The SIEM app is now a part of the Elastic Security solution. Click here to view SIEM documentation for previous releases.
« Find exception items Get exception item »
Elastic Docs Elastic Security Solution [7.9] Elastic Security APIs Exceptions API

Get exception container

edit

Get exception container

edit

Retrieves an exception container using its id or list_id field.

Request URL

edit

GET <kibana host>:<port>/api/exception_lists

URL query parameters

edit

The URL query must include the container’s id or list_id:

  • id - GET /api/exception_lists?id=<id>
  • list_id - GET /api/exception_lists?list_id=<list_id>

Example request

edit

Retrieves the list container with a list_id of allowed-processes:

GET api/exception_lists?list_id=internal-ip-excludes

Response code

edit
200
Indicates a successful call.

Response payload

edit
{
  "_tags": [],
  "created_at": "2020-07-14T08:24:22.884Z",
  "created_by": "LiverpoolFC",
  "description": "Excludes trusted processes",
  "id": "6c03f6a0-c5ab-11ea-a3d8-a5b753aeeb9e",
  "list_id": "allowed-processes",
  "name": "Process exceptions",
  "namespace_type": "single",
  "tags": [
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "65e16c8a-0d45-4e38-8a8f-094658a5df90",
  "type": "detection",
  "updated_at": "2020-07-14T08:24:23.050Z",
  "updated_by": "LiverpoolFC"
}
« Find exception items Get exception item »