# Security Detections API (Elastic Cloud and self-hosted) ## Description This is version `2023-10-31` of this API documentation. Last update on Mar 28, 2025. Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged. ## Servers - http://localhost:5601: http://localhost:5601 () ## Authentication ## Endpoints and operations ### [Security detections](https://bump.sh/jkelas2/doc/kibana_wip2/group/endpoint-security-detections-api.md) - [Reads the alert index name if it exists](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-readalertsindex.md) - [Create an alerts index](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-createalertsindex.md) - [Delete an alerts index](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-deletealertsindex.md) - [Returns user privileges for the Kibana space](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-readprivileges.md) - [Retrieve a detection rule](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-readrule.md) - [Update a detection rule](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-updaterule.md) - [Create a detection rule](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-createrule.md) - [Delete a detection rule](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-deleterule.md) - [Patch a detection rule](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-patchrule.md) - [Apply a bulk action to detection rules](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-performrulesbulkaction.md) - [Export detection rules](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-exportrules.md) - [List all detection rules](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-findrules.md) - [Import detection rules](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-importrules.md) - [Install prebuilt detection rules and Timelines](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-installprebuiltrulesandtimelines.md) - [Retrieve the status of prebuilt detection rules and Timelines](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-readprebuiltrulesandtimelinesstatus.md) - [Preview rule alerts generated on specified time range](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-rulepreview.md) - [Assign and unassign users from detection alerts](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-setalertassignees.md) - [Finalize detection alert migrations](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-finalizealertsmigration.md) - [Initiate a detection alert migration](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-createalertsmigration.md) - [Clean up detection alert migrations](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-alertsmigrationcleanup.md) - [Retrieve the status of detection alert migrations](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-readalertsmigrationstatus.md) - [Find and/or aggregate detection alerts](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-searchalerts.md) - [Set a detection alert status](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-setalertsstatus.md) - [Add and remove detection alert tags](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-setalerttags.md) - [List all detection rule tags](https://bump.sh/jkelas2/doc/kibana_wip2/operation/operation-readtags.md) [Powered by Bump.sh](https://bump.sh)