Find exception containers

edit

Retrieves a paginated subset of exception containers. By default, the first page is returned with 20 results per page.

Request URL

edit

GET <kibana host>:<port>/api/exception_lists/_find

URL query parameters

edit

All parameters are optional:

Name Type Description

page

Integer

The page number to return.

per_page

Integer

The number of containers to return per page.

sort_field

String

Determines which field is used to sort the results.

sort_order

String

Determines the sort order, which can be desc or asc.

cursor

String

Returns the containers that come after the last container returned in the previous call (use the cursor value returned in the previous call). This parameter uses the tie_breaker_id field to ensure all containers are sorted and returned correctly. See Search After for more information.

namespace_type

String

Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (agnostic or single).

filter

String

Filters the returned results according to the value of the specified field.

Uses the so type.field name:field value syntax, where so type can be:

  • exception-list: Specify a space-aware exception list.
  • exception-list-agnostic: Specify an exception list that is shared across spaces.

And field name can be:

  • name
  • type
  • created_by
  • updated_by

search

String

Filters the returned results according to the simple query filter.

Example request

edit

Returns containers, sorted by name in descending order:

GET api/exception_lists/_find?page=1&per_page=2&sort_field=name&sort_order=desc

Response code

edit
200
Indicates a successful call.

Response payload

edit
{
  "data": [
    {
      "_tags": [],
      "created_at": "2020-07-14T10:47:03.421Z",
      "created_by": "elastic",
      "description": "Trusted external IPs",
      "id": "5a7f77b0-c5bf-11ea-a3d8-a5b753aeeb9e",
      "list_id": "allowed-IPs",
      "name": "Trusted ext IPs",
      "namespace_type": "single",
      "tags": [
        "network",
        "IP"
      ],
      "tie_breaker_id": "5b39e2f4-bcfa-4199-bcf0-b859c4b805f4",
      "type": "detection",
      "updated_at": "2020-07-14T10:47:03.595Z",
      "updated_by": "elastic"
    },
    {
      "_tags": [],
      "created_at": "2020-07-14T08:24:22.884Z",
      "created_by": "elastic",
      "description": "Excludes trusted processes",
      "id": "6c03f6a0-c5ab-11ea-a3d8-a5b753aeeb9e",
      "list_id": "allowed-processes",
      "name": "Process exceptions",
      "namespace_type": "single",
      "tags": [
        "hosts",
        "processes"
      ],
      "tie_breaker_id": "65e16c8a-0d45-4e38-8a8f-094658a5df90",
      "type": "detection",
      "updated_at": "2020-07-14T08:24:23.050Z",
      "updated_by": "elastic"
    }
  ],
  "page": 1,
  "per_page": 2,
  "total": 6
}