Lists index endpointedit
Before using exceptions and lists, use the index
endpoint to create .lists
and .items
system data streams in the relevant
Kibana space.
For information about the permissions and privileges required to create
.lists
and .items
data streams, refer to Enable and access detections.
Create data streamedit
Creates .lists
and .items
data streams. The data streams naming convention is
.lists-<space name>
and .items-<space name>
.
Request URLedit
POST <kibana host>:<port>/api/lists/index
Example requestedit
Creates .lists
and .items
data streams.
POST api/lists/index
Response codeedit
-
200
- Indicates a successful call.
Get data streamedit
Verifies .lists
and .items
data streams exist.
Request URLedit
GET <kibana host>:<port>/api/lists/index
Example requestedit
Verifies the lists
data stream for the Kibana security
exists:
GET api/lists/index
Response codeedit
-
200
- Indicates a successful call.
-
404
- Indicates no data stream exists.
Example responsesedit
Example response when the data streams exist:
{ "list_index": true, "list_item_index": true }
Example response when the data streams do not exist:
{ "message": "data stream .lists-default and data stream .items-default does not exist", "status_code": 404 }
Delete data streamsedit
Deletes the .lists
and .items
data streams.
Request URLedit
DELETE <kibana host>:<port>/api/lists/index
Example requestedit
Deletes the .lists
and .items
data streams:
DELETE api/lists/index
Response codeedit
-
200
- Indicates a successful call.