This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Asset criticality API Bulk upsert (create or update) asset criticality records »
Elastic Docs Elastic Security Solution [8.16] Elastic Security APIs Asset criticality API

Upsert (create or update) asset criticality record

edit

Upsert (create or update) asset criticality record

edit

Create or update an asset criticality record.

If an asset criticality record already exists for the entity specified in the request, this API overwrites that record with the specified value.

If an asset criticality record doesn’t exist for the specified entity, a new record is created.

Request URL

edit

POST <kibana host>:<port>/api/asset_criticality

Request body

edit

A JSON object defining the asset criticality record.

Name Type Description Required

id_field

String

The field that contains the entity ID. This must be either user.name or host.name.

Yes

id_value

String

The ID (host name or user name) of the entity specified in the id_field field.

Yes

criticality_level

String

The asset criticality level to assign, which must be one of the following:

  • low_impact
  • medium_impact
  • high_impact
  • extreme_impact

For example, you can assign extreme_impact to business-critical entities, or low_impact to entities that pose minimal risk to your security posture.

Yes

Example requests

edit
POST /api/asset_criticality
{
  "id_field": "host.name",
  "id_value": "my_host",
  "criticality_level": "high_impact"
}

Response code

edit
200
Indicates a successful call.

Example response

edit
{
  "id_field": "host.name",
  "id_value": "my_host",
  "criticality_level": "high_impact",
  "@timestamp": "2024-08-02T11:15:34.290Z"
}
« Asset criticality API Bulk upsert (create or update) asset criticality records »