Upsert (create or update) asset criticality record

Create or update an asset criticality record.

If an asset criticality record already exists for the entity specified in the request, this API overwrites that record with the specified value.

If an asset criticality record doesn’t exist for the specified entity, a new record is created.

Request URL

edit

POST <kibana host>:<port>/api/asset_criticality

Request body

edit

A JSON object defining the asset criticality record.

Name Type Description Required

Name	Type	Description	Required
`id_field`	String	The field that contains the entity ID. This must be either `user.name` or `host.name`.	Yes
`id_value`	String	The ID (host name or user name) of the entity specified in the `id_field` field.	Yes
`criticality_level`	String	The asset criticality level to assign, which must be one of the following: `low_impact` `medium_impact` `high_impact` `extreme_impact` For example, you can assign `extreme_impact` to business-critical entities, or `low_impact` to entities that pose minimal risk to your security posture.	Yes

id_field

String

The field that contains the entity ID. This must be either user.name or host.name.

Yes

id_value

String

The ID (host name or user name) of the entity specified in the id_field field.

Yes

criticality_level

String

The asset criticality level to assign, which must be one of the following:

low_impact
medium_impact
high_impact
extreme_impact

For example, you can assign extreme_impact to business-critical entities, or low_impact to entities that pose minimal risk to your security posture.

Yes

Example requests

edit

POST /api/asset_criticality
{
  "id_field": "host.name",
  "id_value": "my_host",
  "criticality_level": "high_impact"
}

Response code

edit

200: Indicates a successful call.

Example response

edit

{
  "id_field": "host.name",
  "id_value": "my_host",
  "criticality_level": "high_impact",
  "@timestamp": "2024-08-02T11:15:34.290Z"
}

« Asset criticality API Bulk upsert (create or update) asset criticality records »