Change Updates

Do not miss any Kibana API changes, ever again

Subscribe to the Kibana API changelog to be up to date on recent changes.

RSS

9 days ago

v8
1.0.2
Compare

API structure has changed

Next Change

This documentation update aligns with Kibana version 8.16.0, which has the following release notes: https://www.elastic.co/guide/en/kibana/8.16/release-notes-8.16.0.html

244 structure changes including:
23 Breaking changes
190 Additions
29 Modifications
25 Removals
Modified 29 Breaking
PUT /api/fleet/agent_policies/{agentPolicyId}
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • global_data_tags property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
PUT /api/fleet/package_policies/{packagePolicyId}
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • policy_id property Modified
      • Type went from string to string | null

    • output_id property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • output_id property Modified
          • Property is no longer deprecated

        • policy_id property Modified
          • Type went from string to string | null

      • sucess property Removed
        • Removing a resource is always breaking unless it was deprecated before

          Breaking

PUT /api/fleet/settings
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • delete_unenrolled_agents property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • delete_unenrolled_agents property Added
PUT /s/{spaceId}/api/observability/slos/{sloId}
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • groupBy property Added
      • string-1, array-2 properties Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • groupBy property Modified
        • Combinator is now oneOf

        • groupBy alternative Removed
          • Removing a resource is always breaking unless it was deprecated before

            Breaking

        • string-1, array-2 alternatives Added
PUT /api/detection_engine/rules
  • Path went from `/api/alerting/rule/{ruleId}` to `/api/detection_engine/rules` (same operationId)
    Breaking
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • alternative Removed
      • Removing a resource is always breaking unless it was deprecated before

        Breaking

    • Security_Detections_API_EqlRuleCreateFields, Security_Detections_API_QueryRuleCreateFields, Security_Detections_API_SavedQueryRuleCreateFields, Security_Detections_API_ThresholdRuleCreateFields, Security_Detections_API_ThreatMatchRuleCreateFields, Security_Detections_API_MachineLearningRuleCreateFields, Security_Detections_API_NewTermsRuleCreateFields, Security_Detections_API_EsqlRuleCreateFields alternatives Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • alternative Removed
        • Removing a resource is always breaking unless it was deprecated before

          Breaking

      • Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
  • 401, 404 responses Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • Header
  • kbn-xsrf header Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • Path
  • ruleId path parameter Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

POST /s/{spaceId}/api/observability/slos/{sloId}/_reset
  • Response
  • 204 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • groupBy property Modified
        • Combinator is now oneOf

        • groupBy alternative Removed
          • Removing a resource is always breaking unless it was deprecated before

            Breaking

        • string-1, array-2 alternatives Added
POST /s/{spaceId}/api/observability/slos
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • groupBy property Modified
      • Combinator is now oneOf

      • groupBy alternative Removed
        • Removing a resource is always breaking unless it was deprecated before

          Breaking

      • string-1, array-2 alternatives Added
POST /api/fleet/package_policies/upgrade/dryrun
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • diff property Modified
        • output_id property Modified
          • Property is no longer deprecated

        • policy_id property Modified
          • Type went from string to string | null

POST /api/fleet/package_policies/_bulk_get
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • output_id property Modified
          • Property is no longer deprecated

        • policy_id property Modified
          • Type went from string to string | null

POST /api/fleet/package_policies
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • policy_id property Modified
      • Type went from string to string | null

    • output_id property Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • output_id property Modified
          • Property is no longer deprecated

        • policy_id property Modified
          • Type went from string to string | null

POST /api/fleet/enrollment_api_keys
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Added
POST /api/fleet/agents/actions/{actionId}/cancel
  • Path went from `/api/fleet/agents/{agentId}/actions/{actionId}/cancel` to `/api/fleet/agents/actions/{actionId}/cancel` (same operationId)
    Breaking
  • Path
  • agentId path parameter Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

POST /api/fleet/agent_policies/{agentPolicyId}/copy
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
POST /api/fleet/agent_policies/_bulk_get
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
POST /api/fleet/agent_policies
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
POST /api/detection_engine/rules
  • Path went from `/api/alerting/rule` to `/api/detection_engine/rules` (same operationId)
    Breaking
  • Body
  • application/json; Elastic-Api-Version=2023-10-31 content type Modified
    • Alerting_create_anomaly_detection_alert_rule_request, Alerting_create_anomaly_detection_jobs_health_rule_request, Alerting_create_apm_anomaly_rule_request, Alerting_create_apm_error_count_rule_request, Alerting_create_apm_transaction_duration_rule_request, Alerting_create_apm_transaction_error_rate_rule_request, Alerting_create_es_query_rule_request, Alerting_create_geo_containment_rule_request, Alerting_create_index_threshold_rule_request, Alerting_create_infra_inventory_rule_request, Alerting_create_infra_metric_anomaly_rule_request, Alerting_create_infra_metric_threshold_rule_request, Alerting_create_monitoring_jvm_memory_usage_rule_request, Alerting_create_log_threshold_rule_request, Alerting_create_monitoring_ccr_exceptions_rule_request, Alerting_create_monitoring_cluster_health_rule_request, Alerting_create_monitoring_cpu_usage_rule_request, Alerting_create_monitoring_disk_usage_rule_request, Alerting_create_monitoring_elasticsearch_version_mismatch_rule_request, Alerting_create_monitoring_license_expiration_rule_request, Alerting_create_monitoring_kibana_version_mismatch_rule_request, Alerting_create_monitoring_logstash_version_mismatch_rule_request, Alerting_create_monitoring_missing_data_rule_request, Alerting_create_monitoring_nodes_changed_rule_request, Alerting_create_monitoring_shard_size_rule_request, Alerting_create_monitoring_thread_pool_search_rejections_rule_request, Alerting_create_monitoring_thread_pool_write_rejections_rule_request, Alerting_create_siem_eql_rule_request, Alerting_create_siem_indicator_rule_request, Alerting_create_siem_ml_rule_request, Alerting_create_siem_new_terms_rule_request, Alerting_create_siem_notifications_rule_request, Alerting_create_siem_query_rule_request, Alerting_create_siem_saved_query_rule_request, Alerting_create_siem_threshold_rule_request, Alerting_create_slo_burn_rate_rule_request, Alerting_create_synthetics_monitor_status_rule_request, Alerting_create_synthetics_uptime_duration_anomaly_rule_request, Alerting_create_synthetics_uptime_tls_rule_request, Alerting_create_synthetics_uptime_tls_certificate_rule_request, Alerting_create_transform_health_rule_request, Alerting_create_uptime_monitor_status_rule_request alternatives Removed
      • Removing a resource is always breaking unless it was deprecated before

        Breaking

    • Security_Detections_API_EqlRuleCreateFields, Security_Detections_API_QueryRuleCreateFields, Security_Detections_API_SavedQueryRuleCreateFields, Security_Detections_API_ThresholdRuleCreateFields, Security_Detections_API_ThreatMatchRuleCreateFields, Security_Detections_API_MachineLearningRuleCreateFields, Security_Detections_API_NewTermsRuleCreateFields, Security_Detections_API_EsqlRuleCreateFields alternatives Added
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • alternative Removed
        • Removing a resource is always breaking unless it was deprecated before

          Breaking

      • Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
  • 401, 404 responses Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • Header
  • kbn-xsrf header Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

GET /s/{spaceId}/api/observability/slos/{sloId}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • groupBy property Modified
        • Combinator is now oneOf

        • groupBy alternative Removed
          • Removing a resource is always breaking unless it was deprecated before

            Breaking

        • string-1, array-2 alternatives Added
GET /s/{spaceId}/api/observability/slos
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • results property Modified
        • groupBy property Modified
          • Combinator is now oneOf

GET /api/fleet/settings
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • delete_unenrolled_agents property Added
GET /api/fleet/package_policies/{packagePolicyId}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • output_id property Modified
          • Property is no longer deprecated

        • policy_id property Modified
          • Type went from string to string | null

GET /api/fleet/package_policies
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • output_id property Modified
          • Property is no longer deprecated

        • policy_id property Modified
          • Type went from string to string | null

GET /api/fleet/epm/packages/{pkgkey}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • response property Modified
        • agent, asset_tags, discovery, owner properties Added
GET /api/fleet/epm/packages/{pkgName}/{pkgVersion}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • agent, asset_tags, discovery, owner properties Added
GET /api/fleet/enrollment_api_keys
  • Query
  • perPage, page, kuery query parameters Added
GET /api/fleet/agent_policies/{agentPolicyId}/full
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • object-2 alternative Modified
GET /api/fleet/agent_policies/{agentPolicyId}
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • item property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
GET /api/fleet/agent_policies
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • items property Modified
        • package_policies property Modified
        • monitoring_diagnostics, monitoring_http, monitoring_pprof_enabled properties Added
  • Query
  • format query parameter Added
GET /api/detection_engine/rules/_find
  • Path went from `/api/alerting/rules/_find` to `/api/detection_engine/rules/_find` (same operationId)
    Breaking
  • Response
  • 200 response Modified
    • application/json; Elastic-Api-Version=2023-10-31 content type Modified
      • data property Modified
        • Property is now required

          Breaking

        • Alerting_rule_response_properties alternative Removed
          • Removing a resource is always breaking unless it was deprecated before

            Breaking

        • Security_Detections_API_EqlRuleResponseFields, Security_Detections_API_QueryRuleResponseFields, Security_Detections_API_SavedQueryRuleResponseFields, Security_Detections_API_ThresholdRuleResponseFields, Security_Detections_API_ThreatMatchRuleResponseFields, Security_Detections_API_MachineLearningRuleResponseFields, Security_Detections_API_NewTermsRuleResponseFields, Security_Detections_API_EsqlRuleResponseFields alternatives Added
      • page, total properties Modified
        • Properties are now required

          Breaking

      • per_page property Removed
        • Removing a resource is always breaking unless it was deprecated before

          Breaking

      • perPage property Added
  • 401 response Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • Query
  • default_search_operator, has_reference, search, search_fields query parameters Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

DELETE /api/detection_engine/rules
  • Path went from `/api/alerting/rule/{ruleId}` to `/api/detection_engine/rules` (same operationId)
    Breaking
  • Header
  • kbn-xsrf header Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • Path
  • ruleId path parameter Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • Response
  • 204, 401, 404 responses Removed
    • Removing a resource is always breaking unless it was deprecated before

      Breaking

  • 200 response Added
  • Query
  • id, rule_id query parameters Added
Removed 25 Breaking
PUT /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
PUT /api/actions/action/{actionId}
POST /api/alerting/rule/{ruleId}/alert/{alertId}/_unmute
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/alert/{alertId}/_mute
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_update_api_key
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_unmute_all
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_mute_all
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_enable
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}/_disable
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/alerting/rule/{ruleId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/actions/connector/{connectorId}/_execute
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
DELETE /api/actions/action/{actionId}
DELETE /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions
GET /api/actions/action/{actionId}
GET /api/actions/connector/{connectorId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions/connector_types
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions/connectors
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/actions/list_action_types
GET /api/alerting/rule/{ruleId}
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
GET /api/status
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
POST /api/actions
POST /api/actions/action/{actionId}/_execute
POST /api/actions/connector
  • Removing a resource is always breaking unless it was deprecated before
    Breaking
Added 190
POST /api/endpoint_list/items
POST /api/entity_store/engines/apply_dataview_indices
POST /api/entity_store/engines/{entityType}/init
POST /api/entity_store/engines/{entityType}/start
POST /api/entity_store/engines/{entityType}/stats
POST /api/entity_store/engines/{entityType}/stop
POST /api/exception_lists
POST /api/exception_lists/_duplicate
POST /api/exception_lists/_export
POST /api/exception_lists/_import
POST /api/exception_lists/items
POST /api/exceptions/shared
POST /api/lists
POST /api/lists/index
POST /api/lists/items
POST /api/lists/items/_export
POST /api/lists/items/_import
POST /api/detection_engine/signals/search
POST /api/detection_engine/signals/status
POST /api/detection_engine/signals/tags
POST /api/endpoint/action/execute
POST /api/endpoint/action/get_file
POST /api/endpoint/action/isolate
POST /api/endpoint/action/kill_process
POST /api/endpoint/action/running_procs
POST /api/endpoint/action/scan
POST /api/endpoint/action/suspend_process
POST /api/endpoint/action/unisolate
POST /api/endpoint/action/upload
POST /api/endpoint/isolate
POST /api/endpoint/protection_updates_note/{package_policy_id}
POST /api/endpoint/suggestions/{suggestion_type}
POST /api/endpoint/unisolate
POST /api/endpoint_list
POST /api/timeline/_import
POST /api/timeline/_prepackaged
PUT /api/actions/action/{id}
PUT /api/actions/connector/{id}
PUT /api/alerting/rule/{id}
PUT /api/detection_engine/rules/_bulk_update
PUT /api/detection_engine/rules/prepackaged
PUT /api/endpoint_list/items
PUT /api/exception_lists
PUT /api/exception_lists/items
PUT /api/lists
PUT /api/lists/items
PUT /api/osquery/packs/{id}
PUT /api/osquery/saved_queries/{id}
PUT /api/security/role/{name}
PUT /api/security_ai_assistant/current_user/conversations/{id}
PUT /api/spaces/space/{id}
POST /api/osquery/live_queries
POST /api/osquery/packs
POST /api/osquery/saved_queries
POST /api/risk_score/engine/schedule_now
POST /api/security/roles
POST /api/security_ai_assistant/anonymization_fields/_bulk_action
POST /api/security_ai_assistant/chat/complete
POST /api/security_ai_assistant/current_user/conversations
POST /api/security_ai_assistant/prompts/_bulk_action
POST /api/spaces/_copy_saved_objects
POST /api/spaces/_disable_legacy_url_aliases
POST /api/spaces/_get_shareable_references
POST /api/spaces/_update_objects_spaces
POST /api/spaces/space
POST /api/timeline
POST /api/timeline/_draft
POST /api/timeline/_export
DELETE /api/actions/action/{id}
GET /api/asset_criticality/list
GET /api/detection_engine/index
GET /api/detection_engine/privileges
GET /api/detection_engine/rules
GET /api/detection_engine/rules/prepackaged/_status
GET /api/detection_engine/tags
GET /api/endpoint/action
GET /api/endpoint/action/state
GET /api/endpoint/action/{action_id}
GET /api/endpoint/action/{action_id}/file/{file_id}
GET /api/endpoint/action/{action_id}/file/{file_id}/download
GET /api/endpoint/action_log/{agent_id}
GET /api/endpoint/action_status
GET /api/endpoint/metadata
GET /api/endpoint/metadata/transforms
GET /api/endpoint/metadata/{id}
GET /api/endpoint/policy/summaries
GET /api/endpoint/policy_response
GET /api/endpoint/protection_updates_note/{package_policy_id}
GET /api/endpoint_list/items
GET /api/endpoint_list/items/_find
GET /api/entity_store/engines
GET /api/entity_store/engines/{entityType}
GET /api/entity_store/entities/list
GET /api/exception_lists
GET /api/exception_lists/_find
GET /api/exception_lists/items
GET /api/exception_lists/items/_find
GET /api/exception_lists/summary
GET /api/lists
DELETE /api/actions/connector/{id}
DELETE /api/alerting/rule/{id}
DELETE /api/asset_criticality
DELETE /api/detection_engine/index
DELETE /api/detection_engine/rules/_bulk_delete
DELETE /api/detection_engine/signals/migration
DELETE /api/endpoint_list/items
DELETE /api/entity_store/engines/{entityType}
DELETE /api/exception_lists
DELETE /api/exception_lists/items
DELETE /api/lists
DELETE /api/lists/index
DELETE /api/lists/items
DELETE /api/note
DELETE /api/osquery/packs/{id}
DELETE /api/osquery/saved_queries/{id}
DELETE /api/risk_score/engine/dangerously_delete_data
DELETE /api/security/role/{name}
DELETE /api/security_ai_assistant/current_user/conversations/{id}
DELETE /api/spaces/space/{id}
DELETE /api/timeline
GET /api/actions
GET /api/actions/action/{id}
GET /api/actions/connector/{id}
GET /api/actions/connector_types
GET /api/actions/connectors
GET /api/actions/list_action_types
GET /api/alerting/rule/{id}
GET /api/alerting/rules/_find
GET /api/asset_criticality
GET /api/lists/_find
PATCH /api/note
PATCH /api/pinned_event
PATCH /api/timeline
PATCH /api/timeline/_favorite
POST /api/actions/action
POST /api/actions/action/{id}/_execute
POST /api/actions/connector/{id}
POST /api/actions/connector/{id}/_execute
POST /api/alerting/rule/{id}
POST /api/alerting/rule/{id}/_disable
POST /api/alerting/rule/{id}/_enable
POST /api/alerting/rule/{id}/_mute_all
POST /api/alerting/rule/{id}/_unmute_all
POST /api/alerting/rule/{id}/_update_api_key
POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_mute
POST /api/alerting/rule/{rule_id}/alert/{alert_id}/_unmute
POST /api/asset_criticality
POST /api/asset_criticality/bulk
POST /api/detection_engine/index
POST /api/detection_engine/rules/_bulk_action
POST /api/detection_engine/rules/_bulk_create
POST /api/detection_engine/rules/_bulk_delete
POST /api/detection_engine/rules/_export
POST /api/detection_engine/rules/_import
POST /api/detection_engine/rules/preview
POST /api/detection_engine/rules/{id}/exceptions
POST /api/detection_engine/signals/assignees
POST /api/detection_engine/signals/finalize_migration
POST /api/detection_engine/signals/migration
POST /api/detection_engine/signals/migration_status
GET /api/lists/index
GET /api/lists/items
GET /api/lists/items/_find
GET /api/lists/privileges
GET /api/note
GET /api/osquery/live_queries
GET /api/osquery/live_queries/{id}
GET /api/osquery/live_queries/{id}/results/{actionId}
GET /api/osquery/packs
GET /api/osquery/packs/{id}
GET /api/osquery/saved_queries
GET /api/osquery/saved_queries/{id}
GET /api/security/role
GET /api/security/role/{name}
GET /api/security_ai_assistant/anonymization_fields/_find
GET /api/security_ai_assistant/current_user/conversations/_find
GET /api/security_ai_assistant/current_user/conversations/{id}
GET /api/security_ai_assistant/prompts/_find
GET /api/spaces/space
GET /api/spaces/space/{id}
GET /api/status
GET /api/timeline
GET /api/timeline/_copy
GET /api/timeline/_draft
GET /api/timeline/resolve
GET /api/timelines
PATCH /api/detection_engine/rules
PATCH /api/detection_engine/rules/_bulk_update
PATCH /api/lists
PATCH /api/lists/items