Show Menu
Search…
Ctrl+K
ESC
Example searches: “snapshot”, “name”, “severity_mapping”, “max_signals”, “overwrite”
Toggle dark mode
Elastic APIs hub
Elastic Cloud API
Elastic Cloud Enterprise API
Elastic Cloud Serverless API
Elasticsearch API
Elasticsearch Serverless API
Kibana API
Kibana Serverless API
Observability Intake Serverless API
Back to hub page
API Changelog
Download source
JSON OpenAPI specification
YAML OpenAPI specification
Feedback
Topics
Introduction
Authentication
Endpoints
Alerting
Get rule details
GET
Update a rule
PUT
Create a rule
POST
Delete a rule
DELETE
Disable a rule
POST
Enable a rule
POST
Mute all alerts
POST
Unmute all alerts
POST
Update the API key for a rule
POST
Mute an alert
POST
Unmute an alert
POST
Get information about rules
GET
APM agent configuration
Get a list of agent configurations
GET
Create or update agent configuration
PUT
Delete agent configuration
DELETE
Get agent name for service
GET
Get environments for service
GET
Lookup single agent configuration
POST
Get single agent configuration
GET
APM agent keys
Create an APM agent key
POST
APM annotations
Create a service annotation
POST
Search for annotations
GET
APM server schema
Save APM server schema
POST
APM sourcemaps
Get source maps
GET
Upload source map
POST
Delete source map
DELETE
Connectors
Get connector types
GET
Get connector information
GET
Update a connector
PUT
Create a connector
POST
Delete a connector
DELETE
Run a connector
POST
Get all connectors
GET
Data streams
Get data streams
GET
Get data streams
GET
Data views
Get all data views
GET
Create a data view
POST
Get a data view
GET
Update a data view
POST
Delete a data view
DELETE
Update data view fields metadata
POST
Create or update a runtime field
PUT
Create a runtime field
POST
Get a runtime field
GET
Update a runtime field
POST
Delete a runtime field from a data view
DELETE
Get the default data view
GET
Set the default data view
POST
Swap saved object references
POST
Preview a saved object reference swap
POST
Elastic Agent actions
Create an agent action
POST
Reassign an agent
POST
Request agent diagnostics
POST
Unenroll an agent
POST
Upgrade an agent
POST
Get an agent action status
GET
Cancel an agent action
POST
Bulk reassign agents
POST
Bulk request diagnostics from agents
POST
Bulk unenroll agents
POST
Bulk update agent tags
POST
Bulk upgrade agents
POST
Elastic Agent binary download sources
Get agent binary download sources
GET
Create an agent binary download source
POST
Get an agent binary download source
GET
Update an agent binary download source
PUT
Delete an agent binary download source
DELETE
Elastic Agent policies
Get agent policies
GET
Create an agent policy
POST
Bulk get agent policies
POST
Get an agent policy
GET
Update an agent policy
PUT
Copy an agent policy
POST
Download an agent policy
GET
Get a full agent policy
GET
Get outputs for an agent policy
GET
Delete an agent policy
POST
Get outputs for agent policies
POST
Get a full K8s agent manifest
GET
Download an agent manifest
GET
Elastic Agent status
Get an agent status summary
GET
Elastic Agents
Get incoming agent data
GET
Get agents
GET
Get agents by action ids
POST
Get an agent
GET
Update an agent
PUT
Delete an agent
DELETE
Get agent uploads
GET
Get available agent versions
GET
Delete an uploaded file
DELETE
Get an uploaded file
GET
Get agent setup info
GET
Initiate agent setup
POST
Get agent tags
GET
Elastic Package Manager (EPM)
Bulk get assets
POST
Get package categories
GET
Create a custom integration
POST
Get packages
GET
Install a package by upload
POST
Bulk install packages
POST
Get a package
GET
Update package settings
PUT
Install a package from the registry
POST
Delete a package
DELETE
Get a package file
GET
Authorize transforms
POST
Get package stats
GET
Get installed packages
GET
Get a limited package list
GET
Get an inputs template
GET
Get a package signature verification key ID
GET
Fleet enrollment API keys
Get enrollment API keys
GET
Create an enrollment API key
POST
Get an enrollment API key
GET
Revoke an enrollment API key
DELETE
Fleet internals
Check permissions
GET
Check Fleet Server health
POST
Get settings
GET
Update settings
PUT
Initiate Fleet setup
POST
Fleet outputs
Generate a Logstash API key
POST
Get outputs
GET
Create output
POST
Get output
GET
Update output
PUT
Delete output
DELETE
Get the latest output health
GET
Fleet package policies
Get package policies
GET
Create a package policy
POST
Bulk get package policies
POST
Get a package policy
GET
Update a package policy
PUT
Delete a package policy
DELETE
Bulk delete package policies
POST
Upgrade a package policy
POST
Dry run a package policy upgrade
POST
Fleet proxies
Get proxies
GET
Create a proxy
POST
Get a proxy
GET
Update a proxy
PUT
Delete a proxy
DELETE
Fleet Server hosts
Get Fleet Server hosts
GET
Create a Fleet Server host
POST
Get a Fleet Server host
GET
Update a Fleet Server host
PUT
Delete a Fleet Server host
DELETE
Fleet service tokens
Create a service token
POST
Fleet uninstall tokens
Get metadata for latest uninstall tokens
GET
Get a decrypted uninstall token
GET
Message Signing Service
Rotate a Fleet message signing key pair
POST
Machine learning
Sync machine learning saved objects
GET
Roles
Get all roles
GET
Get a role
GET
Create or update a role
PUT
Delete a role
DELETE
Create or update roles
POST
Saved objects
Export saved objects
POST
Import saved objects
POST
Security AI assistant
Apply a bulk action to anonymization fields
POST
Get anonymization fields
GET
Create a model response
POST
Create a conversation
POST
Get conversations
GET
Get a conversation
GET
Update a conversation
PUT
Delete a conversation
DELETE
Apply a bulk action to prompts
POST
Get prompts
GET
Security detections
Returns user privileges for the Kibana space
GET
Retrieve a detection rule
GET
Update a detection rule
PUT
Create a detection rule
POST
Delete a detection rule
DELETE
Patch a detection rule
PATCH
Apply a bulk action to detection rules
POST
Export detection rules
POST
List all detection rules
GET
Import detection rules
POST
Preview rule alerts generated on specified time range
POST
Assign and unassign users from detection alerts
POST
Find and/or aggregate detection alerts
POST
Set a detection alert status
POST
Add and remove detection alert tags
POST
List all detection rule tags
GET
Security endpoint exceptions
Create an endpoint exception list
POST
Get an endpoint exception list item
GET
Update an endpoint exception list item
PUT
Create an endpoint exception list item
POST
Delete an endpoint exception list item
DELETE
Get endpoint exception list items
GET
Security endpoint management
Get response actions
GET
Get response actions status
GET
Get action details
GET
Get file information
GET
Download a file
GET
Run a command
POST
Get a file
POST
Isolate an endpoint
POST
Terminate a process
POST
Get running processes
POST
Scan a file or directory
POST
Get actions state
GET
Suspend a process
POST
Release an isolated endpoint
POST
Upload a file
POST
Get a metadata list
GET
Get metadata
GET
Get a policy response
GET
Get a protection updates note
GET
Create or update a protection updates note
POST
Security entity analytics
Get an asset criticality record
GET
Upsert an asset criticality record
POST
Delete an asset criticality record
DELETE
Bulk upsert asset criticality records
POST
List asset criticality records
GET
Initialize the Entity Store
POST
List the Entity Engines
GET
Get an Entity Engine
GET
Delete the Entity Engine
DELETE
Initialize an Entity Engine
POST
Start an Entity Engine
POST
Get Entity Engine stats
POST
Stop an Entity Engine
POST
Apply DataView indices to all installed engines
POST
List Entity Store Entities
GET
Get the status of the Entity Store
GET
Cleanup the Risk Engine
DELETE
Run the risk scoring engine
POST
Security exceptions
Create rule exception list items
POST
Get exception list details
GET
Update an exception list
PUT
Create an exception list
POST
Delete an exception list
DELETE
Duplicate an exception list
POST
Export an exception list
POST
Get exception lists
GET
Import an exception list
POST
Get an exception list item
GET
Update an exception list item
PUT
Create an exception list item
POST
Delete an exception list item
DELETE
Get exception list items
GET
Get an exception list summary
GET
Create a shared exception list
POST
Security lists
Get list details
GET
Update a list
PUT
Create a list
POST
Delete a list
DELETE
Patch a list
PATCH
Get lists
GET
Get status of list data streams
GET
Create list data streams
POST
Delete list data streams
DELETE
Get a list item
GET
Update a list item
PUT
Create a list item
POST
Delete a list item
DELETE
Patch a list item
PATCH
Export list items
POST
Get list items
GET
Import list items
POST
Get list privileges
GET
Security Osquery
Get live queries
GET
Create a live query
POST
Get live query details
GET
Get live query results
GET
Get packs
GET
Create a pack
POST
Get pack details
GET
Update a pack
PUT
Delete a pack
DELETE
Get saved queries
GET
Create a saved query
POST
Get saved query details
GET
Update a saved query
PUT
Delete a saved query
DELETE
Security timeline
Get notes
GET
Delete a note
DELETE
Add or update a note
PATCH
Pin an event
PATCH
Get Timeline or Timeline template details
GET
Create a Timeline or Timeline template
POST
Delete Timelines or Timeline templates
DELETE
Update a Timeline
PATCH
Copies timeline or timeline template
GET
Get draft Timeline or Timeline template details
GET
Create a clean draft Timeline or Timeline template
POST
Export Timelines
POST
Favorite a Timeline or Timeline template
PATCH
Import Timelines
POST
Install prepackaged Timelines
POST
Get an existing saved Timeline or Timeline template
GET
Get Timelines or Timeline templates
GET
Service level objectives
Get a paginated list of SLOs
GET
Create an SLO
POST
Batch delete rollup and summary data
POST
Get an SLO
GET
Update an SLO
PUT
Delete an SLO
DELETE
Reset an SLO
POST
Disable an SLO
POST
Enable an SLO
POST
Spaces
Get all spaces
GET
Create a space
POST
Get a space
GET
Update a space
PUT
Delete a space
DELETE
System
Get Kibana's current status
GET
Dismiss highlight
Show more