Change Updates

Do not miss any kibana_wip2 API changes, ever again

Subscribe to the kibana_wip2 API changelog to be up to date on recent changes.

RSS
kibana_wip2

Mar 26, 2025

main
2023-10-31
Compare

API structure has changed

4 structure changes including:
4 Modifications
Modified 4 Breaking
PATCH /api/detection_engine/rules
  • Body
  • application/json content type Modified
    • EqlRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • QueryRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • SavedQueryRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • ThresholdRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • ThreatMatchRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • MachineLearningRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • NewTermsRulePatchFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • EsqlRulePatchProps alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
POST /api/detection_engine/rules
  • Body
  • application/json content type Modified
    • EqlRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • QueryRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • SavedQueryRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • ThresholdRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • ThreatMatchRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • MachineLearningRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • NewTermsRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • EsqlRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
POST /api/detection_engine/rules/preview
  • Body
  • application/json content type Modified
    • RulePreviewParams alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • data_view_id, event_category_override, filters, index, tiebreaker_field, timestamp_field properties Added
    • RulePreviewParams alternative Modified
      • language, query properties Modified
        • Properties are no longer required
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • data_view_id, filters, index, saved_id properties Added
    • RulePreviewParams alternative Modified
      • query, language properties Modified
        • Properties are no longer required
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • saved_id, data_view_id, filters, index properties Added
    • RulePreviewParams alternative Modified
      • alert_suppression property Modified
        • duration property Modified
          • Property is now required
            Breaking
        • group_by, missing_fields_strategy properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
      • language property Modified
        • Property is no longer required
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • threshold, data_view_id, filters, index, saved_id properties Added
    • RulePreviewParams alternative Modified
      • language property Modified
        • Property is no longer required
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • threat_index, threat_mapping, threat_query, concurrent_searches, data_view_id, filters, index, items_per_search, saved_id, threat_filters, threat_indicator_path, threat_language properties Added
    • RulePreviewParams alternative Modified
      • version, language, query properties Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • anomaly_threshold, array-2 properties Added
    • RulePreviewParams alternative Modified
      • language property Modified
        • Property is no longer required
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • history_window_start, new_terms_fields, data_view_id, filters, index properties Added
    • RulePreviewParams alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
PUT /api/detection_engine/rules
  • Body
  • application/json content type Modified
    • EqlRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • QueryRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • SavedQueryRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • ThresholdRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • ThreatMatchRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • MachineLearningRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • NewTermsRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
    • EsqlRuleCreateFields alternative Modified
      • version property Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking