Show Menu
Search…
Ctrl+K
ESC
Example searches: “ignore_above”, “statusCode”, “useLegacyAlerts”, “ml”, “Alerting documentation”
Toggle dark mode
Elastic APIs hub
Elastic Cloud API
Elastic Cloud Enterprise API
Elastic Cloud Serverless API
Elasticsearch API
Elasticsearch Serverless API
Kibana API
Kibana Serverless API
Observability Intake Serverless API
Back to hub page
API Changelog
Download source
JSON OpenAPI specification
YAML OpenAPI specification
Feedback
main
main
default
v8
Topics
Introduction
Authentication
Kibana spaces
Endpoints
Alerting
Get the alerting framework health
GET
Get the rule types
GET
Get rule details
GET
Update a rule
PUT
Create a rule
POST
Delete a rule
DELETE
Disable a rule
POST
Enable a rule
POST
Mute all alerts
POST
Unmute all alerts
POST
Update the API key for a rule
POST
Mute an alert
POST
Unmute an alert
POST
Get information about rules
GET
Get an alert by identifier
GET
Update an alert
PUT
Create an alert
POST
Delete an alert
DELETE
Disable an alert
POST
Enable an alert
POST
Mute all alert instances
POST
Unmute all alert instances
POST
Mute an alert instance
POST
Unmute an alert instance
POST
Get a paginated set of alerts
GET
Get the alerting framework health
GET
Get the alert types
GET
APM agent configuration
Get a list of agent configurations
GET
Create or update agent configuration
PUT
Delete agent configuration
DELETE
Get agent name for service
GET
Get environments for service
GET
Lookup single agent configuration
POST
Get single agent configuration
GET
APM agent keys
Create an APM agent key
POST
APM annotations
Create a service annotation
POST
Search for annotations
GET
APM server schema
Save APM server schema
POST
APM sourcemaps
Get source maps
GET
Upload source map
POST
Delete source map
DELETE
Cases
Create a case
POST
Delete cases
DELETE
Update cases
PATCH
Search cases
GET
Get case information
GET
Get all alerts for a case
GET
Get all case comments
GET
Add a case comment or alert
POST
Delete all case comments and alerts
DELETE
Update a case comment or alert
PATCH
Find case comments and alerts
GET
Get a case comment or alert
GET
Delete a case comment or alert
DELETE
Push a case to an external service
POST
Attach a file to a case
POST
Get case activity
GET
Find case activity
GET
Get cases for an alert
GET
Get case settings
GET
Add case settings
POST
Update case settings
PATCH
Get case connectors
GET
Get case creators
GET
Get case status summary
GET
Get case tags
GET
Connectors
Get connector types
GET
Get connector information
GET
Update a connector
PUT
Create a connector
POST
Delete a connector
DELETE
Run a connector
POST
Get all connectors
GET
Data streams
Get data streams
GET
Get data streams
GET
Data views
Get all data views
GET
Create a data view
POST
Get a data view
GET
Update a data view
POST
Delete a data view
DELETE
Update data view fields metadata
POST
Create or update a runtime field
PUT
Create a runtime field
POST
Get a runtime field
GET
Update a runtime field
POST
Delete a runtime field from a data view
DELETE
Get the default data view
GET
Set the default data view
POST
Swap saved object references
POST
Preview a saved object reference swap
POST
Elastic Agent actions
Create an agent action
POST
Reassign an agent
POST
Request agent diagnostics
POST
Unenroll an agent
POST
Upgrade an agent
POST
Get an agent action status
GET
Cancel an agent action
POST
Bulk reassign agents
POST
Bulk request diagnostics from agents
POST
Bulk unenroll agents
POST
Bulk update agent tags
POST
Bulk upgrade agents
POST
Elastic Agent binary download sources
Get agent binary download sources
GET
Create an agent binary download source
POST
Get an agent binary download source
GET
Update an agent binary download source
PUT
Delete an agent binary download source
DELETE
Elastic Agent policies
Get agent policies
GET
Create an agent policy
POST
Bulk get agent policies
POST
Get an agent policy
GET
Update an agent policy
PUT
Copy an agent policy
POST
Download an agent policy
GET
Get a full agent policy
GET
Get outputs for an agent policy
GET
Delete an agent policy
POST
Get outputs for agent policies
POST
Get a full K8s agent manifest
GET
Download an agent manifest
GET
Elastic Agent status
Get an agent status summary
GET
Elastic Agents
Get incoming agent data
GET
Get agents
GET
Get agents by action ids
POST
Get an agent
GET
Update an agent
PUT
Delete an agent
DELETE
Get agent uploads
GET
Get available agent versions
GET
Delete an uploaded file
DELETE
Get an uploaded file
GET
Get agent setup info
GET
Initiate agent setup
POST
Get agent tags
GET
Elastic Package Manager (EPM)
Bulk get assets
POST
Get package categories
GET
Create a custom integration
POST
Get packages
GET
Install a package by upload
POST
Bulk install packages
POST
Get a package
GET
Update package settings
PUT
Install a package from the registry
POST
Delete a package
DELETE
Get a package file
GET
Authorize transforms
POST
Get package stats
GET
Get installed packages
GET
Get a limited package list
GET
Get an inputs template
GET
Get a package signature verification key ID
GET
Fleet enrollment API keys
Get enrollment API keys
GET
Create an enrollment API key
POST
Get an enrollment API key
GET
Revoke an enrollment API key
DELETE
Fleet internals
Check permissions
GET
Check Fleet Server health
POST
Get settings
GET
Update settings
PUT
Initiate Fleet setup
POST
Fleet outputs
Generate a Logstash API key
POST
Get outputs
GET
Create output
POST
Get output
GET
Update output
PUT
Delete output
DELETE
Get the latest output health
GET
Fleet package policies
Get package policies
GET
Create a package policy
POST
Bulk get package policies
POST
Get a package policy
GET
Update a package policy
PUT
Delete a package policy
DELETE
Bulk delete package policies
POST
Upgrade a package policy
POST
Dry run a package policy upgrade
POST
Fleet proxies
Get proxies
GET
Create a proxy
POST
Get a proxy
GET
Update a proxy
PUT
Delete a proxy
DELETE
Fleet Server hosts
Get Fleet Server hosts
GET
Create a Fleet Server host
POST
Get a Fleet Server host
GET
Update a Fleet Server host
PUT
Delete a Fleet Server host
DELETE
Fleet service tokens
Create a service token
POST
Fleet uninstall tokens
Get metadata for latest uninstall tokens
GET
Get a decrypted uninstall token
GET
Message Signing Service
Rotate a Fleet message signing key pair
POST
Machine learning
Sync saved objects in the default space
GET
Roles
Get all roles
GET
Get a role
GET
Create or update a role
PUT
Delete a role
DELETE
Create or update roles
POST
Saved objects
Rotate a key for encrypted saved objects
POST
Create saved objects
POST
Delete saved objects
POST
Get saved objects
POST
Resolve saved objects
POST
Update saved objects
POST
Export saved objects
POST
Search for saved objects
GET
Import saved objects
POST
Resolve import errors
POST
Create a saved object
POST
Get a saved object
GET
Update a saved object
PUT
Create a saved object
POST
Resolve a saved object
GET
Security AI assistant
Apply a bulk action to anonymization fields
POST
Get anonymization fields
GET
Create a model response
POST
Create a conversation
POST
Get conversations
GET
Get a conversation
GET
Update a conversation
PUT
Delete a conversation
DELETE
Apply a bulk action to prompts
POST
Get prompts
GET
Security detections
Reads the alert index name if it exists
GET
Create an alerts index
POST
Delete an alerts index
DELETE
Returns user privileges for the Kibana space
GET
Retrieve a detection rule
GET
Update a detection rule
PUT
Create a detection rule
POST
Delete a detection rule
DELETE
Patch a detection rule
PATCH
Apply a bulk action to detection rules
POST
Create multiple detection rules
POST
Delete multiple detection rules
POST
Delete multiple detection rules
DELETE
Update multiple detection rules
PUT
Patch multiple detection rules
PATCH
Export detection rules
POST
List all detection rules
GET
Import detection rules
POST
Install prebuilt detection rules and Timelines
PUT
Retrieve the status of prebuilt detection rules and Timelines
GET
Preview rule alerts generated on specified time range
POST
Assign and unassign users from detection alerts
POST
Finalize detection alert migrations
POST
Initiate a detection alert migration
POST
Clean up detection alert migrations
DELETE
Retrieve the status of detection alert migrations
POST
Find and/or aggregate detection alerts
POST
Set a detection alert status
POST
Add and remove detection alert tags
POST
List all detection rule tags
GET
Security endpoint exceptions
Create an endpoint exception list
POST
Get an endpoint exception list item
GET
Update an endpoint exception list item
PUT
Create an endpoint exception list item
POST
Delete an endpoint exception list item
DELETE
Get endpoint exception list items
GET
Security endpoint management
Get response actions
GET
Get response actions status
GET
Get action details
GET
Get file information
GET
Download a file
GET
Run a command
POST
Get a file
POST
Isolate an endpoint
POST
Terminate a process
POST
Get running processes
POST
Scan a file or directory
POST
Get actions state
GET
Suspend a process
POST
Release an isolated endpoint
POST
Upload a file
POST
Get a metadata list
GET
Get metadata
GET
Get a policy response
GET
Get a protection updates note
GET
Create or update a protection updates note
POST
Security entity analytics
Get an asset criticality record
GET
Upsert an asset criticality record
POST
Delete an asset criticality record
DELETE
Bulk upsert asset criticality records
POST
List asset criticality records
GET
Initialize the Entity Store
POST
List the Entity Engines
GET
Get an Entity Engine
GET
Delete the Entity Engine
DELETE
Initialize an Entity Engine
POST
Start an Entity Engine
POST
Get Entity Engine stats
POST
Stop an Entity Engine
POST
Apply DataView indices to all installed engines
POST
List Entity Store Entities
GET
Get the status of the Entity Store
GET
Cleanup the Risk Engine
DELETE
Run the risk scoring engine
POST
Security exceptions
Create rule exception list items
POST
Get exception list details
GET
Update an exception list
PUT
Create an exception list
POST
Delete an exception list
DELETE
Duplicate an exception list
POST
Export an exception list
POST
Get exception lists
GET
Import an exception list
POST
Get an exception list item
GET
Update an exception list item
PUT
Create an exception list item
POST
Delete an exception list item
DELETE
Get exception list items
GET
Get an exception list summary
GET
Create a shared exception list
POST
Security lists
Get list details
GET
Update a list
PUT
Create a list
POST
Delete a list
DELETE
Patch a list
PATCH
Get lists
GET
Get status of list data streams
GET
Create list data streams
POST
Delete list data streams
DELETE
Get a list item
GET
Update a list item
PUT
Create a list item
POST
Delete a list item
DELETE
Patch a list item
PATCH
Export list items
POST
Get list items
GET
Import list items
POST
Get list privileges
GET
Security Osquery
Get live queries
GET
Create a live query
POST
Get live query details
GET
Get live query results
GET
Get packs
GET
Create a pack
POST
Get pack details
GET
Update a pack
PUT
Delete a pack
DELETE
Get saved queries
GET
Create a saved query
POST
Get saved query details
GET
Update a saved query
PUT
Delete a saved query
DELETE
Security timeline
Get notes
GET
Delete a note
DELETE
Add or update a note
PATCH
Pin an event
PATCH
Get Timeline or Timeline template details
GET
Create a Timeline or Timeline template
POST
Delete Timelines or Timeline templates
DELETE
Update a Timeline
PATCH
Copies timeline or timeline template
GET
Get draft Timeline or Timeline template details
GET
Create a clean draft Timeline or Timeline template
POST
Export Timelines
POST
Favorite a Timeline or Timeline template
PATCH
Import Timelines
POST
Install prepackaged Timelines
POST
Get an existing saved Timeline or Timeline template
GET
Get Timelines or Timeline templates
GET
Service level objectives
Get a paginated list of SLOs
GET
Create an SLO
POST
Batch delete rollup and summary data
POST
Get an SLO
GET
Update an SLO
PUT
Delete an SLO
DELETE
Reset an SLO
POST
Disable an SLO
POST
Enable an SLO
POST
Spaces
Copy saved objects between spaces
POST
Disable legacy URL aliases
POST
Get shareable references
POST
Update saved objects in spaces
POST
Get all spaces
GET
Create a space
POST
Get a space
GET
Update a space
PUT
Delete a space
DELETE
System
Get Kibana's current status
GET
Dismiss highlight
Show more
Security entity analytics