Creates an exception list
Body Required
Exception list's properties
-
list_id string
A string that is not empty and does not contain only whitespace
Minimum length is
1
. Format should match the following pattern:^(?! *$).+$
. -
meta object
Additional properties are allowed.
-
namespace_type string
Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single
: Only available in the Kibana space in which it is created.agnostic
: Available in all Kibana spaces.
Values are
agnostic
orsingle
. Default value issingle
. -
os_types array[string]
Values are
linux
,macos
, orwindows
. -
Values are
detection
,rule_default
,endpoint
,endpoint_trusted_apps
,endpoint_events
,endpoint_host_isolation_exceptions
, orendpoint_blocklists
. -
version integer
Minimum value is
1
.
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data response
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication response
-
403 application/json; Elastic-Api-Version=2023-10-31
Not enough privileges response
-
409 application/json; Elastic-Api-Version=2023-10-31
Exception list already exists response
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error response
curl \
-X POST https://localhost:5601/api/exception_lists \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
{
"description": "string",
"list_id": "string",
"meta": {},
"name": "string",
"namespace_type": "single",
"os_types": [
"linux"
],
"tags": [
"string"
],
"type": "detection",
"version": 42
}
{
"_version": "string",
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"description": "string",
"id": "string",
"immutable": true,
"list_id": "string",
"meta": {},
"name": "string",
"namespace_type": "single",
"os_types": [
"linux"
],
"tags": [
"string"
],
"tie_breaker_id": "string",
"type": "detection",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string",
"version": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
{
"message": "string",
"status_code": 42
}