Summary exception container

edit

Retrieves an exception container summary.

Request URL

edit

POST <kibana host>:<port>/api/exception_lists/summary

Request body

edit

A JSON object with these fields:

Name Type Description Required

filter

String

Search filter clause.

Yes

id

String

Exception container ID.

Yes

list_id

String

Unique identifier.

Yes

namespace_type

String

Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:

  • single: Only available in the Kibana space in which it is created.
  • agnostic: Available in all Kibana spaces.

Yes

Example requests

edit

Gets the summary from an exception container:

GET api/exception_lists/summary
{
  "filter": "filter-clause",
  "id": "allowed-process-id",
  "list_id": "allowed-processes",
  "namespace_type": "single",
}

Response code

edit
200
Indicates a successful call.

Response payload

edit

A summary of the exception container:

{
    windows: 1,
    linux: 3,
    macos: 2,
    total: 6,
}

For a host isolation exception, the values for windows, linux, macos, and total are all the same, as each host isolation exception entry applies to all operating systems. For example:

{
    windows: 5,
    linux: 5,
    macos: 5,
    total: 5,
}