Create an exception list item Beta
Create an exception item and associate it with the specified exception list.
Before creating exception items, you must create an exception list.
Body Required
Exception list item's properties
-
comments array[object]
Default value is
[]
(empty). -
Any of: Security_Exceptions_API_ExceptionListItemEntryMatch object Security_Exceptions_API_ExceptionListItemEntryMatchAny object Security_Exceptions_API_ExceptionListItemEntryList object Security_Exceptions_API_ExceptionListItemEntryExists object Security_Exceptions_API_ExceptionListItemEntryNested object Security_Exceptions_API_ExceptionListItemEntryMatchWildcard object -
expire_time string(date-time)
-
item_id string(nonempty)
A string that does not contain only whitespace characters
Minimum length is
1
. -
A string that does not contain only whitespace characters
Minimum length is
1
. -
meta object
Additional properties are allowed.
-
A string that does not contain only whitespace characters
Minimum length is
1
. -
namespace_type string
Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:
single
: Only available in the Kibana space in which it is created.agnostic
: Available in all Kibana spaces.
Values are
agnostic
orsingle
. Default value issingle
. -
os_types array[string]
Values are
linux
,macos
, orwindows
. Default value is[]
(empty). -
Value is
simple
.
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data response
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication response
-
403 application/json; Elastic-Api-Version=2023-10-31
Not enough privileges response
-
409 application/json; Elastic-Api-Version=2023-10-31
Exception list item already exists response
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error response
curl \
-X POST https://<KIBANA_URL>/api/exception_lists/items \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
{
"comments": [
{
"comment": "string"
}
],
"description": "string",
"entries": [
{
"field": "string",
"operator": "excluded",
"type": "match",
"value": "string"
}
],
"expire_time": "2024-05-04T09:42:00+00:00",
"item_id": "string",
"list_id": "string",
"meta": {},
"name": "string",
"namespace_type": "single",
"os_types": [],
"tags": [],
"type": "simple"
}
{
"_version": "string",
"comments": [
{
"comment": "string",
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"id": "string",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
],
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"description": "string",
"entries": [
{
"field": "string",
"operator": "excluded",
"type": "match",
"value": "string"
}
],
"expire_time": "2024-05-04T09:42:00+00:00",
"id": "string",
"item_id": "string",
"list_id": "string",
"meta": {},
"name": "string",
"namespace_type": "single",
"os_types": [],
"tags": [],
"tie_breaker_id": "string",
"type": "simple",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
{
"message": "string",
"status_code": 42
}