The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Get exception container
editGet exception container
editRetrieves an exception container using its id
or list_id
field.
Request URL
editGET <kibana host>:<port>/api/exception_lists
URL query parameters
editThe URL query must include the container’s id
or list_id
:
-
id
-GET /api/exception_lists?id=<id>
-
list_id
-GET /api/exception_lists?list_id=<list_id>
Example request
editRetrieves the list container with a list_id
of allowed-processes
:
GET api/exception_lists?list_id=internal-ip-excludes
Response code
edit-
200
- Indicates a successful call.
Response payload
edit{ "_tags": [], "created_at": "2020-07-14T08:24:22.884Z", "created_by": "LiverpoolFC", "description": "Excludes trusted processes", "id": "6c03f6a0-c5ab-11ea-a3d8-a5b753aeeb9e", "list_id": "allowed-processes", "name": "Process exceptions", "namespace_type": "single", "tags": [ "hosts", "processes" ], "tie_breaker_id": "65e16c8a-0d45-4e38-8a8f-094658a5df90", "type": "detection", "updated_at": "2020-07-14T08:24:23.050Z", "updated_by": "LiverpoolFC" }