Query parameters

• filter string

  Filters the returned results according to the value of the specified field.

  Uses the so type.field name:field value syntax, where so type can be:

  • exception-list: Specify a space-aware exception list.
  • exception-list-agnostic: Specify an exception list that is shared across spaces.
• namespace_type array[string]

  Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (agnostic or single)

  Values are agnostic or single. Default value is ["single"].

• page integer

  The page number to return

  Minimum value is 1.

• per_page integer

  The number of exception lists to return per page

  Minimum value is 1.

• sort_field string

  Determines which field is used to sort the results

• sort_order string

  Determines the sort order, which can be desc or asc

  Values are desc or asc.

Responses

• 200 application/json; Elastic-Api-Version=2023-10-31

  Successful response

  Hide response attributes Show response attributes object

  • data array[object] Required
    Hide data attributes Show data attributes object

    • _version string
    • created_at string(date-time) Required
    • created_by string Required
    • description string Required
    • id string Required

      A string that is not empty and does not contain only whitespace

      Minimum length is 1. Format should match the following pattern: ^(?! *$).+$.

    • immutable boolean Required
    • list_id string Required

      A string that is not empty and does not contain only whitespace

      Minimum length is 1. Format should match the following pattern: ^(?! *$).+$.

    • meta object

      Additional properties are allowed.

    • name string Required
    • namespace_type string Required

      Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:

      • single: Only available in the Kibana space in which it is created.
      • agnostic: Available in all Kibana spaces.

      Values are agnostic or single. Default value is single.

    • os_types array[string]

      Values are linux, macos, or windows.

    • tags array[string]
    • tie_breaker_id string Required
    • type string Required

      Values are detection, rule_default, endpoint, endpoint_trusted_apps, endpoint_events, endpoint_host_isolation_exceptions, or endpoint_blocklists.

    • updated_at string(date-time) Required
    • updated_by string Required
    • version integer Required

      Minimum value is 1.

  • page integer Required

    Minimum value is 1.

  • per_page integer Required

    Minimum value is 1.

  • total integer Required

    Minimum value is 0.

• 400 application/json; Elastic-Api-Version=2023-10-31

  Invalid input data response

  One of:

  Security_Exceptions_API_PlatformErrorResponse object Security_Exceptions_API_SiemErrorResponse object

  Hide attributes Show attributes

  • error string Required
  • message string Required
  • statusCode integer Required

  Hide attributes Show attributes

  • message string Required
  • status_code integer Required
• 401 application/json; Elastic-Api-Version=2023-10-31

  Unsuccessful authentication response

  Hide response attributes Show response attributes object

  • error string Required
  • message string Required
  • statusCode integer Required
• 403 application/json; Elastic-Api-Version=2023-10-31

  Not enough privileges response

  Hide response attributes Show response attributes object

  • error string Required
  • message string Required
  • statusCode integer Required
• 500 application/json; Elastic-Api-Version=2023-10-31

  Internal server error response

  Hide response attributes Show response attributes object

  • message string Required
  • status_code integer Required