Duplicate an exception list
Duplicate an existing exception list.
Query parameters
-
Exception list's human readable string identifier, e.g.
trusted-linux-processes
.Minimum length is
1
. -
Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single
: Only available in the Kibana space in which it is created.agnostic
: Available in all Kibana spaces.
Values are
agnostic
orsingle
. Default value issingle
. -
Determines whether to include expired exceptions in the duplicated list. Expiration date defined by
expire_time
.Values are
true
orfalse
. Default value istrue
.
Responses
-
200 application/json
Successful response
-
400 application/json
Invalid input data response
-
401 application/json
Unsuccessful authentication response
-
403 application/json
Not enough privileges response
-
404 application/json
Exception list not found
-
405 application/json
Exception list to duplicate not found response
-
500 application/json
Internal server error response
curl \
--request POST https://localhost:5601/api/exception_lists/_duplicate?list_id=simple_list&namespace_type=agnostic&include_expired_exceptions=true
{
"id": "b2f4a715-6ab1-444c-8b1e-3fa1b1049429",
"name": "Sample Detection Exception List [Duplicate]",
"tags": [
"malware"
],
"type": "detection",
"list_id": "d6390d60-bce3-4a48-9002-52db600f329c",
"version": 1,
"_version": "WzExNDY1LDFd",
"os_types": [],
"immutable": false,
"created_at": "2025-01-09T16:19:50.280Z",
"created_by": "elastic",
"updated_at": "2025-01-09T16:19:50.280Z",
"updated_by": "elastic",
"description": "This is a sample detection type exception",
"namespace_type": "single",
"tie_breaker_id": "6fa670bd-666d-4c9c-9f1e-d1dbc516e985"
}
{
"error": "Bad Request",
"message": "[request query]: namespace_type: Invalid enum value. Expected 'agnostic' | 'single', received 'foo'",
"statusCode": 400
}
{
"error": "Unauthorized",
"message": "[security_exception\\n\\tRoot causes:\\n\\t\\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
{
"error": "Forbidden",
"message": "API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all]",
"statusCode": 403
}
{
"message\"": "exception list id: \"foo\" does not exist",
"status_code\"": 404
}
{
"message": "string",
"status_code": 42
}
{
"message": "Internal Server Error",
"status_code": 500
}