This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Get exception container Import exception list »
Elastic Docs Elastic Security Solution [8.x] Elastic Security APIs Exceptions API

Get exception item

edit

Get exception item

edit

Retrieves an exception item using its id or item_id field.

Request URL

edit

GET <kibana host>:<port>/api/exception_lists/items

URL query parameters

edit

The URL query must include one of the following:

  • id - GET /api/exception_lists/items?id=<id>
  • item_id - GET /api/exception_lists/items?item_id=<item_id>

Example requests

edit

Retrieves the item with an item_id of global-allow-processes:

GET api/exception_lists/items?item_id=global-allow-processes

Response code

edit
200
Indicates a successful call.

Response payload

edit
{
  "_tags": [],
  "comments": [
    {
      "comment": "Allowed on all hosts.",
      "created_at": "2020-07-14T13:40:39.804Z",
      "created_by": "elastic"
    }
  ],
  "created_at": "2020-07-14T13:40:39.804Z",
  "created_by": "elastic",
  "description": "Global process allowlist",
  "entries": [
    {
      "field": "process.name",
      "operator": "included",
      "type": "match",
      "value": "housekeeping"
    }
  ],
  "id": "9b25aec0-c5d7-11ea-a3d8-a5b753aeeb9e",
  "item_id": "global-allow-processes",
  "list_id": "allowed-processes",
  "name": "Host-process global exclusion",
  "namespace_type": "single",
  "tags": [
    "global",
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "28c6b069-8e39-4f9a-b93c-95e5a15b46c5",
  "type": "simple",
  "updated_at": "2020-07-14T13:40:39.980Z",
  "updated_by": "elastic"
}
« Get exception container Import exception list »