API structure has changed
This documentation update aligns with Kibana version 8.16.0, which has the following release notes: https://www.elastic.co/guide/en/kibana/8.16/release-notes-8.16.0.html
PUT /api/fleet/agent_policies/{agentPolicyId}
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- global_data_tags property Added
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- package_policies property Modified
- monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- Query
- format query parameter Added
PUT /api/fleet/package_policies/{packagePolicyId}
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
policy_id property Modified
-
Type went from
string
tostring | null
-
- output_id property Added
-
policy_id property Modified
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
-
output_id property Modified
-
Property is no longer deprecated
-
-
policy_id property Modified
-
Type went from
string
tostring | null
-
-
output_id property Modified
-
sucess property Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
PUT /api/fleet/settings
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- delete_unenrolled_agents property Added
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- delete_unenrolled_agents property Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
PUT /s/{spaceId}/api/observability/slos/{sloId}
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
groupBy property Added
- string-1, array-2 properties Added
-
groupBy property Added
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
groupBy property Modified
-
Combinator is now
oneOf
-
groupBy alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- string-1, array-2 alternatives Added
-
-
groupBy property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
PUT /api/detection_engine/rules
- Path went from `/api/alerting/rule/{ruleId}` to `/api/detection_engine/rules` (same operationId) Breaking
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Security_Detections_API_EqlRuleCreateFields, Security_Detections_API_QueryRuleCreateFields, Security_Detections_API_SavedQueryRuleCreateFields, Security_Detections_API_ThresholdRuleCreateFields, Security_Detections_API_ThreatMatchRuleCreateFields, Security_Detections_API_MachineLearningRuleCreateFields, Security_Detections_API_NewTermsRuleCreateFields, Security_Detections_API_EsqlRuleCreateFields alternatives Added
-
alternative Removed
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
-
alternative Removed
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
401, 404 responses Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Header
-
kbn-xsrf header Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Path
-
ruleId path parameter Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
POST /s/{spaceId}/api/observability/slos/{sloId}/_reset
- Response
-
204 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
groupBy property Modified
-
Combinator is now
oneOf
-
groupBy alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- string-1, array-2 alternatives Added
-
-
groupBy property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
POST /s/{spaceId}/api/observability/slos
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
groupBy property Modified
-
Combinator is now
oneOf
-
groupBy alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- string-1, array-2 alternatives Added
-
-
groupBy property Modified
POST /api/fleet/package_policies/upgrade/dryrun
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
diff property Modified
-
output_id property Modified
-
Property is no longer deprecated
-
-
policy_id property Modified
-
Type went from
string
tostring | null
-
-
output_id property Modified
-
diff property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
POST /api/fleet/package_policies/_bulk_get
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
items property Modified
-
output_id property Modified
-
Property is no longer deprecated
-
-
policy_id property Modified
-
Type went from
string
tostring | null
-
-
output_id property Modified
-
items property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
POST /api/fleet/package_policies
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
policy_id property Modified
-
Type went from
string
tostring | null
-
- output_id property Added
-
policy_id property Modified
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
-
output_id property Modified
-
Property is no longer deprecated
-
-
policy_id property Modified
-
Type went from
string
tostring | null
-
-
output_id property Modified
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
POST /api/fleet/enrollment_api_keys
- Body
- application/json; Elastic-Api-Version=2023-10-31 content type Added
POST /api/fleet/agents/actions/{actionId}/cancel
- Path went from `/api/fleet/agents/{agentId}/actions/{actionId}/cancel` to `/api/fleet/agents/actions/{actionId}/cancel` (same operationId) Breaking
- Path
-
agentId path parameter Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
POST /api/fleet/agent_policies/{agentPolicyId}/copy
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- package_policies property Modified
- monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- Query
- format query parameter Added
POST /api/fleet/agent_policies/_bulk_get
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
items property Modified
- package_policies property Modified
- monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
-
items property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- Query
- format query parameter Added
POST /api/fleet/agent_policies
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- package_policies property Modified
- monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
POST /api/detection_engine/rules
- Path went from `/api/alerting/rule` to `/api/detection_engine/rules` (same operationId) Breaking
- Body
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
Alerting_create_anomaly_detection_alert_rule_request, Alerting_create_anomaly_detection_jobs_health_rule_request, Alerting_create_apm_anomaly_rule_request, Alerting_create_apm_error_count_rule_request, Alerting_create_apm_transaction_duration_rule_request, Alerting_create_apm_transaction_error_rate_rule_request, Alerting_create_es_query_rule_request, Alerting_create_geo_containment_rule_request, Alerting_create_index_threshold_rule_request, Alerting_create_infra_inventory_rule_request, Alerting_create_infra_metric_anomaly_rule_request, Alerting_create_infra_metric_threshold_rule_request, Alerting_create_monitoring_jvm_memory_usage_rule_request, Alerting_create_log_threshold_rule_request, Alerting_create_monitoring_ccr_exceptions_rule_request, Alerting_create_monitoring_cluster_health_rule_request, Alerting_create_monitoring_cpu_usage_rule_request, Alerting_create_monitoring_disk_usage_rule_request, Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request, Alerting_create_monitoring_license_expiration_rule_request, Alerting_create_monitoring_kibana_version_mismatch_rule_request, Alerting_create_monitoring_logstash_version_mismatch_rule_request, Alerting_create_monitoring_missing_data_rule_request, Alerting_create_monitoring_nodes_changed_rule_request, Alerting_create_monitoring_shard_size_rule_request, Alerting_create_monitoring_thread_pool_search_rejections_rule_request, Alerting_create_monitoring_thread_pool_write_rejections_rule_request, Alerting_create_siem_eql_rule_request, Alerting_create_siem_indicator_rule_request, Alerting_create_siem_ml_rule_request, Alerting_create_siem_new_terms_rule_request, Alerting_create_siem_notifications_rule_request, Alerting_create_siem_query_rule_request, Alerting_create_siem_saved_query_rule_request, Alerting_create_siem_threshold_rule_request, Alerting_create_slo_burn_rate_rule_request, Alerting_create_synthetics_monitor_status_rule_request, Alerting_create_synthetics_uptime_duration_anomaly_rule_request, Alerting_create_synthetics_uptime_tls_rule_request, Alerting_create_synthetics_uptime_tls_certificate_rule_request, Alerting_create_transform_health_rule_request, Alerting_create_uptime_monitor_status_rule_request alternatives Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Security_Detections_API_EqlRuleCreateFields, Security_Detections_API_QueryRuleCreateFields, Security_Detections_API_SavedQueryRuleCreateFields, Security_Detections_API_ThresholdRuleCreateFields, Security_Detections_API_ThreatMatchRuleCreateFields, Security_Detections_API_MachineLearningRuleCreateFields, Security_Detections_API_NewTermsRuleCreateFields, Security_Detections_API_EsqlRuleCreateFields alternatives Added
-
Alerting_create_anomaly_detection_alert_rule_request, Alerting_create_anomaly_detection_jobs_health_rule_request, Alerting_create_apm_anomaly_rule_request, Alerting_create_apm_error_count_rule_request, Alerting_create_apm_transaction_duration_rule_request, Alerting_create_apm_transaction_error_rate_rule_request, Alerting_create_es_query_rule_request, Alerting_create_geo_containment_rule_request, Alerting_create_index_threshold_rule_request, Alerting_create_infra_inventory_rule_request, Alerting_create_infra_metric_anomaly_rule_request, Alerting_create_infra_metric_threshold_rule_request, Alerting_create_monitoring_jvm_memory_usage_rule_request, Alerting_create_log_threshold_rule_request, Alerting_create_monitoring_ccr_exceptions_rule_request, Alerting_create_monitoring_cluster_health_rule_request, Alerting_create_monitoring_cpu_usage_rule_request, Alerting_create_monitoring_disk_usage_rule_request, Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request, Alerting_create_monitoring_license_expiration_rule_request, Alerting_create_monitoring_kibana_version_mismatch_rule_request, Alerting_create_monitoring_logstash_version_mismatch_rule_request, Alerting_create_monitoring_missing_data_rule_request, Alerting_create_monitoring_nodes_changed_rule_request, Alerting_create_monitoring_shard_size_rule_request, Alerting_create_monitoring_thread_pool_search_rejections_rule_request, Alerting_create_monitoring_thread_pool_write_rejections_rule_request, Alerting_create_siem_eql_rule_request, Alerting_create_siem_indicator_rule_request, Alerting_create_siem_ml_rule_request, Alerting_create_siem_new_terms_rule_request, Alerting_create_siem_notifications_rule_request, Alerting_create_siem_query_rule_request, Alerting_create_siem_saved_query_rule_request, Alerting_create_siem_threshold_rule_request, Alerting_create_slo_burn_rate_rule_request, Alerting_create_synthetics_monitor_status_rule_request, Alerting_create_synthetics_uptime_duration_anomaly_rule_request, Alerting_create_synthetics_uptime_tls_rule_request, Alerting_create_synthetics_uptime_tls_certificate_rule_request, Alerting_create_transform_health_rule_request, Alerting_create_uptime_monitor_status_rule_request alternatives Removed
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
-
alternative Removed
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
401, 404 responses Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Header
-
kbn-xsrf header Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
GET /s/{spaceId}/api/observability/slos/{sloId}
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
groupBy property Modified
-
Combinator is now
oneOf
-
groupBy alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- string-1, array-2 alternatives Added
-
-
groupBy property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /s/{spaceId}/api/observability/slos
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
results property Modified
-
groupBy property Modified
-
Combinator is now
oneOf
-
-
groupBy property Modified
-
results property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/settings
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- delete_unenrolled_agents property Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/package_policies/{packagePolicyId}
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
-
output_id property Modified
-
Property is no longer deprecated
-
-
policy_id property Modified
-
Type went from
string
tostring | null
-
-
output_id property Modified
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/package_policies
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
items property Modified
-
output_id property Modified
-
Property is no longer deprecated
-
-
policy_id property Modified
-
Type went from
string
tostring | null
-
-
output_id property Modified
-
items property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/epm/packages/{pkgkey}
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
response property Modified
- agent, asset_tags, discovery, owner properties Added
-
response property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/epm/packages/{pkgName}/{pkgVersion}
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- agent, asset_tags, discovery, owner properties Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/enrollment_api_keys
- Query
- perPage, page, kuery query parameters Added
GET /api/fleet/agent_policies/{agentPolicyId}/full
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- object-2 alternative Modified
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
GET /api/fleet/agent_policies/{agentPolicyId}
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
item property Modified
- package_policies property Modified
- monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
-
item property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- Query
- format query parameter Added
GET /api/fleet/agent_policies
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
items property Modified
- package_policies property Modified
- monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
-
items property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
- Query
- format query parameter Added
GET /api/detection_engine/rules/_find
- Path went from `/api/alerting/rules/_find` to `/api/detection_engine/rules/_find` (same operationId) Breaking
- Response
-
200 response Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
data property Modified
-
Property is now required
Breaking
-
Alerting_rule_response_properties alternative Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
-
-
page, total properties Modified
-
Properties are now required
Breaking
-
-
per_page property Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- perPage property Added
-
data property Modified
-
application/json; Elastic-Api-Version=2023-10-31 content type Modified
-
401 response Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Query
-
default_search_operator, has_reference, search, search_fields query parameters Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
DELETE /api/detection_engine/rules
- Path went from `/api/alerting/rule/{ruleId}` to `/api/detection_engine/rules` (same operationId) Breaking
- Header
-
kbn-xsrf header Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Path
-
ruleId path parameter Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- Response
-
204, 401, 404 responses Removed
-
Removing a resource is always breaking unless it was deprecated before
Breaking
-
- 200 response Added
- Query
- id, rule_id query parameters Added
PUT /api/actions/connector/{connectorId}
- Removing a resource is always breaking unless it was deprecated before Breaking
PUT /api/actions/action/{actionId}
POST /api/alerting/rule/{ruleId}/alert/{alertId}/_unmute
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}/alert/{alertId}/_mute
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}/_update_api_key
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}/_unmute_all
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}/_mute_all
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}/_enable
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}/_disable
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/alerting/rule/{ruleId}
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/actions/connector/{connectorId}/_execute
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/actions/connector/{connectorId}
- Removing a resource is always breaking unless it was deprecated before Breaking
DELETE /api/actions/action/{actionId}
DELETE /api/actions/connector/{connectorId}
- Removing a resource is always breaking unless it was deprecated before Breaking
GET /api/actions
GET /api/actions/action/{actionId}
GET /api/actions/connector/{connectorId}
- Removing a resource is always breaking unless it was deprecated before Breaking
GET /api/actions/connector_types
- Removing a resource is always breaking unless it was deprecated before Breaking
GET /api/actions/connectors
- Removing a resource is always breaking unless it was deprecated before Breaking
GET /api/actions/list_action_types
GET /api/alerting/rule/{ruleId}
- Removing a resource is always breaking unless it was deprecated before Breaking
GET /api/status
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/actions
POST /api/actions/action/{actionId}/_execute
POST /api/actions/connector
- Removing a resource is always breaking unless it was deprecated before Breaking
POST /api/endpoint_list/items
POST /api/entity_store/engines/apply_dataview_indices
POST /api/entity_store/engines/{entityType}/init
POST /api/entity_store/engines/{entityType}/start
POST /api/entity_store/engines/{entityType}/stats
POST /api/entity_store/engines/{entityType}/stop
POST /api/exception_lists
POST /api/exception_lists/_duplicate
POST /api/exception_lists/_export
POST /api/exception_lists/_import
POST /api/exception_lists/items
POST /api/exceptions/shared
POST /api/lists
POST /api/lists/index
POST /api/lists/items
POST /api/lists/items/_export
POST /api/lists/items/_import
POST /api/detection_engine/signals/search
POST /api/detection_engine/signals/status
POST /api/detection_engine/signals/tags
POST /api/endpoint/action/execute
POST /api/endpoint/action/get_file
POST /api/endpoint/action/isolate
POST /api/endpoint/action/kill_process
POST /api/endpoint/action/running_procs
POST /api/endpoint/action/scan
POST /api/endpoint/action/suspend_process
POST /api/endpoint/action/unisolate
POST /api/endpoint/action/upload
POST /api/endpoint/isolate
POST /api/endpoint/protection_updates_note/{package_policy_id}
POST /api/endpoint/suggestions/{suggestion_type}
POST /api/endpoint/unisolate
POST /api/endpoint_list
POST /api/timeline/_import
POST /api/timeline/_prepackaged
PUT /api/actions/action/{id}
PUT /api/actions/connector/{id}
PUT /api/alerting/rule/{id}
PUT /api/detection_engine/rules/_bulk_update
PUT /api/detection_engine/rules/prepackaged
PUT /api/endpoint_list/items
PUT /api/exception_lists
PUT /api/exception_lists/items
PUT /api/lists
PUT /api/lists/items
PUT /api/osquery/packs/{id}
PUT /api/osquery/saved_queries/{id}
PUT /api/security/role/{name}
PUT /api/security_ai_assistant/current_user/conversations/{id}
PUT /api/spaces/space/{id}
POST /api/osquery/live_queries
POST /api/osquery/packs
POST /api/osquery/saved_queries
POST /api/risk_score/engine/schedule_now
POST /api/security/roles
POST /api/security_ai_assistant/anonymization_fields/_bulk_action
POST /api/security_ai_assistant/chat/complete
POST /api/security_ai_assistant/current_user/conversations
POST /api/security_ai_assistant/prompts/_bulk_action
POST /api/spaces/_copy_saved_objects
POST /api/spaces/_disable_legacy_url_aliases
POST /api/spaces/_get_shareable_references
POST /api/spaces/_update_objects_spaces
POST /api/spaces/space
POST /api/timeline
POST /api/timeline/_draft
POST /api/timeline/_export
DELETE /api/actions/action/{id}
GET /api/asset_criticality/list
GET /api/detection_engine/index
GET /api/detection_engine/privileges
GET /api/detection_engine/rules
GET /api/detection_engine/rules/prepackaged/_status
GET /api/detection_engine/tags
GET /api/endpoint/action
GET /api/endpoint/action/state
GET /api/endpoint/action/{action_id}
GET /api/endpoint/action/{action_id}/file/{file_id}
GET /api/endpoint/action/{action_id}/file/{file_id}/download
GET /api/endpoint/action_log/{agent_id}
GET /api/endpoint/action_status
GET /api/endpoint/metadata
GET /api/endpoint/metadata/transforms
GET /api/endpoint/metadata/{id}
GET /api/endpoint/policy/summaries
GET /api/endpoint/policy_response
GET /api/endpoint/protection_updates_note/{package_policy_id}
GET /api/endpoint_list/items
GET /api/endpoint_list/items/_find
GET /api/entity_store/engines
GET /api/entity_store/engines/{entityType}
GET /api/entity_store/entities/list
GET /api/exception_lists
GET /api/exception_lists/_find
GET /api/exception_lists/items
GET /api/exception_lists/items/_find
GET /api/exception_lists/summary
GET /api/lists
DELETE /api/actions/connector/{id}
DELETE /api/alerting/rule/{id}
DELETE /api/asset_criticality
DELETE /api/detection_engine/index
DELETE /api/detection_engine/rules/_bulk_delete
DELETE /api/detection_engine/signals/migration
DELETE /api/endpoint_list/items
DELETE /api/entity_store/engines/{entityType}
DELETE /api/exception_lists
DELETE /api/exception_lists/items
DELETE /api/lists
DELETE /api/lists/index
DELETE /api/lists/items
DELETE /api/note
DELETE /api/osquery/packs/{id}
DELETE /api/osquery/saved_queries/{id}
DELETE /api/risk_score/engine/dangerously_delete_data
DELETE /api/security/role/{name}
DELETE /api/security_ai_assistant/current_user/conversations/{id}
DELETE /api/spaces/space/{id}
DELETE /api/timeline
GET /api/actions
GET /api/actions/action/{id}
GET /api/actions/connector/{id}
GET /api/actions/connector_types
GET /api/actions/connectors
GET /api/actions/list_action_types
GET /api/alerting/rule/{id}
GET /api/alerting/rules/_find
GET /api/asset_criticality
GET /api/lists/_find
PATCH /api/note
PATCH /api/pinned_event
PATCH /api/timeline
PATCH /api/timeline/_favorite
POST /api/actions/action
POST /api/actions/action/{id}/_execute
POST /api/actions/connector/{id}
POST /api/actions/connector/{id}/_execute
POST /api/alerting/rule/{id}
POST /api/alerting/rule/{id}/_disable
POST /api/alerting/rule/{id}/_enable
POST /api/alerting/rule/{id}/_mute_all
POST /api/alerting/rule/{id}/_unmute_all
POST /api/alerting/rule/{id}/_update_api_key
POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute
POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute
POST /api/asset_criticality
POST /api/asset_criticality/bulk
POST /api/detection_engine/index
POST /api/detection_engine/rules/_bulk_action
POST /api/detection_engine/rules/_bulk_create
POST /api/detection_engine/rules/_bulk_delete
POST /api/detection_engine/rules/_export
POST /api/detection_engine/rules/_import
POST /api/detection_engine/rules/preview
POST /api/detection_engine/rules/{id}/exceptions
POST /api/detection_engine/signals/assignees
POST /api/detection_engine/signals/finalize_migration
POST /api/detection_engine/signals/migration
POST /api/detection_engine/signals/migration_status
GET /api/lists/index
GET /api/lists/items
GET /api/lists/items/_find
GET /api/lists/privileges
GET /api/note
GET /api/osquery/live_queries
GET /api/osquery/live_queries/{id}
GET /api/osquery/live_queries/{id}/results/{actionId}
GET /api/osquery/packs
GET /api/osquery/packs/{id}
GET /api/osquery/saved_queries
GET /api/osquery/saved_queries/{id}
GET /api/security/role
GET /api/security/role/{name}
GET /api/security_ai_assistant/anonymization_fields/_find
GET /api/security_ai_assistant/current_user/conversations/_find
GET /api/security_ai_assistant/current_user/conversations/{id}
GET /api/security_ai_assistant/prompts/_find
GET /api/spaces/space
GET /api/spaces/space/{id}
GET /api/status
GET /api/timeline
GET /api/timeline/_copy
GET /api/timeline/_draft
GET /api/timeline/resolve
GET /api/timelines
PATCH /api/detection_engine/rules
PATCH /api/detection_engine/rules/_bulk_update
PATCH /api/lists
PATCH /api/lists/items