Lists index endpoint

edit

Before using exceptions and lists, use the index endpoint to create .lists and .items system indices in the relevant Kibana space.

For information about the permissions and privileges required to create .lists and .items indices, refer to Enable and access detections.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Create index

edit

Creates .lists and .items indices. The indices naming convention is .lists-<space name> and .items-<space name>.

Request URL

edit

POST <kibana host>:<port>/api/lists/index

Example request
edit

Creates .lists and .items indices.

POST api/lists/index

Response code

edit
200
Indicates a successful call.

Get index

edit

Verifies .lists and .items indices exist.

Request URL

edit

GET <kibana host>:<port>/api/lists/index

Example request
edit

Verifies the lists index for the Kibana security exists:

GET api/lists/index

Response code

edit
200
Indicates a successful call.
404
Indicates no index exists.
Example responses
edit

Example response when the indices exist:

{
  "list_index": true,
  "list_item_index": true
}

Example response when the indices do not exist:

{
  "message": "index .lists-default and index .items-default does not exist",
  "status_code": 404
}

Delete index

edit

Deletes the .lists and .items indices.

Request URL

edit

DELETE <kibana host>:<port>/api/lists/index

Example request
edit

Deletes the .lists and .items indices:

DELETE api/lists/index

Response code

edit
200
Indicates a successful call.