Create an endpoint exception list item
Create an endpoint exception list item, and associate it with the endpoint exception list.
Body Required
Exception list item's properties
-
comments array[object]
-
Any of: Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch object Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny object Security_Endpoint_Exceptions_API_ExceptionListItemEntryList object Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists object Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested object Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard object -
item_id string
A string that is not empty and does not contain only whitespace
Minimum length is
1
. Format should match the following pattern:^(?! *$).+$
. -
meta object
Additional properties are allowed.
-
A string that is not empty and does not contain only whitespace
Minimum length is
1
. Format should match the following pattern:^(?! *$).+$
. -
os_types array[string]
Values are
linux
,macos
, orwindows
. -
Value is
simple
.
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication
-
403 application/json; Elastic-Api-Version=2023-10-31
Insufficient privileges
-
409 application/json; Elastic-Api-Version=2023-10-31
Endpoint list item already exists
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error
POST
/api/endpoint_list/items
curl \
-X POST https://localhost:5601/api/endpoint_list/items \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
"comments": [
{
"comment": "string",
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"id": "string",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
],
"description": "string",
"entries": [
{
"field": "string",
"operator": "excluded",
"type": "match",
"value": "string"
}
],
"item_id": "string",
"meta": {},
"name": "string",
"os_types": [
"linux"
],
"tags": [
"string"
],
"type": "simple"
}
Response examples (200)
{
"_version": "string",
"comments": [
{
"comment": "string",
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"id": "string",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
],
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"description": "string",
"entries": [
{
"field": "string",
"operator": "excluded",
"type": "match",
"value": "string"
}
],
"expire_time": "2024-05-04T09:42:00+00:00",
"id": "string",
"item_id": "string",
"list_id": "string",
"meta": {},
"name": "string",
"namespace_type": "agnostic",
"os_types": [
"linux"
],
"tags": [
"string"
],
"tie_breaker_id": "string",
"type": "simple",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
Response examples (400)
Security_endpoint_exceptions_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (403)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (409)
{
"message": "string",
"status_code": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}