Change Updates

Do not miss any kibana_wip2 API changes, ever again

Subscribe to the kibana_wip2 API changelog to be up to date on recent changes.

RSS
kibana_wip2

Mar 25, 2025

main
2023-10-31
Compare

API structure has changed

8 structure changes including:
8 Modifications
Modified 8 Breaking
DELETE /api/detection_engine/rules
  • Response
  • 200 response Modified
    • application/json content type Modified
      • EqlRuleResponseFields alternative Modified
        • actions property Modified
      • QueryRuleResponseFields alternative Modified
        • actions property Modified
      • SavedQueryRuleResponseFields alternative Modified
        • actions property Modified
      • ThresholdRuleResponseFields alternative Modified
        • actions property Modified
      • ThreatMatchRuleResponseFields alternative Modified
        • actions property Modified
      • MachineLearningRuleResponseFields alternative Modified
        • actions property Modified
      • NewTermsRuleResponseFields alternative Modified
        • actions property Modified
      • EsqlRuleResponseFields alternative Modified
        • actions property Modified
GET /api/detection_engine/rules
  • Response
  • 200 response Modified
    • application/json content type Modified
      • EqlRuleResponseFields alternative Modified
        • actions property Modified
      • QueryRuleResponseFields alternative Modified
        • actions property Modified
      • SavedQueryRuleResponseFields alternative Modified
        • actions property Modified
      • ThresholdRuleResponseFields alternative Modified
        • actions property Modified
      • ThreatMatchRuleResponseFields alternative Modified
        • actions property Modified
      • MachineLearningRuleResponseFields alternative Modified
        • actions property Modified
      • NewTermsRuleResponseFields alternative Modified
        • actions property Modified
      • EsqlRuleResponseFields alternative Modified
        • actions property Modified
GET /api/detection_engine/rules/_find
  • Response
  • 200 response Modified
    • application/json content type Modified
      • data property Modified
        • EqlRuleResponseFields, QueryRuleResponseFields, SavedQueryRuleResponseFields, ThresholdRuleResponseFields, ThreatMatchRuleResponseFields, MachineLearningRuleResponseFields, NewTermsRuleResponseFields, EsqlRuleResponseFields alternatives Modified
PATCH /api/detection_engine/rules
  • Body
  • application/json content type Modified
    • EqlRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • QueryRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • SavedQueryRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • ThresholdRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • ThreatMatchRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • MachineLearningRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • NewTermsRulePatchFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • EsqlRulePatchProps alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • EqlRuleResponseFields alternative Modified
        • actions property Modified
      • QueryRuleResponseFields alternative Modified
        • actions property Modified
      • SavedQueryRuleResponseFields alternative Modified
        • actions property Modified
      • ThresholdRuleResponseFields alternative Modified
        • actions property Modified
      • ThreatMatchRuleResponseFields alternative Modified
        • actions property Modified
      • MachineLearningRuleResponseFields alternative Modified
        • actions property Modified
      • NewTermsRuleResponseFields alternative Modified
        • actions property Modified
      • EsqlRuleResponseFields alternative Modified
        • actions property Modified
POST /api/detection_engine/rules
  • Body
  • application/json content type Modified
    • EqlRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • QueryRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • SavedQueryRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • ThresholdRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • ThreatMatchRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • MachineLearningRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • NewTermsRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • EsqlRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • EqlRuleResponseFields alternative Modified
        • actions property Modified
      • QueryRuleResponseFields alternative Modified
        • actions property Modified
      • SavedQueryRuleResponseFields alternative Modified
        • actions property Modified
      • ThresholdRuleResponseFields alternative Modified
        • actions property Modified
      • ThreatMatchRuleResponseFields alternative Modified
        • actions property Modified
      • MachineLearningRuleResponseFields alternative Modified
        • actions property Modified
      • NewTermsRuleResponseFields alternative Modified
        • actions property Modified
      • EsqlRuleResponseFields alternative Modified
        • actions property Modified
POST /api/detection_engine/rules/_bulk_action
  • Body
  • application/json content type Modified
    • BulkEditRules alternative Modified
      • edit property Modified
        • BulkActionEditPayloadIndexPatterns alternative Modified
  • Response
  • 200 response Modified
    • application/json content type Modified
      • BulkEditActionResponse alternative Modified
        • attributes property Modified
POST /api/detection_engine/rules/preview
  • Body
  • application/json content type Modified
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • data_view_id, event_category_override, filters, index, tiebreaker_field, timestamp_field properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • language, query properties Modified
        • Properties are no longer required
      • data_view_id, filters, index, saved_id properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • query, language properties Modified
        • Properties are no longer required
      • saved_id, data_view_id, filters, index properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • alert_suppression property Modified
        • duration property Modified
          • Property is now required
            Breaking
        • group_by, missing_fields_strategy properties Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
      • language property Modified
        • Property is no longer required
      • threshold, data_view_id, filters, index, saved_id properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • language property Modified
        • Property is no longer required
      • threat_index, threat_mapping, threat_query, concurrent_searches, data_view_id, filters, index, items_per_search, saved_id, threat_filters, threat_indicator_path, threat_language properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • language, query properties Removed
        • Removing a resource is always breaking unless it was deprecated before
          Breaking
      • anomaly_threshold, array-2 properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
      • language property Modified
        • Property is no longer required
      • history_window_start, new_terms_fields, data_view_id, filters, index properties Added
    • RulePreviewParams alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
PUT /api/detection_engine/rules
  • Body
  • application/json content type Modified
    • EqlRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • QueryRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • SavedQueryRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • ThresholdRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • ThreatMatchRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • MachineLearningRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • NewTermsRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
    • EsqlRuleCreateFields alternative Modified
      • actions property Modified
        • group property Removed
          • Removing a resource is always breaking unless it was deprecated before
            Breaking
        • group_jacek property Added
  • Response
  • 200 response Modified
    • application/json content type Modified
      • EqlRuleResponseFields alternative Modified
        • actions property Modified
      • QueryRuleResponseFields alternative Modified
        • actions property Modified
      • SavedQueryRuleResponseFields alternative Modified
        • actions property Modified
      • ThresholdRuleResponseFields alternative Modified
        • actions property Modified
      • ThreatMatchRuleResponseFields alternative Modified
        • actions property Modified
      • MachineLearningRuleResponseFields alternative Modified
        • actions property Modified
      • NewTermsRuleResponseFields alternative Modified
        • actions property Modified
      • EsqlRuleResponseFields alternative Modified
        • actions property Modified