Change Updates

Do not miss any Kibana API changes, ever again

Subscribe to the Kibana API changelog to be up to date on recent changes.

RSS

Nov 13, 2024

v8
1.0.2
Compare

API structure has changed

This documentation update aligns with Kibana version 8.16.0, which has the following release notes: https://www.elastic.co/guide/en/kibana/8.16/release-notes-8.16.0.html

244 structure changes including:
23 Breaking changes
190 Additions
29 Modifications
25 Removals
Modified 29 Breaking
PUT /api/fleet/agent_policies/{agentPolicyId}
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • global_data_tags property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
PUT /api/fleet/package_policies/{packagePolicyId}
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • policy_id property Modified
      • Type went from string to string | null
    • output_id property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • output_id property Modified
          • Property is no longer deprecated
        • policy_id property Modified
          • Type went from string to string | null
      • sucess property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
PUT /api/fleet/settings
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • delete_unenrolled_agents property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • delete_unenrolled_agents property Added
PUT /s/{spaceId}/api/observability/slos/{sloId}
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • groupBy property Added
      • string-1, array-2 properties Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • groupBy property Modified
        • Combinator is now oneOf
        • groupBy alternative Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • string-1, array-2 alternatives Added
PUT /api/detection_engine/rules
  • Path went from /api/alerting/rule/{ruleId} to /api/detection_engine/rules (same operationId)
    Breaking
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • alternative Removed
      • Removing a resource is always breaking unless it was deprecated before
        Breaking
    • Security_Detections_API_EqlRuleCreateFields, Security_Detections_API_QueryRuleCreateFields, Security_Detections_API_SavedQueryRuleCreateFields, Security_Detections_API_ThresholdRuleCreateFields, Security_Detections_API_ThreatMatchRuleCreateFields, Security_Detections_API_MachineLearningRuleCreateFields, Security_Detections_API_NewTermsRuleCreateFields, Security_Detections_API_EsqlRuleCreateFields alternatives Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • alternative Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
  • 401, 404 responses Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • Header
  • kbn-xsrf header Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • Path
  • ruleId path parameter Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
POST /s/{spaceId}/api/observability/slos/{sloId}/_reset
  • Response
  • 204 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • groupBy property Modified
        • Combinator is now oneOf
        • groupBy alternative Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • string-1, array-2 alternatives Added
POST /s/{spaceId}/api/observability/slos
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • groupBy property Modified
      • Combinator is now oneOf
      • groupBy alternative Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • string-1, array-2 alternatives Added
POST /api/fleet/package_policies/upgrade/dryrun
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • diff property Modified
        • output_id property Modified
          • Property is no longer deprecated
        • policy_id property Modified
          • Type went from string to string | null
POST /api/fleet/package_policies/_bulk_get
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • output_id property Modified
          • Property is no longer deprecated
        • policy_id property Modified
          • Type went from string to string | null
POST /api/fleet/package_policies
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • policy_id property Modified
      • Type went from string to string | null
    • output_id property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • output_id property Modified
          • Property is no longer deprecated
        • policy_id property Modified
          • Type went from string to string | null
POST /api/fleet/enrollment_api_keys
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Added
POST /api/fleet/agents/actions/{actionId}/cancel
  • Path went from /api/fleet/agents/{agentId}/actions/{actionId}/cancel to /api/fleet/agents/actions/{actionId}/cancel (same operationId)
    Breaking
  • Path
  • agentId path parameter Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
POST /api/fleet/agent_policies/{agentPolicyId}/copy
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
POST /api/fleet/agent_policies/_bulk_get
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
POST /api/fleet/agent_policies
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
POST /api/detection_engine/rules
  • Path went from /api/alerting/rule to /api/detection_engine/rules (same operationId)
    Breaking
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • Alerting_create_anomaly_detection_alert_rule_request, Alerting_create_anomaly_detection_jobs_health_rule_request, Alerting_create_apm_anomaly_rule_request, Alerting_create_apm_error_count_rule_request, Alerting_create_apm_transaction_duration_rule_request, Alerting_create_apm_transaction_error_rate_rule_request, Alerting_create_es_query_rule_request, Alerting_create_geo_containment_rule_request, Alerting_create_index_threshold_rule_request, Alerting_create_infra_inventory_rule_request, Alerting_create_infra_metric_anomaly_rule_request, Alerting_create_infra_metric_threshold_rule_request, Alerting_create_monitoring_jvm_memory_usage_rule_request, Alerting_create_log_threshold_rule_request, Alerting_create_monitoring_ccr_exceptions_rule_request, Alerting_create_monitoring_cluster_health_rule_request, Alerting_create_monitoring_cpu_usage_rule_request, Alerting_create_monitoring_disk_usage_rule_request, Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request, Alerting_create_monitoring_license_expiration_rule_request, Alerting_create_monitoring_kibana_version_mismatch_rule_request, Alerting_create_monitoring_logstash_version_mismatch_rule_request, Alerting_create_monitoring_missing_data_rule_request, Alerting_create_monitoring_nodes_changed_rule_request, Alerting_create_monitoring_shard_size_rule_request, Alerting_create_monitoring_thread_pool_search_rejections_rule_request, Alerting_create_monitoring_thread_pool_write_rejections_rule_request, Alerting_create_siem_eql_rule_request, Alerting_create_siem_indicator_rule_request, Alerting_create_siem_ml_rule_request, Alerting_create_siem_new_terms_rule_request, Alerting_create_siem_notifications_rule_request, Alerting_create_siem_query_rule_request, Alerting_create_siem_saved_query_rule_request, Alerting_create_siem_threshold_rule_request, Alerting_create_slo_burn_rate_rule_request, Alerting_create_synthetics_monitor_status_rule_request, Alerting_create_synthetics_uptime_duration_anomaly_rule_request, Alerting_create_synthetics_uptime_tls_rule_request, Alerting_create_synthetics_uptime_tls_certificate_rule_request, Alerting_create_transform_health_rule_request, Alerting_create_uptime_monitor_status_rule_request alternatives Removed
      • Removing a resource is always breaking unless it was deprecated before
        Breaking
    • Security_Detections_API_EqlRuleCreateFields, Security_Detections_API_QueryRuleCreateFields, Security_Detections_API_SavedQueryRuleCreateFields, Security_Detections_API_ThresholdRuleCreateFields, Security_Detections_API_ThreatMatchRuleCreateFields, Security_Detections_API_MachineLearningRuleCreateFields, Security_Detections_API_NewTermsRuleCreateFields, Security_Detections_API_EsqlRuleCreateFields alternatives Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • alternative Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
  • 401, 404 responses Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • Header
  • kbn-xsrf header Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
GET /s/{spaceId}/api/observability/slos/{sloId}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • groupBy property Modified
        • Combinator is now oneOf
        • groupBy alternative Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • string-1, array-2 alternatives Added
GET /s/{spaceId}/api/observability/slos
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • results property Modified
        • groupBy property Modified
          • Combinator is now oneOf
GET /api/fleet/settings
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • delete_unenrolled_agents property Added
GET /api/fleet/package_policies/{packagePolicyId}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • output_id property Modified
          • Property is no longer deprecated
        • policy_id property Modified
          • Type went from string to string | null
GET /api/fleet/package_policies
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • output_id property Modified
          • Property is no longer deprecated
        • policy_id property Modified
          • Type went from string to string | null
GET /api/fleet/epm/packages/{pkgkey}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • response property Modified
        • agent, asset_tags, discovery, owner properties Added
GET /api/fleet/epm/packages/{pkgName}/{pkgVersion}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • agent, asset_tags, discovery, owner properties Added
GET /api/fleet/enrollment_api_keys
  • Query
  • perPage, page, kuery query parameters Added
GET /api/fleet/agent_policies/{agentPolicyId}/full
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • object-2 alternative Modified
GET /api/fleet/agent_policies/{agentPolicyId}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
GET /api/fleet/agent_policies
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
GET /api/detection_engine/rules/_find
  • Path went from /api/alerting/rules/_find to /api/detection_engine/rules/_find (same operationId)
    Breaking
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • data property Modified
        • Property is now required
          Breaking
        • Alerting_rule_response_properties alternative Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
      • page, total properties Modified
        • Properties are now required
          Breaking
      • per_page property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • perPage property Added
  • 401 response Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • Query
  • default_search_operator, has_reference, search, search_fields query parameters Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
DELETE /api/detection_engine/rules
  • Path went from /api/alerting/rule/{ruleId} to /api/detection_engine/rules (same operationId)
    Breaking
  • Header
  • kbn-xsrf header Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • Path
  • ruleId path parameter Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • Response
  • 204, 401, 404 responses Removed
    • Removing a resource is always breaking unless it was deprecated before
      Breaking
  • 200 response Added
  • Query
  • id, rule_id query parameters Added
Removed 25 Breaking
PUT /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
PUT /api/actions/action/{actionId}
POST /api/alerting/rule/{ruleId}/alert/{alertId}/_unmute
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/alert/{alertId}/_mute
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_update_api_key
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_unmute_all
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_mute_all
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_enable
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_disable
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/actions/connector/{connectorId}/_execute
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
DELETE /api/actions/action/{actionId}
DELETE /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions
GET /api/actions/action/{actionId}
GET /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions/connector_types
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions/connectors
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions/list_action_types
GET /api/alerting/rule/{ruleId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/status
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/actions
POST /api/actions/action/{actionId}/_execute
POST /api/actions/connector
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
Added 190
POST /api/endpoint_list/items
POST /api/entity_store/engines/apply_dataview_indices
POST /api/entity_store/engines/{entityType}/init
POST /api/entity_store/engines/{entityType}/start
POST /api/entity_store/engines/{entityType}/stats
POST /api/entity_store/engines/{entityType}/stop
POST /api/exception_lists
POST /api/exception_lists/_duplicate
POST /api/exception_lists/_export
POST /api/exception_lists/_import
POST /api/exception_lists/items
POST /api/exceptions/shared
POST /api/lists
POST /api/lists/index
POST /api/lists/items
POST /api/lists/items/_export
POST /api/lists/items/_import
POST /api/detection_engine/signals/search
POST /api/detection_engine/signals/status
POST /api/detection_engine/signals/tags
POST /api/endpoint/action/execute
POST /api/endpoint/action/get_file
POST /api/endpoint/action/isolate
POST /api/endpoint/action/kill_process
POST /api/endpoint/action/running_procs
POST /api/endpoint/action/scan
POST /api/endpoint/action/suspend_process
POST /api/endpoint/action/unisolate
POST /api/endpoint/action/upload
POST /api/endpoint/isolate
POST /api/endpoint/protection_updates_note/{package_policy_id}
POST /api/endpoint/suggestions/{suggestion_type}
POST /api/endpoint/unisolate
POST /api/endpoint_list
POST /api/timeline/_import
POST /api/timeline/_prepackaged
PUT /api/actions/action/{id}
PUT /api/actions/connector/{id}
PUT /api/alerting/rule/{id}
PUT /api/detection_engine/rules/_bulk_update
PUT /api/detection_engine/rules/prepackaged
PUT /api/endpoint_list/items
PUT /api/exception_lists
PUT /api/exception_lists/items
PUT /api/lists
PUT /api/lists/items
PUT /api/osquery/packs/{id}
PUT /api/osquery/saved_queries/{id}
PUT /api/security/role/{name}
PUT /api/security_ai_assistant/current_user/conversations/{id}
PUT /api/spaces/space/{id}
POST /api/osquery/live_queries
POST /api/osquery/packs
POST /api/osquery/saved_queries
POST /api/risk_score/engine/schedule_now
POST /api/security/roles
POST /api/security_ai_assistant/anonymization_fields/_bulk_action
POST /api/security_ai_assistant/chat/complete
POST /api/security_ai_assistant/current_user/conversations
POST /api/security_ai_assistant/prompts/_bulk_action
POST /api/spaces/_copy_saved_objects
POST /api/spaces/_disable_legacy_url_aliases
POST /api/spaces/_get_shareable_references
POST /api/spaces/_update_objects_spaces
POST /api/spaces/space
POST /api/timeline
POST /api/timeline/_draft
POST /api/timeline/_export
DELETE /api/actions/action/{id}
GET /api/asset_criticality/list
GET /api/detection_engine/index
GET /api/detection_engine/privileges
GET /api/detection_engine/rules
GET /api/detection_engine/rules/prepackaged/_status
GET /api/detection_engine/tags
GET /api/endpoint/action
GET /api/endpoint/action/state
GET /api/endpoint/action/{action_id}
GET /api/endpoint/action/{action_id}/file/{file_id}
GET /api/endpoint/action/{action_id}/file/{file_id}/download
GET /api/endpoint/action_log/{agent_id}
GET /api/endpoint/action_status
GET /api/endpoint/metadata
GET /api/endpoint/metadata/transforms
GET /api/endpoint/metadata/{id}
GET /api/endpoint/policy/summaries
GET /api/endpoint/policy_response
GET /api/endpoint/protection_updates_note/{package_policy_id}
GET /api/endpoint_list/items
GET /api/endpoint_list/items/_find
GET /api/entity_store/engines
GET /api/entity_store/engines/{entityType}
GET /api/entity_store/entities/list
GET /api/exception_lists
GET /api/exception_lists/_find
GET /api/exception_lists/items
GET /api/exception_lists/items/_find
GET /api/exception_lists/summary
GET /api/lists
DELETE /api/actions/connector/{id}
DELETE /api/alerting/rule/{id}
DELETE /api/asset_criticality
DELETE /api/detection_engine/index
DELETE /api/detection_engine/rules/_bulk_delete
DELETE /api/detection_engine/signals/migration
DELETE /api/endpoint_list/items
DELETE /api/entity_store/engines/{entityType}
DELETE /api/exception_lists
DELETE /api/exception_lists/items
DELETE /api/lists
DELETE /api/lists/index
DELETE /api/lists/items
DELETE /api/note
DELETE /api/osquery/packs/{id}
DELETE /api/osquery/saved_queries/{id}
DELETE /api/risk_score/engine/dangerously_delete_data
DELETE /api/security/role/{name}
DELETE /api/security_ai_assistant/current_user/conversations/{id}
DELETE /api/spaces/space/{id}
DELETE /api/timeline
GET /api/actions
GET /api/actions/action/{id}
GET /api/actions/connector/{id}
GET /api/actions/connector_types
GET /api/actions/connectors
GET /api/actions/list_action_types
GET /api/alerting/rule/{id}
GET /api/alerting/rules/_find
GET /api/asset_criticality
GET /api/lists/_find
PATCH /api/note
PATCH /api/pinned_event
PATCH /api/timeline
PATCH /api/timeline/_favorite
POST /api/actions/action
POST /api/actions/action/{id}/_execute
POST /api/actions/connector/{id}
POST /api/actions/connector/{id}/_execute
POST /api/alerting/rule/{id}
POST /api/alerting/rule/{id}/_disable
POST /api/alerting/rule/{id}/_enable
POST /api/alerting/rule/{id}/_mute_all
POST /api/alerting/rule/{id}/_unmute_all
POST /api/alerting/rule/{id}/_update_api_key
POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute
POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute
POST /api/asset_criticality
POST /api/asset_criticality/bulk
POST /api/detection_engine/index
POST /api/detection_engine/rules/_bulk_action
POST /api/detection_engine/rules/_bulk_create
POST /api/detection_engine/rules/_bulk_delete
POST /api/detection_engine/rules/_export
POST /api/detection_engine/rules/_import
POST /api/detection_engine/rules/preview
POST /api/detection_engine/rules/{id}/exceptions
POST /api/detection_engine/signals/assignees
POST /api/detection_engine/signals/finalize_migration
POST /api/detection_engine/signals/migration
POST /api/detection_engine/signals/migration_status
GET /api/lists/index
GET /api/lists/items
GET /api/lists/items/_find
GET /api/lists/privileges
GET /api/note
GET /api/osquery/live_queries
GET /api/osquery/live_queries/{id}
GET /api/osquery/live_queries/{id}/results/{actionId}
GET /api/osquery/packs
GET /api/osquery/packs/{id}
GET /api/osquery/saved_queries
GET /api/osquery/saved_queries/{id}
GET /api/security/role
GET /api/security/role/{name}
GET /api/security_ai_assistant/anonymization_fields/_find
GET /api/security_ai_assistant/current_user/conversations/_find
GET /api/security_ai_assistant/current_user/conversations/{id}
GET /api/security_ai_assistant/prompts/_find
GET /api/spaces/space
GET /api/spaces/space/{id}
GET /api/status
GET /api/timeline
GET /api/timeline/_copy
GET /api/timeline/_draft
GET /api/timeline/resolve
GET /api/timelines
PATCH /api/detection_engine/rules
PATCH /api/detection_engine/rules/_bulk_update
PATCH /api/lists
PATCH /api/lists/items