Show Menu
Search…
Ctrl+K
ESC
Example searches: “type”, “destIp”, “issueType”, “malwareUrl”, “pushed_at”
Toggle dark mode
Elastic APIs hub
Elastic Cloud API
Elastic Cloud Billing API
Elastic Cloud Enterprise API
Elastic Cloud Serverless API
Elasticsearch API
Elasticsearch Serverless API
Kibana API
Kibana Serverless API
Observability Intake Serverless API
Back to hub page
API Changelog
Download source
JSON OpenAPI specification
YAML OpenAPI specification
Feedback
v8
main
default
v8
Topics
Introduction
Authentication
Kibana spaces
Endpoints
Alerting
Get the alerting framework health
GET
Get the rule types
GET
Get rule details
GET
Update a rule
PUT
Create a rule
POST
Delete a rule
DELETE
Disable a rule
POST
Enable a rule
POST
Mute all alerts
POST
Unmute all alerts
POST
Update the API key for a rule
POST
Mute an alert
POST
Unmute an alert
POST
Get information about rules
GET
Get an alert by identifier
GET
Update an alert
PUT
Create an alert
POST
Delete an alert
DELETE
Disable an alert
POST
Enable an alert
POST
Mute all alert instances
POST
Unmute all alert instances
POST
Mute an alert instance
POST
Unmute an alert instance
POST
Get a paginated set of alerts
GET
Get the alerting framework health
GET
Get the alert types
GET
APM agent configuration
Get a list of agent configurations
GET
Create or update agent configuration
PUT
Delete agent configuration
DELETE
Get agent name for service
GET
Get environments for service
GET
Lookup single agent configuration
POST
Get single agent configuration
GET
APM agent keys
Create an APM agent key
POST
APM annotations
Create a service annotation
POST
Search for annotations
GET
APM server schema
Save APM server schema
POST
APM sourcemaps
Get source maps
GET
Upload source map
POST
Delete source map
DELETE
Cases
Create a case
POST
Delete cases
DELETE
Update cases
PATCH
Search cases
GET
Get case information
GET
Get all alerts for a case
GET
Get all case comments
GET
Add a case comment or alert
POST
Delete all case comments and alerts
DELETE
Update a case comment or alert
PATCH
Find case comments and alerts
GET
Get a case comment or alert
GET
Delete a case comment or alert
DELETE
Push a case to an external service
POST
Attach a file to a case
POST
Get case activity
GET
Find case activity
GET
Get cases for an alert
GET
Get case settings
GET
Add case settings
POST
Update case settings
PATCH
Get case connectors
GET
Get case creators
GET
Get case status summary
GET
Get case tags
GET
Connectors
Get all connectors
GET
Create a connector
POST
Get connector information
GET
Update a connector
PUT
Delete a connector
DELETE
Run a connector
POST
Get connector types
GET
Get connector information
GET
Update a connector
PUT
Create a connector
POST
Delete a connector
DELETE
Run a connector
POST
Get all connectors
GET
Get connector types
GET
Data streams
List data streams
GET
Data views
Get all data views
GET
Create a data view
POST
Get a data view
GET
Update a data view
POST
Delete a data view
DELETE
Update data view fields metadata
POST
Create or update a runtime field
PUT
Create a runtime field
POST
Get a runtime field
GET
Update a runtime field
POST
Delete a runtime field from a data view
DELETE
Get the default data view
GET
Set the default data view
POST
Swap saved object references
POST
Preview a saved object reference swap
POST
Elastic Agent actions
Create agent action
POST
Get agent action status
GET
Cancel agent action
POST
Elastic Agent binary download sources
List agent binary download sources
GET
Create agent binary download source
POST
Get agent binary download source by ID
GET
Update agent binary download source by ID
PUT
Delete agent binary download source by ID
DELETE
Elastic Agent policies
List agent policies
GET
Create agent policy
POST
Bulk get agent policies
POST
Get agent policy by ID
GET
Update agent policy by ID
PUT
Copy agent policy by ID
POST
Download agent policy by ID
GET
Get full agent policy by ID
GET
Delete agent policy by ID
POST
Elastic Agent status
Get agent status summary
GET
Get incoming agent data
GET
Get agent status summary
GET
Elastic Agents
List agents
GET
List agents by action ids
POST
Get agent by ID
GET
Update agent by ID
PUT
Delete agent by ID
DELETE
Reassign agent
PUT
Reassign agent
POST
Request agent diagnostics
POST
Unenroll agent
POST
Upgrade agent
POST
List agent uploads
GET
Bulk reassign agents
POST
Bulk request diagnostics from agents
POST
Bulk unenroll agents
POST
Bulk update agent tags
POST
Bulk upgrade agents
POST
Delete file uploaded by agent
DELETE
Get file uploaded by agent
GET
Get agent setup info
GET
Initiate agent setup
POST
List agent tags
GET
Elastic Package Manager (EPM)
Bulk get assets
POST
List package categories
GET
List packages
GET
Install by package by direct upload
POST
Bulk install packages
POST
Get package
GET
Install package
POST
Delete ackage
DELETE
Get package
GET
Update package settings
PUT
Install package
POST
Delete package
DELETE
Get package file
GET
Authorize transforms
POST
Get package stats
GET
Get limited package list
GET
Get inputs template
GET
Get package signature verification key ID
GET
Fleet enrollment API keys
List enrollment API keys
GET
Create enrollment API key
POST
Get enrollment API key by ID
GET
Revoke enrollment API key by ID by marking it as inactive
DELETE
List enrollment API keys
GET
Create enrollment API key
POST
Get enrollment API key by ID
GET
Delete enrollment API key by ID
DELETE
Fleet internals
Fleet Server health check
POST
Get settings
GET
Update settings
PUT
Initiate Fleet setup
POST
Fleet Kubernetes
Get full K8s agent manifest
GET
Fleet outputs
Generate Logstash API key
POST
List outputs
GET
Create output
POST
Get output by ID
GET
Update output by ID
PUT
Delete output by ID
DELETE
Get latest output health
GET
Fleet package policies
List package policies
GET
Create package policy
POST
Bulk get package policies
POST
Get package policy by ID
GET
Update package policy by ID
PUT
Delete package policy by ID
DELETE
Delete package policy
POST
Upgrade package policy to a newer package version
POST
Dry run package policy upgrade
POST
Fleet proxies
List proxies
GET
Create proxy
POST
Get proxy by ID
GET
Update proxy by ID
PUT
Delete proxy by ID
DELETE
Fleet Server hosts
List Fleet Server hosts
GET
Create Fleet Server host
POST
Get Fleet Server host by ID
GET
Update Fleet Server host by ID
PUT
Delete Fleet Server host by ID
DELETE
Fleet service tokens
Create service token
POST
Create service token
POST
Fleet uninstall tokens
List metadata for latest uninstall tokens per agent policy
GET
Get one decrypted uninstall token by its ID
GET
Machine learning
Sync saved objects in the default space
GET
Roles
Get all roles
GET
Get a role
GET
Create or update a role
PUT
Delete a role
DELETE
Create or update roles
POST
Saved objects
Rotate a key for encrypted saved objects
POST
Create saved objects
POST
Delete saved objects
POST
Get saved objects
POST
Resolve saved objects
POST
Update saved objects
POST
Export saved objects
POST
Search for saved objects
GET
Import saved objects
POST
Resolve import errors
POST
Create a saved object
POST
Get a saved object
GET
Update a saved object
PUT
Create a saved object
POST
Resolve a saved object
GET
Security AI assistant
Apply a bulk action to anonymization fields
POST
Get anonymization fields
GET
Create a model response
POST
Create a conversation
POST
Get conversations
GET
Get a conversation
GET
Update a conversation
PUT
Delete a conversation
DELETE
Apply a bulk action to prompts
POST
Get prompts
GET
Security detections
Reads the alert index name if it exists
GET
Create an alerts index
POST
Delete an alerts index
DELETE
Returns user privileges for the Kibana space
GET
Retrieve a detection rule
GET
Update a detection rule
PUT
Create a detection rule
POST
Delete a detection rule
DELETE
Patch a detection rule
PATCH
Apply a bulk action to detection rules
POST
Create multiple detection rules
POST
Delete multiple detection rules
POST
Delete multiple detection rules
DELETE
Update multiple detection rules
PUT
Patch multiple detection rules
PATCH
Export detection rules
POST
List all detection rules
GET
Import detection rules
POST
Install prebuilt detection rules and Timelines
PUT
Retrieve the status of prebuilt detection rules and Timelines
GET
Preview rule alerts generated on specified time range
POST
Assign and unassign users from detection alerts
POST
Finalize detection alert migrations
POST
Initiate a detection alert migration
POST
Clean up detection alert migrations
DELETE
Retrieve the status of detection alert migrations
POST
Find and/or aggregate detection alerts
POST
Set a detection alert status
POST
Add and remove detection alert tags
POST
List all detection rule tags
GET
Security endpoint exceptions
Creates an endpoint list
POST
Reads an endpoint list item
GET
Updates an endpoint list item
PUT
Creates an endpoint list item
POST
Deletes an endpoint list item
DELETE
Finds endpoint list items
GET
Security endpoint management
Get response actions
GET
Get an action request log
GET
Get response actions status
GET
Get action details
GET
Get file information
GET
Download a file
GET
Run a command
POST
Get a file
POST
Isolate an endpoint
POST
Terminate a process
POST
Get running processes
POST
Scan a file or directory
POST
Get actions state
GET
Suspend a process
POST
Release an isolated endpoint
POST
Upload a file
POST
Isolate an endpoint
POST
Get a metadata list
GET
Get metadata
GET
Get metadata transforms
GET
Get a policy response
GET
Get an agent policy summary
GET
Get a protection updates note
GET
Create or update a protection updates note
POST
Get suggestions
POST
Release an isolated endpoint
POST
Security entity analytics
Get Criticality Record
GET
Upsert Criticality Record
POST
Delete Criticality Record
DELETE
Bulk Upsert Asset Criticality Records
POST
List Asset Criticality Records
GET
List the Entity Engines
GET
Get an Entity Engine
GET
Delete the Entity Engine
DELETE
Initialize an Entity Engine
POST
Start an Entity Engine
POST
Get Entity Engine stats
POST
Stop an Entity Engine
POST
Apply DataView indices to all installed engines
POST
List Entity Store Entities
GET
Cleanup the Risk Engine
DELETE
Schedule the risk engine to run as soon as possible
POST
Security exceptions
Creates rule exception list items
POST
Retrieves an exception list using its `id` or `list_id` field
GET
Updates an exception list
PUT
Creates an exception list
POST
Deletes an exception list
DELETE
Duplicates an exception list
POST
Exports an exception list
POST
Finds exception lists
GET
Imports an exception list
POST
Gets an exception list item
GET
Updates an exception list item
PUT
Creates an exception list item
POST
Deletes an exception list item
DELETE
Finds exception list items
GET
Retrieves an exception list summary
GET
Creates a shared exception list
POST
Security lists
Retrieves a list using its id field
GET
Updates a list
PUT
Creates a list
POST
Deletes a list
DELETE
Patches a list
PATCH
Finds lists
GET
Get list data stream existence status
GET
Creates necessary list data streams
POST
Deletes list data streams
DELETE
Gets a list item
GET
Updates a list item
PUT
Creates a list item
POST
Deletes a list item
DELETE
Patches a list item
PATCH
Exports list items
POST
Finds list items
GET
Imports list items
POST
Gets list privileges
GET
Security Osquery
Get live queries
GET
Create a live query
POST
Get live query details
GET
Get live query results
GET
Get packs
GET
Create a pack
POST
Get pack details
GET
Update a pack
PUT
Delete a pack
DELETE
Get saved queries
GET
Create a saved query
POST
Get saved query details
GET
Update a saved query
PUT
Delete a saved query
DELETE
Security timeline
Get all notes for a given document.
GET
Deletes a note from a timeline.
DELETE
Persists a note to a timeline.
PATCH
Persists a pinned event to a timeline.
PATCH
Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template.
GET
Creates a new timeline.
POST
Deletes one or more timelines or timeline templates.
DELETE
Updates an existing timeline.
PATCH
Copies timeline or timeline template
GET
Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned.
GET
Retrieves a draft timeline or timeline template.
POST
Exports timelines as an NDJSON file
POST
Persists a given users favorite status of a timeline.
PATCH
Imports timelines.
POST
Installs prepackaged timelines.
POST
Get an existing saved timeline or timeline template.
GET
This API is used to retrieve a list of existing saved timelines or timeline templates.
GET
Service level objectives
Get a paginated list of SLOs
GET
Create an SLO
POST
Batch delete rollup and summary data
POST
Get an SLO
GET
Update an SLO
PUT
Delete an SLO
DELETE
Reset an SLO
POST
Disable an SLO
POST
Enable an SLO
POST
Spaces
Copy saved objects between spaces
POST
Disable legacy URL aliases
POST
Get shareable references
POST
Update saved objects in spaces
POST
Get all spaces
GET
Create a space
POST
Get a space
GET
Update a space
PUT
Delete a space
DELETE
System
Get Kibana's current status
GET
Dismiss highlight
Show more