Create rule exception list items Beta
Create exception items that apply to a single detection rule.
Path parameters
-
Detection rule's identifier
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data response
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication response
-
403 application/json; Elastic-Api-Version=2023-10-31
Not enough privileges response
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error response
POST
/api/detection_engine/rules/{id}/exceptions
curl \
-X POST https://<KIBANA_URL>/api/detection_engine/rules/{id}/exceptions \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
"items": [
{
"comments": [
{
"comment": "string"
}
],
"description": "string",
"entries": [
{
"field": "string",
"operator": "excluded",
"type": "match",
"value": "string"
}
],
"expire_time": "2024-05-04T09:42:00+00:00",
"item_id": "string",
"meta": {},
"name": "string",
"namespace_type": "single",
"os_types": [],
"tags": [],
"type": "simple"
}
]
}
Response examples (200)
[
{
"_version": "string",
"comments": [
{
"comment": "string",
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"id": "string",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
],
"created_at": "2024-05-04T09:42:00+00:00",
"created_by": "string",
"description": "string",
"entries": [
{
"field": "string",
"operator": "excluded",
"type": "match",
"value": "string"
}
],
"expire_time": "2024-05-04T09:42:00+00:00",
"id": "string",
"item_id": "string",
"list_id": "string",
"meta": {},
"name": "string",
"namespace_type": "single",
"os_types": [],
"tags": [],
"tie_breaker_id": "string",
"type": "simple",
"updated_at": "2024-05-04T09:42:00+00:00",
"updated_by": "string"
}
]
Response examples (400)
Security_exceptions_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (403)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}