Security Solution API Playground (Serverless)
Show Menu
Search…
Ctrl+K
ESC
Example searches: “package”, “ignoreMissing”, “username”, “config”, “message”
Toggle dark mode
API Changelog
Download source
JSON OpenAPI specification
YAML OpenAPI specification
Feedback
Topics
Introduction
Servers
Authentication
Endpoints
alerting
Get rule details
GET
Update a rule
PUT
Create a rule
POST
Delete a rule
DELETE
Disable a rule
POST
Enable a rule
POST
Mute all alerts
POST
Unmute all alerts
POST
Update the API key for a rule
POST
Mute an alert
POST
Unmute an alert
POST
Get information about rules
GET
APM agent keys
Create an APM agent key
POST
APM annotations
Create a service annotation
POST
Search for annotations
GET
connectors
Get all connectors
GET
Create a connector
POST
Get connector information
GET
Update a connector
PUT
Delete a connector
DELETE
Run a connector
POST
Get connector types
GET
Get connector information
GET
Update a connector
PUT
Create a connector
POST
Delete a connector
DELETE
Run a connector
POST
Get all connectors
GET
Get connector types
GET
Data streams
List data streams
GET
data views
Get all data views
GET
Create a data view
POST
Get a data view
GET
Update a data view
POST
Delete a data view
DELETE
Update data view fields metadata
POST
Create or update a runtime field
PUT
Create a runtime field
POST
Get a runtime field
GET
Update a runtime field
POST
Delete a runtime field from a data view
DELETE
Get the default data view
GET
Set the default data view
POST
Swap saved object references
POST
Preview a saved object reference swap
POST
Elastic Agent actions
Create agent action
POST
Get agent action status
GET
Cancel agent action
POST
Elastic Agent binary download sources
List agent binary download sources
GET
Create agent binary download source
POST
Get agent binary download source by ID
GET
Update agent binary download source by ID
PUT
Delete agent binary download source by ID
DELETE
Elastic Agent policies
List agent policies
GET
Create agent policy
POST
Bulk get agent policies
POST
Get agent policy by ID
GET
Update agent policy by ID
PUT
Copy agent policy by ID
POST
Download agent policy by ID
GET
Get full agent policy by ID
GET
Delete agent policy by ID
POST
Elastic Agent status
Get agent status summary
GET
Get incoming agent data
GET
Get agent status summary
GET
Elastic Agents
List agents
GET
List agents by action ids
POST
Get agent by ID
GET
Update agent by ID
PUT
Delete agent by ID
DELETE
Reassign agent
PUT
Reassign agent
POST
Request agent diagnostics
POST
Unenroll agent
POST
Upgrade agent
POST
List agent uploads
GET
Bulk reassign agents
POST
Bulk request diagnostics from agents
POST
Bulk unenroll agents
POST
Bulk update agent tags
POST
Bulk upgrade agents
POST
Delete file uploaded by agent
DELETE
Get file uploaded by agent
GET
Get agent setup info
GET
Initiate agent setup
POST
List agent tags
GET
Elastic Package Manager (EPM)
Bulk get assets
POST
List package categories
GET
List packages
GET
Install by package by direct upload
POST
Bulk install packages
POST
Get package
GET
Install package
POST
Delete ackage
DELETE
Get package
GET
Update package settings
PUT
Install package
POST
Delete package
DELETE
Get package file
GET
Authorize transforms
POST
Get package stats
GET
Get limited package list
GET
Get inputs template
GET
Get package signature verification key ID
GET
Fleet enrollment API keys
List enrollment API keys
GET
Create enrollment API key
POST
Get enrollment API key by ID
GET
Revoke enrollment API key by ID by marking it as inactive
DELETE
List enrollment API keys
GET
Create enrollment API key
POST
Get enrollment API key by ID
GET
Delete enrollment API key by ID
DELETE
Fleet internals
Fleet Server health check
POST
Get settings
GET
Update settings
PUT
Initiate Fleet setup
POST
Fleet Kubernetes
Get full K8s agent manifest
GET
Fleet outputs
Generate Logstash API key
POST
List outputs
GET
Create output
POST
Get output by ID
GET
Update output by ID
PUT
Delete output by ID
DELETE
Get latest output health
GET
Fleet package policies
List package policies
GET
Create package policy
POST
Bulk get package policies
POST
Get package policy by ID
GET
Update package policy by ID
PUT
Delete package policy by ID
DELETE
Delete package policy
POST
Upgrade package policy to a newer package version
POST
Dry run package policy upgrade
POST
Fleet proxies
List proxies
GET
Create proxy
POST
Get proxy by ID
GET
Update proxy by ID
PUT
Delete proxy by ID
DELETE
Fleet Server hosts
List Fleet Server hosts
GET
Create Fleet Server host
POST
Get Fleet Server host by ID
GET
Update Fleet Server host by ID
PUT
Delete Fleet Server host by ID
DELETE
Fleet service tokens
Create service token
POST
Create service token
POST
Fleet uninstall tokens
List metadata for latest uninstall tokens per agent policy
GET
Get one decrypted uninstall token by its ID
GET
ml
Sync machine learning saved objects
GET
Saved objects
Export saved objects
POST
Import saved objects
POST
Security AI Assistant API
Apply a bulk action to anonymization fields
POST
Get anonymization fields
GET
Create a model response
POST
Create a conversation
POST
Get conversations
GET
Get a conversation
GET
Update a conversation
PUT
Delete a conversation
DELETE
Apply a bulk action to prompts
POST
Get prompts
GET
Security Solution Detections API
Returns user privileges for the Kibana space
GET
Retrieve a detection rule
GET
Update a detection rule
PUT
Create a detection rule
POST
Delete a detection rule
DELETE
Patch a detection rule
PATCH
Apply a bulk action to detection rules
POST
Export detection rules
POST
List all detection rules
GET
Import detection rules
POST
Preview rule alerts generated on specified time range
POST
Assign and unassign users from detection alerts
POST
Find and/or aggregate detection alerts
POST
Set a detection alert status
POST
Add and remove detection alert tags
POST
List all detection rule tags
GET
Security Solution Endpoint Exceptions API
Creates an endpoint list
POST
Reads an endpoint list item
GET
Updates an endpoint list item
PUT
Creates an endpoint list item
POST
Deletes an endpoint list item
DELETE
Finds endpoint list items
GET
Security Solution Endpoint Management API
Get response actions
GET
Get an action request log
GET
Get response actions status
GET
Get action details
GET
Get file information
GET
Download a file
GET
Run a command
POST
Get a file
POST
Isolate an endpoint
POST
Terminate a process
POST
Get running processes
POST
Scan a file or directory
POST
Get actions state
GET
Suspend a process
POST
Release an isolated endpoint
POST
Upload a file
POST
Get a metadata list
GET
Get metadata
GET
Get metadata transforms
GET
Get a policy response
GET
Get an agent policy summary
GET
Get a protection updates note
GET
Create or update a protection updates note
POST
Get suggestions
POST
Security Solution Entity Analytics API
Get Criticality Record
GET
Upsert Criticality Record
POST
Delete Criticality Record
DELETE
Bulk Upsert Asset Criticality Records
POST
List Asset Criticality Records
GET
Schedule the risk engine to run as soon as possible
POST
Security Solution Exceptions API
Creates rule exception list items
POST
Retrieves an exception list using its `id` or `list_id` field
GET
Updates an exception list
PUT
Creates an exception list
POST
Deletes an exception list
DELETE
Duplicates an exception list
POST
Exports an exception list
POST
Finds exception lists
GET
Imports an exception list
POST
Gets an exception list item
GET
Updates an exception list item
PUT
Creates an exception list item
POST
Deletes an exception list item
DELETE
Finds exception list items
GET
Retrieves an exception list summary
GET
Creates a shared exception list
POST
Security Solution Lists API
Retrieves a list using its id field
GET
Updates a list
PUT
Creates a list
POST
Deletes a list
DELETE
Patches a list
PATCH
Finds lists
GET
Get list data stream existence status
GET
Creates necessary list data streams
POST
Deletes list data streams
DELETE
Gets a list item
GET
Updates a list item
PUT
Creates a list item
POST
Deletes a list item
DELETE
Patches a list item
PATCH
Exports list items
POST
Finds list items
GET
Imports list items
POST
Gets list privileges
GET
Security Solution Osquery API
Get live queries
GET
Create a live query
POST
Get live query details
GET
Get live query results
GET
Get packs
GET
Create a pack
POST
Get pack details
GET
Update a pack
PUT
Delete a pack
DELETE
Get saved queries
GET
Create a saved query
POST
Get saved query details
GET
Update a saved query
PUT
Delete a saved query
DELETE
Security Solution Timeline API
Get all notes for a given document.
GET
Deletes a note from a timeline.
DELETE
Persists a note to a timeline.
PATCH
Persists a pinned event to a timeline.
PATCH
Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template.
GET
Creates a new timeline.
POST
Deletes one or more timelines or timeline templates.
DELETE
Updates an existing timeline.
PATCH
Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned.
GET
Retrieves a draft timeline or timeline template.
POST
Exports timelines as an NDJSON file
POST
Persists a given users favorite status of a timeline.
PATCH
Imports timelines.
POST
Installs prepackaged timelines.
POST
Get an existing saved timeline or timeline template.
GET
This API is used to retrieve a list of existing saved timelines or timeline templates.
GET
slo
Get a paginated list of SLOs
GET
Create an SLO
POST
Batch delete rollup and summary data
POST
Get an SLO
GET
Update an SLO
PUT
Delete an SLO
DELETE
Reset an SLO
POST
Disable an SLO
POST
Enable an SLO
POST
system
Get Kibana's current status
GET
Dismiss highlight
Show more
connectors