« Delete exception item Lists API »
Elastic Docs Elastic Security Solution [8.15] Elastic Security APIs Exceptions API

Lists index endpoint

edit

Lists index endpoint

edit

Before using exceptions and lists, use the index endpoint to create .lists and .items system data streams in the relevant Kibana space.

For information about the permissions and privileges required to create .lists and .items data streams, refer to Enable and access detections.

Create data stream

edit

Creates .lists and .items data streams. The data streams naming convention is .lists-<space name> and .items-<space name>.

Request URL

edit

POST <kibana host>:<port>/api/lists/index

Example request
edit

Creates .lists and .items data streams.

POST api/lists/index

Response code

edit
200
Indicates a successful call.

Get data stream

edit

Verifies .lists and .items data streams exist.

Request URL

edit

GET <kibana host>:<port>/api/lists/index

Example request
edit

Verifies the lists data stream for the Kibana security exists:

GET api/lists/index

Response code

edit
200
Indicates a successful call.
404
Indicates no data stream exists.
Example responses
edit

Example response when the data streams exist:

{
  "list_index": true,
  "list_item_index": true
}

Example response when the data streams do not exist:

{
  "message": "data stream .lists-default and data stream .items-default does not exist",
  "status_code": 404
}

Delete data streams

edit

Deletes the .lists and .items data streams.

Request URL

edit

DELETE <kibana host>:<port>/api/lists/index

Example request
edit

Deletes the .lists and .items data streams:

DELETE api/lists/index

Response code

edit
200
Indicates a successful call.
« Delete exception item Lists API »