The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Get exception item
editGet exception item
editRetrieves an exception item using its id
or item_id
field.
Request URL
editGET <kibana host>:<port>/api/exception_lists/items
URL query parameters
editThe URL query must include one of the following:
-
id
-GET /api/exception_lists/items?id=<id>
-
item_id
-GET /api/exception_lists/items?item_id=<item_id>
Example requests
editRetrieves the item with an item_id
of global-allow-processes
:
GET api/exception_lists/items?item_id=global-allow-processes
Response code
edit-
200
- Indicates a successful call.
Response payload
edit{ "_tags": [], "comments": [ { "comment": "Allowed on all hosts.", "created_at": "2020-07-14T13:40:39.804Z", "created_by": "LiverpoolFC" } ], "created_at": "2020-07-14T13:40:39.804Z", "created_by": "LiverpoolFC", "description": "Global process allowlist", "entries": [ { "field": "process.name", "operator": "included", "type": "match", "value": "housekeeping" } ], "id": "9b25aec0-c5d7-11ea-a3d8-a5b753aeeb9e", "item_id": "global-allow-processes", "list_id": "allowed-processes", "name": "Host-process global exclusion", "namespace_type": "single", "tags": [ "global", "hosts", "processes" ], "tie_breaker_id": "28c6b069-8e39-4f9a-b93c-95e5a15b46c5", "type": "simple", "updated_at": "2020-07-14T13:40:39.980Z", "updated_by": "LiverpoolFC" }