The SIEM app is now a part of the Elastic Security solution. Click here to view SIEM documentation for previous releases.
« Get list container Update list container »
Elastic Docs Elastic Security Solution [7.9] Elastic Security APIs Lists API

Get list item

edit

Get list item

edit

Retrieves list items using its id, or its list_id and value fields.

For ip and ip_range list containers, you can retrieve up to 10,000 list items.

Request URL

edit

GET <kibana host>:<port>/api/lists/items

URL query parameters

edit

The URL query must include one of the following:

  • id - GET /api/lists/items?id=<id>
  • list_id and value - GET /api/lists/items?list_id=<list_id>&value=<value>

Example requests

edit

Retrieves the list item with an id of internal-ip-address:

GET api/lists/items?id=internal-ip-excludes

Retrieves the list item in the internal-ip-excludes container, with a value of 10.0.0.1:

GET api/lists/items?list_id=internal-ip-excludes&value=10.0.0.1

Retrieves list items from an ip container using CIDR notation:

GET api/lists/items?list_id=internal-ip-excludes&value=127.0.0.0/30

Retrieves list items from an ip_range container that include the specified IP address:

GET api/lists/items?list_id=internal-ip-ranges&value=192.168.1.14

Response code

edit
200
Indicates a successful call.

Response payload

edit
[
  {
    "created_at": "2020-08-11T11:22:13.669Z",
    "created_by": "elastic",
    "id": "aZdB3XMBx7pemMHopQ6L",
    "list_id": "internal-ip-excludes",
    "tie_breaker_id": "26115356-c2c2-4f1c-a4ed-19b81191775a",
    "type": "ip",
    "updated_at": "2020-08-11T11:22:13.669Z",
    "updated_by": "elastic",
    "value": "127.0.0.1"
  },
  {
    "created_at": "2020-08-11T11:22:13.669Z",
    "created_by": "elastic",
    "id": "apdB3XMBx7pemMHopQ6L",
    "list_id": "internal-ip-excludes",
    "tie_breaker_id": "fa247f45-bf8b-48bc-b89d-5191cba096e6",
    "type": "ip",
    "updated_at": "2020-08-11T11:22:13.669Z",
    "updated_by": "elastic",
    "value": "127.0.0.2"
  },
  {
    "created_at": "2020-08-11T11:22:13.670Z",
    "created_by": "elastic",
    "id": "a5dB3XMBx7pemMHopQ6L",
    "list_id": "internal-ip-excludes",
    "tie_breaker_id": "60edc3e4-9a79-4bff-b7dc-096b052797f8",
    "type": "ip",
    "updated_at": "2020-08-11T11:22:13.670Z",
    "updated_by": "elastic",
    "value": "127.0.0.3"
  }
]
« Get list container Update list container »