b/docs/management/api/list-endpoints-api.asciidoc index 119e1bf2cd..d98e0b3ac8 100644 --- a/docs/management/api/list-endpoints-api.asciidoc +++ b/docs/management/api/list-endpoints-api.asciidoc @@ -1,6 +1,12 @@ [[list-endpoints-api]] === List endpoints +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Retrieves a list of hosts running {elastic-defend}. ==== Request URL diff --git a/docs/management/api/management-api-index.asciidoc b/docs/management/api/management-api-index.asciidoc index f4d6e81d6c..9b03a7c357 100644 --- a/docs/management/api/management-api-index.asciidoc +++ b/docs/management/api/management-api-index.asciidoc @@ -1,6 +1,12 @@ [[management-api-overview]] == Endpoint management API +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + The following APIs allow you to interact with and manage endpoints running the {elastic-defend} integration. include::get-endpoint-api.asciidoc[] diff --git a/docs/management/api/running-procs-api.asciidoc b/docs/management/api/running-procs-api.asciidoc index 0f351b7d1c..6a8b38d347 100644 --- a/docs/management/api/running-procs-api.asciidoc +++ b/docs/management/api/running-procs-api.asciidoc @@ -1,6 +1,12 @@ [[running-procs-api]] === Get processes +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Get processes on a host running {elastic-defend}. You must have the *Process Operations* <> and an Enterprise license to perform this action. diff --git a/docs/management/api/scan-api.asciidoc b/docs/management/api/scan-api.asciidoc index 49f522bfb5..ca70030822 100644 --- a/docs/management/api/scan-api.asciidoc +++ b/docs/management/api/scan-api.asciidoc @@ -1,6 +1,12 @@ [[scan-api]] === Scan a file or folder +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Scan a file or folder for malware on a host running {elastic-defend}. You must have the `Scan Operations` {kib} privilege in the Security feature as part of your role and an Enterprise license to perform this action. diff --git a/docs/management/api/suspend-process-api.asciidoc b/docs/management/api/suspend-process-api.asciidoc index a3084360fa..a19c0ed171 100644 --- a/docs/management/api/suspend-process-api.asciidoc +++ b/docs/management/api/suspend-process-api.asciidoc @@ -1,6 +1,12 @@ [[suspend-process-api]] === Suspend a process +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Suspend a process on a host running {elastic-defend}. You must have the *Process Operations* <> and an Enterprise license to perform this action. diff --git a/docs/management/api/trusted-apps-api.asciidoc b/docs/management/api/trusted-apps-api.asciidoc index 3300fec2d6..4c3880abff 100644 --- a/docs/management/api/trusted-apps-api.asciidoc +++ b/docs/management/api/trusted-apps-api.asciidoc @@ -7,6 +7,12 @@ [[trusted-applications-api]] === {endpoint-artifact-name-sentence-start} +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Create, retrieve, update, and delete endpoint <> via API. Endpoint {endpoint-artifact-name} are managed via the <> using a static container id (`list_id`) of `pass:a[{endpoint-artifact-list-id}]`, which must be created prior to adding the {endpoint-artifact-name}. Access to these APIs requires that a user has authorization to manage endpoints. diff --git a/docs/management/api/upload-api.asciidoc b/docs/management/api/upload-api.asciidoc index ec1a0b4995..9d78992568 100644 --- a/docs/management/api/upload-api.asciidoc +++ b/docs/management/api/upload-api.asciidoc @@ -1,6 +1,12 @@ [[upload-api]] === Upload file to host +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}/group/endpoint-security-endpoint-management-api[endpoint management APIs]. +-- + Upload a file to a host running {elastic-defend}. You must have the `File Operations` {kib} privilege in the Security feature as part of your role and an Enterprise license to perform this action. diff --git a/docs/siem-apis.asciidoc b/docs/siem-apis.asciidoc index a0a2f8e930..3d3971fbf6 100644 --- a/docs/siem-apis.asciidoc +++ b/docs/siem-apis.asciidoc @@ -2,6 +2,11 @@ [[security-apis]] = Elastic Security APIs +.New API Reference +[sidebar] +-- +For the most up-to-date API details, refer to {api-kibana}[{kib} APIs]. +-- You can use these APIs to interface with {elastic-sec} features: