Update exception container

edit

Updates an existing exception container.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Request URL

edit

PUT <kibana host>:<port>/api/exception_lists

Request body

edit
Name Type Description Required

description

String

Describes the exception container.

Yes

id

String

The container’s unique identifier.

Yes, when the container’s list_id field is not used.

list_id

String

The list_id of the container you are updating.

Yes, when the container’s id field is not used.

meta

Object

Placeholder for metadata about the list container.

No

name

String

The exception container’s name.

Yes

namespace_type

String

Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:

  • single: Only available in the Kibana space in which it is created.
  • agnostic: Available in all Kibana spaces.

No, defaults to single.

tags

String[]

String array containing words and phrases to help categorize exception containers.

No

type

String

The type of exception, which must be one of these:

  • detection: Detection rule exception
  • endpoint: Endpoint alert exception

Yes

Example request

edit

Updates the name and description fields:

PUT api/exception_lists
{
  "description": "Trusted processes",
  "name": "Trusted in-house processes EU",
  "list_id": "allowed-processes",
  "type": "detection",
  "namespace_type": "single",
  "tags": [
    "processes",
    "hosts"
  ]
}

Response code

edit
200
Indicates a successful call.

Response payload

edit

The updated object, including the time it was updated.

Example response:

{
  "_tags": [],
  "created_at": "2020-07-15T06:10:37.228Z",
  "created_by": "LiverpoolFC",
  "description": "EU trusted processes",
  "id": "e6c44050-c661-11ea-bab5-9d6ae015701b",
  "list_id": "allowed-processes",
  "name": "Trusted in-house processes- EU",
  "namespace_type": "single",
  "tags": [
    "processes",
    "hosts"
  ],
  "tie_breaker_id": "f022101f-edc9-449b-992c-2c6108190423",
  "type": "detection",
  "updated_at": "2020-07-15T06:12:38.098Z",
  "updated_by": "LiverpoolFC"
}