/* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ /* * NOTICE: Do not edit this file manually. * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. * * info: * title: API client for quickstart * version: Bundle (no version) */ import type { KbnClient } from '@kbn/test'; import type { ToolingLog } from '@kbn/tooling-log'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; import { catchAxiosErrorFormatAndThrow } from '@kbn/securitysolution-utils'; import type { SetAlertAssigneesRequestBodyInput } from './detection_engine/alert_assignees/set_alert_assignees_route.gen'; import type { SetAlertTagsRequestBodyInput, SetAlertTagsResponse, } from './detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; import type { CreateAlertsIndexResponse } from './detection_engine/index_management/create_index/create_index.gen'; import type { DeleteAlertsIndexResponse } from './detection_engine/index_management/delete_index/delete_index.gen'; import type { ReadAlertsIndexResponse } from './detection_engine/index_management/read_index/read_index.gen'; import type { ReadPrivilegesResponse } from './detection_engine/index_management/read_privileges/read_privileges.gen'; import type { BootstrapPrebuiltRulesResponse } from './detection_engine/prebuilt_rules/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.gen'; import type { InstallPrebuiltRulesAndTimelinesResponse } from './detection_engine/prebuilt_rules/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.gen'; import type { ReadPrebuiltRulesAndTimelinesStatusResponse } from './detection_engine/prebuilt_rules/read_prebuilt_rules_and_timelines_status/read_prebuilt_rules_and_timelines_status_route.gen'; import type { PerformRulesBulkActionRequestQueryInput, PerformRulesBulkActionRequestBodyInput, PerformRulesBulkActionResponse, } from './detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; import type { CreateRuleRequestBodyInput, CreateRuleResponse, } from './detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; import type { DeleteRuleRequestQueryInput, DeleteRuleResponse, } from './detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; import type { PatchRuleRequestBodyInput, PatchRuleResponse, } from './detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; import type { ReadRuleRequestQueryInput, ReadRuleResponse, } from './detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; import type { UpdateRuleRequestBodyInput, UpdateRuleResponse, } from './detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; import type { ExportRulesRequestQueryInput, ExportRulesRequestBodyInput, } from './detection_engine/rule_management/export_rules/export_rules_route.gen'; import type { FindRulesRequestQueryInput, FindRulesResponse, } from './detection_engine/rule_management/find_rules/find_rules_route.gen'; import type { ImportRulesRequestQueryInput, ImportRulesResponse, } from './detection_engine/rule_management/import_rules/import_rules_route.gen'; import type { ReadTagsResponse } from './detection_engine/rule_management/read_tags/read_tags_route.gen'; import type { GetRuleExecutionEventsRequestQueryInput, GetRuleExecutionEventsRequestParamsInput, GetRuleExecutionEventsResponse, } from './detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; import type { GetRuleExecutionResultsRequestQueryInput, GetRuleExecutionResultsRequestParamsInput, GetRuleExecutionResultsResponse, } from './detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; import type { RulePreviewRequestQueryInput, RulePreviewRequestBodyInput, RulePreviewResponse, } from './detection_engine/rule_preview/rule_preview.gen'; import type { CreateAlertsMigrationRequestBodyInput, CreateAlertsMigrationResponse, } from './detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; import type { AlertsMigrationCleanupRequestBodyInput, AlertsMigrationCleanupResponse, } from './detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; import type { FinalizeAlertsMigrationRequestBodyInput, FinalizeAlertsMigrationResponse, } from './detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; import type { ReadAlertsMigrationStatusRequestQueryInput, ReadAlertsMigrationStatusResponse, } from './detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; import type { SearchAlertsRequestBodyInput, SearchAlertsResponse, } from './detection_engine/signals/query_signals/query_signals_route.gen'; import type { SetAlertsStatusRequestBodyInput, SetAlertsStatusResponse, } from './detection_engine/signals/set_signal_status/set_signals_status_route.gen'; import type { SuggestUserProfilesRequestQueryInput } from './detection_engine/users/suggest_user_profiles_route.gen'; import type { EndpointGetActionsDetailsRequestParamsInput, EndpointGetActionsDetailsResponse, } from './endpoint/actions/details/details.gen'; import type { EndpointFileDownloadRequestParamsInput, EndpointFileDownloadResponse, } from './endpoint/actions/file_download/file_download.gen'; import type { EndpointFileInfoRequestParamsInput, EndpointFileInfoResponse, } from './endpoint/actions/file_info/file_info.gen'; import type { EndpointGetActionsListRequestQueryInput, EndpointGetActionsListResponse, } from './endpoint/actions/list/list.gen'; import type { EndpointExecuteActionRequestBodyInput, EndpointExecuteActionResponse, } from './endpoint/actions/response_actions/execute/execute.gen'; import type { EndpointGetFileActionRequestBodyInput, EndpointGetFileActionResponse, } from './endpoint/actions/response_actions/get_file/get_file.gen'; import type { EndpointIsolateActionRequestBodyInput, EndpointIsolateActionResponse, } from './endpoint/actions/response_actions/isolate/isolate.gen'; import type { EndpointKillProcessActionRequestBodyInput, EndpointKillProcessActionResponse, } from './endpoint/actions/response_actions/kill_process/kill_process.gen'; import type { RunScriptActionRequestBodyInput, RunScriptActionResponse, } from './endpoint/actions/response_actions/run_script/run_script.gen'; import type { EndpointGetProcessesActionRequestBodyInput, EndpointGetProcessesActionResponse, } from './endpoint/actions/response_actions/running_procs/running_procs.gen'; import type { EndpointScanActionRequestBodyInput, EndpointScanActionResponse, } from './endpoint/actions/response_actions/scan/scan.gen'; import type { EndpointSuspendProcessActionRequestBodyInput, EndpointSuspendProcessActionResponse, } from './endpoint/actions/response_actions/suspend_process/suspend_process.gen'; import type { EndpointUnisolateActionRequestBodyInput, EndpointUnisolateActionResponse, } from './endpoint/actions/response_actions/unisolate/unisolate.gen'; import type { EndpointUploadActionResponse } from './endpoint/actions/response_actions/upload/upload.gen'; import type { EndpointGetActionsStateResponse } from './endpoint/actions/state/state.gen'; import type { EndpointGetActionsStatusRequestQueryInput, EndpointGetActionsStatusResponse, } from './endpoint/actions/status/status.gen'; import type { GetEndpointMetadataListRequestQueryInput, GetEndpointMetadataListResponse, } from './endpoint/metadata/get_metadata.gen'; import type { GetPolicyResponseRequestQueryInput, GetPolicyResponseResponse, } from './endpoint/policy/policy_response.gen'; import type { CreateUpdateProtectionUpdatesNoteRequestParamsInput, CreateUpdateProtectionUpdatesNoteRequestBodyInput, CreateUpdateProtectionUpdatesNoteResponse, GetProtectionUpdatesNoteRequestParamsInput, GetProtectionUpdatesNoteResponse, } from './endpoint/protection_updates_note/protection_updates_note.gen'; import type { GetEndpointSuggestionsRequestParamsInput, GetEndpointSuggestionsRequestBodyInput, GetEndpointSuggestionsResponse, } from './endpoint/suggestions/get_suggestions.gen'; import type { GetWorkflowInsightsRequestQueryInput, GetWorkflowInsightsResponse, UpdateWorkflowInsightRequestParamsInput, UpdateWorkflowInsightRequestBodyInput, UpdateWorkflowInsightResponse, } from './endpoint/workflow_insights/workflow_insights.gen'; import type { BulkUpsertAssetCriticalityRecordsRequestBodyInput, BulkUpsertAssetCriticalityRecordsResponse, } from './entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; import type { CreateAssetCriticalityRecordRequestBodyInput, CreateAssetCriticalityRecordResponse, } from './entity_analytics/asset_criticality/create_asset_criticality.gen'; import type { DeleteAssetCriticalityRecordRequestQueryInput, DeleteAssetCriticalityRecordResponse, } from './entity_analytics/asset_criticality/delete_asset_criticality.gen'; import type { AssetCriticalityGetPrivilegesResponse } from './entity_analytics/asset_criticality/get_asset_criticality_privileges.gen'; import type { GetAssetCriticalityStatusResponse } from './entity_analytics/asset_criticality/get_asset_criticality_status.gen'; import type { GetAssetCriticalityRecordRequestQueryInput, GetAssetCriticalityRecordResponse, } from './entity_analytics/asset_criticality/get_asset_criticality.gen'; import type { FindAssetCriticalityRecordsRequestQueryInput, FindAssetCriticalityRecordsResponse, } from './entity_analytics/asset_criticality/list_asset_criticality.gen'; import type { InternalUploadAssetCriticalityRecordsResponse, UploadAssetCriticalityRecordsResponse, } from './entity_analytics/asset_criticality/upload_asset_criticality_csv.gen'; import type { InitEntityStoreRequestBodyInput, InitEntityStoreResponse, } from './entity_analytics/entity_store/enable.gen'; import type { ApplyEntityEngineDataviewIndicesResponse } from './entity_analytics/entity_store/engine/apply_dataview_indices.gen'; import type { DeleteEntityEngineRequestQueryInput, DeleteEntityEngineRequestParamsInput, DeleteEntityEngineResponse, } from './entity_analytics/entity_store/engine/delete.gen'; import type { EntityStoreGetPrivilegesResponse } from './entity_analytics/entity_store/engine/get_privileges.gen'; import type { GetEntityEngineRequestParamsInput, GetEntityEngineResponse, } from './entity_analytics/entity_store/engine/get.gen'; import type { InitEntityEngineRequestParamsInput, InitEntityEngineRequestBodyInput, InitEntityEngineResponse, } from './entity_analytics/entity_store/engine/init.gen'; import type { ListEntityEnginesResponse } from './entity_analytics/entity_store/engine/list.gen'; import type { StartEntityEngineRequestParamsInput, StartEntityEngineResponse, } from './entity_analytics/entity_store/engine/start.gen'; import type { StopEntityEngineRequestParamsInput, StopEntityEngineResponse, } from './entity_analytics/entity_store/engine/stop.gen'; import type { ListEntitiesRequestQueryInput, ListEntitiesResponse, } from './entity_analytics/entity_store/entities/list_entities.gen'; import type { GetEntityStoreStatusRequestQueryInput, GetEntityStoreStatusResponse, } from './entity_analytics/entity_store/status.gen'; import type { SearchPrivilegesIndicesRequestQueryInput, SearchPrivilegesIndicesResponse, } from './entity_analytics/monitoring/search_indices.gen'; import type { InitMonitoringEngineResponse } from './entity_analytics/privilege_monitoring/engine/init.gen'; import type { PrivMonHealthResponse } from './entity_analytics/privilege_monitoring/health.gen'; import type { CreatePrivMonUserRequestBodyInput, CreatePrivMonUserResponse, } from './entity_analytics/privilege_monitoring/users/create.gen'; import type { DeletePrivMonUserRequestParamsInput, DeletePrivMonUserResponse, } from './entity_analytics/privilege_monitoring/users/delete.gen'; import type { GetPrivMonUserRequestParamsInput, GetPrivMonUserResponse, } from './entity_analytics/privilege_monitoring/users/get.gen'; import type { ListPrivMonUsersRequestQueryInput, ListPrivMonUsersResponse, } from './entity_analytics/privilege_monitoring/users/list.gen'; import type { UpdatePrivMonUserRequestParamsInput, UpdatePrivMonUserRequestBodyInput, UpdatePrivMonUserResponse, } from './entity_analytics/privilege_monitoring/users/update.gen'; import type { BulkUploadUsersCSVResponse } from './entity_analytics/privilege_monitoring/users/upload_csv.gen'; import type { BulkUploadUsersJSONResponse } from './entity_analytics/privilege_monitoring/users/upload_json.gen'; import type { CleanUpRiskEngineResponse } from './entity_analytics/risk_engine/engine_cleanup_route.gen'; import type { ConfigureRiskEngineSavedObjectRequestBodyInput, ConfigureRiskEngineSavedObjectResponse, } from './entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; import type { DisableRiskEngineResponse } from './entity_analytics/risk_engine/engine_disable_route.gen'; import type { EnableRiskEngineResponse } from './entity_analytics/risk_engine/engine_enable_route.gen'; import type { InitRiskEngineResponse } from './entity_analytics/risk_engine/engine_init_route.gen'; import type { ScheduleRiskEngineNowResponse } from './entity_analytics/risk_engine/engine_schedule_now_route.gen'; import type { ReadRiskEngineSettingsResponse } from './entity_analytics/risk_engine/engine_settings_route.gen'; import type { GetRiskEngineStatusResponse } from './entity_analytics/risk_engine/engine_status_route.gen'; import type { DeprecatedTriggerRiskScoreCalculationRequestBodyInput, DeprecatedTriggerRiskScoreCalculationResponse, TriggerRiskScoreCalculationRequestBodyInput, TriggerRiskScoreCalculationResponse, } from './entity_analytics/risk_engine/entity_calculation_route.gen'; import type { RiskEngineGetPrivilegesResponse } from './entity_analytics/risk_engine/get_risk_engine_privileges.gen'; import type { PreviewRiskScoreRequestBodyInput, PreviewRiskScoreResponse, } from './entity_analytics/risk_engine/preview_route.gen'; import type { CleanDraftTimelinesRequestBodyInput, CleanDraftTimelinesResponse, } from './timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; import type { CopyTimelineRequestBodyInput, CopyTimelineResponse, } from './timeline/copy_timeline/copy_timeline_route.gen'; import type { CreateTimelinesRequestBodyInput, CreateTimelinesResponse, } from './timeline/create_timelines/create_timelines_route.gen'; import type { DeleteNoteRequestBodyInput } from './timeline/delete_note/delete_note_route.gen'; import type { DeleteTimelinesRequestBodyInput } from './timeline/delete_timelines/delete_timelines_route.gen'; import type { ExportTimelinesRequestQueryInput, ExportTimelinesRequestBodyInput, } from './timeline/export_timelines/export_timelines_route.gen'; import type { GetDraftTimelinesRequestQueryInput, GetDraftTimelinesResponse, } from './timeline/get_draft_timelines/get_draft_timelines_route.gen'; import type { GetNotesRequestQueryInput, GetNotesResponse, } from './timeline/get_notes/get_notes_route.gen'; import type { GetTimelineRequestQueryInput, GetTimelineResponse, } from './timeline/get_timeline/get_timeline_route.gen'; import type { GetTimelinesRequestQueryInput, GetTimelinesResponse, } from './timeline/get_timelines/get_timelines_route.gen'; import type { ImportTimelinesRequestBodyInput, ImportTimelinesResponse, } from './timeline/import_timelines/import_timelines_route.gen'; import type { InstallPrepackedTimelinesRequestBodyInput, InstallPrepackedTimelinesResponse, } from './timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; import type { PatchTimelineRequestBodyInput, PatchTimelineResponse, } from './timeline/patch_timelines/patch_timeline_route.gen'; import type { PersistFavoriteRouteRequestBodyInput, PersistFavoriteRouteResponse, } from './timeline/persist_favorite/persist_favorite_route.gen'; import type { PersistNoteRouteRequestBodyInput, PersistNoteRouteResponse, } from './timeline/persist_note/persist_note_route.gen'; import type { PersistPinnedEventRouteRequestBodyInput, PersistPinnedEventRouteResponse, } from './timeline/pinned_events/pinned_events_route.gen'; import type { ResolveTimelineRequestQueryInput, ResolveTimelineResponse, } from './timeline/resolve_timeline/resolve_timeline_route.gen'; import type { CreateRuleMigrationRequestParamsInput, CreateRuleMigrationRequestBodyInput, CreateRuleMigrationResponse, GetAllStatsRuleMigrationResponse, GetRuleMigrationRequestQueryInput, GetRuleMigrationRequestParamsInput, GetRuleMigrationResponse, GetRuleMigrationIntegrationsResponse, GetRuleMigrationPrebuiltRulesRequestParamsInput, GetRuleMigrationPrebuiltRulesResponse, GetRuleMigrationPrivilegesResponse, GetRuleMigrationResourcesRequestQueryInput, GetRuleMigrationResourcesRequestParamsInput, GetRuleMigrationResourcesResponse, GetRuleMigrationResourcesMissingRequestParamsInput, GetRuleMigrationResourcesMissingResponse, GetRuleMigrationStatsRequestParamsInput, GetRuleMigrationStatsResponse, GetRuleMigrationTranslationStatsRequestParamsInput, GetRuleMigrationTranslationStatsResponse, InstallMigrationRulesRequestParamsInput, InstallMigrationRulesRequestBodyInput, InstallMigrationRulesResponse, StartRuleMigrationRequestParamsInput, StartRuleMigrationRequestBodyInput, StartRuleMigrationResponse, StopRuleMigrationRequestParamsInput, StopRuleMigrationResponse, UpdateRuleMigrationRequestParamsInput, UpdateRuleMigrationRequestBodyInput, UpdateRuleMigrationResponse, UpsertRuleMigrationResourcesRequestParamsInput, UpsertRuleMigrationResourcesRequestBodyInput, UpsertRuleMigrationResourcesResponse, } from '../siem_migrations/model/api/rules/rule_migration.gen'; export interface ClientOptions { kbnClient: KbnClient; log: ToolingLog; } export class Client { readonly kbnClient: KbnClient; readonly log: ToolingLog; constructor(options: ClientOptions) { this.kbnClient = options.kbnClient; this.log = options.log; } /** * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted. While you can delete these indices manually, the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted after 30 days. It also deletes other artifacts specific to the migration implementation. */ async alertsMigrationCleanup(props: AlertsMigrationCleanupProps) { this.log.info(`${new Date().toISOString()} Calling API AlertsMigrationCleanup`); return this.kbnClient .request<AlertsMigrationCleanupResponse>({ path: '/api/detection_engine/signals/migration', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async applyEntityEngineDataviewIndices() { this.log.info(`${new Date().toISOString()} Calling API ApplyEntityEngineDataviewIndices`); return this.kbnClient .request<ApplyEntityEngineDataviewIndicesResponse>({ path: '/api/entity_store/engines/apply_dataview_indices', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } async assetCriticalityGetPrivileges() { this.log.info(`${new Date().toISOString()} Calling API AssetCriticalityGetPrivileges`); return this.kbnClient .request<AssetCriticalityGetPrivilegesResponse>({ path: '/internal/asset_criticality/privileges', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date */ async bootstrapPrebuiltRules() { this.log.info(`${new Date().toISOString()} Calling API BootstrapPrebuiltRules`); return this.kbnClient .request<BootstrapPrebuiltRulesResponse>({ path: '/internal/detection_engine/prebuilt_rules/_bootstrap', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } async bulkUploadUsersCsv() { this.log.info(`${new Date().toISOString()} Calling API BulkUploadUsersCSV`); return this.kbnClient .request<BulkUploadUsersCSVResponse>({ path: '/api/entity_analytics/monitoring/users/_csv', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } async bulkUploadUsersJson() { this.log.info(`${new Date().toISOString()} Calling API BulkUploadUsersJSON`); return this.kbnClient .request<BulkUploadUsersJSONResponse>({ path: '/api/entity_analytics/monitoring/users/_json', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Bulk upsert up to 1000 asset criticality records. If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. */ async bulkUpsertAssetCriticalityRecords(props: BulkUpsertAssetCriticalityRecordsProps) { this.log.info(`${new Date().toISOString()} Calling API BulkUpsertAssetCriticalityRecords`); return this.kbnClient .request<BulkUpsertAssetCriticalityRecordsResponse>({ path: '/api/asset_criticality/bulk', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Create a clean draft Timeline or Timeline template for the current user. > info > If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. */ async cleanDraftTimelines(props: CleanDraftTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API CleanDraftTimelines`); return this.kbnClient .request<CleanDraftTimelinesResponse>({ path: '/api/timeline/_draft', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Cleaning up the the Risk Engine by removing the indices, mapping and transforms */ async cleanUpRiskEngine() { this.log.info(`${new Date().toISOString()} Calling API CleanUpRiskEngine`); return this.kbnClient .request<CleanUpRiskEngineResponse>({ path: '/api/risk_score/engine/dangerously_delete_data', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Configuring the Risk Engine Saved Object */ async configureRiskEngineSavedObject(props: ConfigureRiskEngineSavedObjectProps) { this.log.info(`${new Date().toISOString()} Calling API ConfigureRiskEngineSavedObject`); return this.kbnClient .request<ConfigureRiskEngineSavedObjectResponse>({ path: '/api/risk_score/engine/saved_object/configure', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PATCH', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Copies and returns a timeline or timeline template. */ async copyTimeline(props: CopyTimelineProps) { this.log.info(`${new Date().toISOString()} Calling API CopyTimeline`); return this.kbnClient .request<CopyTimelineResponse>({ path: '/api/timeline/_copy', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async createAlertsIndex() { this.log.info(`${new Date().toISOString()} Calling API CreateAlertsIndex`); return this.kbnClient .request<CreateAlertsIndexResponse>({ path: '/api/detection_engine/index', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Initiate a migration of detection alerts. Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. */ async createAlertsMigration(props: CreateAlertsMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API CreateAlertsMigration`); return this.kbnClient .request<CreateAlertsMigrationResponse>({ path: '/api/detection_engine/signals/migration', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Create or update an asset criticality record for a specific entity. If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. */ async createAssetCriticalityRecord(props: CreateAssetCriticalityRecordProps) { this.log.info(`${new Date().toISOString()} Calling API CreateAssetCriticalityRecord`); return this.kbnClient .request<CreateAssetCriticalityRecordResponse>({ path: '/api/asset_criticality', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async createPrivMonUser(props: CreatePrivMonUserProps) { this.log.info(`${new Date().toISOString()} Calling API CreatePrivMonUser`); return this.kbnClient .request<CreatePrivMonUserResponse>({ path: '/api/entity_analytics/monitoring/users', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Create a new detection rule. > warn > When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. > If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. You can create the following types of rules: * **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. * **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. * **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. * **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). * **New terms**: Generates an alert for each new term detected in source documents within a specified time range. * **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. * **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. > info > To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: ```json ... "job_id": "linux_anomalous_network_activity_ecs", "job_type": "anomaly_detector", "job_version": "7.7.0", "groups": [ "auditbeat", "process", "siem" ], ... ``` Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: * Slack * Email * PagerDuty * Webhook * Microsoft Teams * IBM Resilient * Jira * ServiceNow ITSM > info > For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. For detailed information on Kibana actions and alerting, and additional API calls, see: * [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) * [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) * [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) */ async createRule(props: CreateRuleProps) { this.log.info(`${new Date().toISOString()} Calling API CreateRule`); return this.kbnClient .request<CreateRuleResponse>({ path: '/api/detection_engine/rules', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Creates a new SIEM rules migration using the original vendor rules provided */ async createRuleMigration(props: CreateRuleMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API CreateRuleMigration`); return this.kbnClient .request<CreateRuleMigrationResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Create a new Timeline or Timeline template. */ async createTimelines(props: CreateTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API CreateTimelines`); return this.kbnClient .request<CreateTimelinesResponse>({ path: '/api/timeline', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async createUpdateProtectionUpdatesNote(props: CreateUpdateProtectionUpdatesNoteProps) { this.log.info(`${new Date().toISOString()} Calling API CreateUpdateProtectionUpdatesNote`); return this.kbnClient .request<CreateUpdateProtectionUpdatesNoteResponse>({ path: replaceParams( '/api/endpoint/protection_updates_note/{package_policy_id}', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async deleteAlertsIndex() { this.log.info(`${new Date().toISOString()} Calling API DeleteAlertsIndex`); return this.kbnClient .request<DeleteAlertsIndexResponse>({ path: '/api/detection_engine/index', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Delete the asset criticality record for a specific entity. */ async deleteAssetCriticalityRecord(props: DeleteAssetCriticalityRecordProps) { this.log.info(`${new Date().toISOString()} Calling API DeleteAssetCriticalityRecord`); return this.kbnClient .request<DeleteAssetCriticalityRecordResponse>({ path: '/api/asset_criticality', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async deleteEntityEngine(props: DeleteEntityEngineProps) { this.log.info(`${new Date().toISOString()} Calling API DeleteEntityEngine`); return this.kbnClient .request<DeleteEntityEngineResponse>({ path: replaceParams('/api/entity_store/engines/{entityType}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Delete a note from a Timeline using the note ID. */ async deleteNote(props: DeleteNoteProps) { this.log.info(`${new Date().toISOString()} Calling API DeleteNote`); return this.kbnClient .request({ path: '/api/note', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async deletePrivMonUser(props: DeletePrivMonUserProps) { this.log.info(`${new Date().toISOString()} Calling API DeletePrivMonUser`); return this.kbnClient .request<DeletePrivMonUserResponse>({ path: replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Delete a detection rule using the `rule_id` or `id` field. The URL query must include one of the following: * `id` - `DELETE /api/detection_engine/rules?id=<id>` * `rule_id`- `DELETE /api/detection_engine/rules?rule_id=<rule_id>` The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. */ async deleteRule(props: DeleteRuleProps) { this.log.info(`${new Date().toISOString()} Calling API DeleteRule`); return this.kbnClient .request<DeleteRuleResponse>({ path: '/api/detection_engine/rules', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Delete one or more Timelines or Timeline templates. */ async deleteTimelines(props: DeleteTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API DeleteTimelines`); return this.kbnClient .request({ path: '/api/timeline', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Calculates and persists Risk Scores for an entity, returning the calculated risk score. */ async deprecatedTriggerRiskScoreCalculation(props: DeprecatedTriggerRiskScoreCalculationProps) { this.log.info(`${new Date().toISOString()} Calling API DeprecatedTriggerRiskScoreCalculation`); return this.kbnClient .request<DeprecatedTriggerRiskScoreCalculationResponse>({ path: '/api/risk_scores/calculation/entity', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async disableRiskEngine() { this.log.info(`${new Date().toISOString()} Calling API DisableRiskEngine`); return this.kbnClient .request<DisableRiskEngineResponse>({ path: '/internal/risk_score/engine/disable', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } async enableRiskEngine() { this.log.info(`${new Date().toISOString()} Calling API EnableRiskEngine`); return this.kbnClient .request<EnableRiskEngineResponse>({ path: '/internal/risk_score/engine/enable', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Run a shell command on an endpoint. */ async endpointExecuteAction(props: EndpointExecuteActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointExecuteAction`); return this.kbnClient .request<EndpointExecuteActionResponse>({ path: '/api/endpoint/action/execute', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Download a file from an endpoint. */ async endpointFileDownload(props: EndpointFileDownloadProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointFileDownload`); return this.kbnClient .request<EndpointFileDownloadResponse>({ path: replaceParams( '/api/endpoint/action/{action_id}/file/{file_id}/download', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get information for the specified file using the file ID. */ async endpointFileInfo(props: EndpointFileInfoProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointFileInfo`); return this.kbnClient .request<EndpointFileInfoResponse>({ path: replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get the details of a response action using the action ID. */ async endpointGetActionsDetails(props: EndpointGetActionsDetailsProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointGetActionsDetails`); return this.kbnClient .request<EndpointGetActionsDetailsResponse>({ path: replaceParams('/api/endpoint/action/{action_id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get a list of all response actions. */ async endpointGetActionsList(props: EndpointGetActionsListProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointGetActionsList`); return this.kbnClient .request<EndpointGetActionsListResponse>({ path: '/api/endpoint/action', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get a response actions state, which reports whether encryption is enabled. */ async endpointGetActionsState() { this.log.info(`${new Date().toISOString()} Calling API EndpointGetActionsState`); return this.kbnClient .request<EndpointGetActionsStateResponse>({ path: '/api/endpoint/action/state', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get the status of response actions for the specified agent IDs. */ async endpointGetActionsStatus(props: EndpointGetActionsStatusProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointGetActionsStatus`); return this.kbnClient .request<EndpointGetActionsStatusResponse>({ path: '/api/endpoint/action_status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get a file from an endpoint. */ async endpointGetFileAction(props: EndpointGetFileActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointGetFileAction`); return this.kbnClient .request<EndpointGetFileActionResponse>({ path: '/api/endpoint/action/get_file', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get a list of all processes running on an endpoint. */ async endpointGetProcessesAction(props: EndpointGetProcessesActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointGetProcessesAction`); return this.kbnClient .request<EndpointGetProcessesActionResponse>({ path: '/api/endpoint/action/running_procs', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Isolate an endpoint from the network. The endpoint remains isolated until it's released. */ async endpointIsolateAction(props: EndpointIsolateActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointIsolateAction`); return this.kbnClient .request<EndpointIsolateActionResponse>({ path: '/api/endpoint/action/isolate', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Terminate a running process on an endpoint. */ async endpointKillProcessAction(props: EndpointKillProcessActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointKillProcessAction`); return this.kbnClient .request<EndpointKillProcessActionResponse>({ path: '/api/endpoint/action/kill_process', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Scan a specific file or directory on an endpoint for malware. */ async endpointScanAction(props: EndpointScanActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointScanAction`); return this.kbnClient .request<EndpointScanActionResponse>({ path: '/api/endpoint/action/scan', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Suspend a running process on an endpoint. */ async endpointSuspendProcessAction(props: EndpointSuspendProcessActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointSuspendProcessAction`); return this.kbnClient .request<EndpointSuspendProcessActionResponse>({ path: '/api/endpoint/action/suspend_process', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Release an isolated endpoint, allowing it to rejoin a network. */ async endpointUnisolateAction(props: EndpointUnisolateActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointUnisolateAction`); return this.kbnClient .request<EndpointUnisolateActionResponse>({ path: '/api/endpoint/action/unisolate', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Upload a file to an endpoint. */ async endpointUploadAction(props: EndpointUploadActionProps) { this.log.info(`${new Date().toISOString()} Calling API EndpointUploadAction`); return this.kbnClient .request<EndpointUploadActionResponse>({ path: '/api/endpoint/action/upload', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.attachment, }) .catch(catchAxiosErrorFormatAndThrow); } async entityStoreGetPrivileges() { this.log.info(`${new Date().toISOString()} Calling API EntityStoreGetPrivileges`); return this.kbnClient .request<EntityStoreGetPrivilegesResponse>({ path: '/internal/entity_store/privileges', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: - Actions - Exception lists > info > Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. > You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. > Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. */ async exportRules(props: ExportRulesProps) { this.log.info(`${new Date().toISOString()} Calling API ExportRules`); return this.kbnClient .request({ path: '/api/detection_engine/rules/_export', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Export Timelines as an NDJSON file. */ async exportTimelines(props: ExportTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API ExportTimelines`); return this.kbnClient .request({ path: '/api/timeline/_export', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, finalize it. */ async finalizeAlertsMigration(props: FinalizeAlertsMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API FinalizeAlertsMigration`); return this.kbnClient .request<FinalizeAlertsMigrationResponse>({ path: '/api/detection_engine/signals/finalize_migration', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * List asset criticality records, paging, sorting and filtering as needed. */ async findAssetCriticalityRecords(props: FindAssetCriticalityRecordsProps) { this.log.info(`${new Date().toISOString()} Calling API FindAssetCriticalityRecords`); return this.kbnClient .request<FindAssetCriticalityRecordsResponse>({ path: '/api/asset_criticality/list', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. */ async findRules(props: FindRulesProps) { this.log.info(`${new Date().toISOString()} Calling API FindRules`); return this.kbnClient .request<FindRulesResponse>({ path: '/api/detection_engine/rules/_find', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves the rule migrations stats for all migrations stored in the system */ async getAllStatsRuleMigration() { this.log.info(`${new Date().toISOString()} Calling API GetAllStatsRuleMigration`); return this.kbnClient .request<GetAllStatsRuleMigrationResponse>({ path: '/internal/siem_migrations/rules/stats', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get the asset criticality record for a specific entity. */ async getAssetCriticalityRecord(props: GetAssetCriticalityRecordProps) { this.log.info(`${new Date().toISOString()} Calling API GetAssetCriticalityRecord`); return this.kbnClient .request<GetAssetCriticalityRecordResponse>({ path: '/api/asset_criticality', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getAssetCriticalityStatus() { this.log.info(`${new Date().toISOString()} Calling API GetAssetCriticalityStatus`); return this.kbnClient .request<GetAssetCriticalityStatusResponse>({ path: '/internal/asset_criticality/status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. */ async getDraftTimelines(props: GetDraftTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API GetDraftTimelines`); return this.kbnClient .request<GetDraftTimelinesResponse>({ path: '/api/timeline/_draft', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getEndpointMetadataList(props: GetEndpointMetadataListProps) { this.log.info(`${new Date().toISOString()} Calling API GetEndpointMetadataList`); return this.kbnClient .request<GetEndpointMetadataListResponse>({ path: '/api/endpoint/metadata', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getEndpointSuggestions(props: GetEndpointSuggestionsProps) { this.log.info(`${new Date().toISOString()} Calling API GetEndpointSuggestions`); return this.kbnClient .request<GetEndpointSuggestionsResponse>({ path: replaceParams('/internal/api/endpoint/suggestions/{suggestion_type}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async getEntityEngine(props: GetEntityEngineProps) { this.log.info(`${new Date().toISOString()} Calling API GetEntityEngine`); return this.kbnClient .request<GetEntityEngineResponse>({ path: replaceParams('/api/entity_store/engines/{entityType}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async getEntityStoreStatus(props: GetEntityStoreStatusProps) { this.log.info(`${new Date().toISOString()} Calling API GetEntityStoreStatus`); return this.kbnClient .request<GetEntityStoreStatusResponse>({ path: '/api/entity_store/status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get all notes for a given document. */ async getNotes(props: GetNotesProps) { this.log.info(`${new Date().toISOString()} Calling API GetNotes`); return this.kbnClient .request<GetNotesResponse>({ path: '/api/note', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getPolicyResponse(props: GetPolicyResponseProps) { this.log.info(`${new Date().toISOString()} Calling API GetPolicyResponse`); return this.kbnClient .request<GetPolicyResponseResponse>({ path: '/api/endpoint/policy_response', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getPrivMonUser(props: GetPrivMonUserProps) { this.log.info(`${new Date().toISOString()} Calling API GetPrivMonUser`); return this.kbnClient .request<GetPrivMonUserResponse>({ path: replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async getProtectionUpdatesNote(props: GetProtectionUpdatesNoteProps) { this.log.info(`${new Date().toISOString()} Calling API GetProtectionUpdatesNote`); return this.kbnClient .request<GetProtectionUpdatesNoteResponse>({ path: replaceParams( '/api/endpoint/protection_updates_note/{package_policy_id}', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine */ async getRiskEngineStatus() { this.log.info(`${new Date().toISOString()} Calling API GetRiskEngineStatus`); return this.kbnClient .request<GetRiskEngineStatusResponse>({ path: '/internal/risk_score/engine/status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async getRuleExecutionEvents(props: GetRuleExecutionEventsProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleExecutionEvents`); return this.kbnClient .request<GetRuleExecutionEventsResponse>({ path: replaceParams( '/internal/detection_engine/rules/{ruleId}/execution/events', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'PUT', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getRuleExecutionResults(props: GetRuleExecutionResultsProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleExecutionResults`); return this.kbnClient .request<GetRuleExecutionResultsResponse>({ path: replaceParams( '/internal/detection_engine/rules/{ruleId}/execution/results', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'PUT', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves the rule documents stored in the system given the rule migration id */ async getRuleMigration(props: GetRuleMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigration`); return this.kbnClient .request<GetRuleMigrationResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves all related integrations */ async getRuleMigrationIntegrations() { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationIntegrations`); return this.kbnClient .request<GetRuleMigrationIntegrationsResponse>({ path: '/internal/siem_migrations/rules/integrations', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves all available prebuilt rules (installed and installable) */ async getRuleMigrationPrebuiltRules(props: GetRuleMigrationPrebuiltRulesProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationPrebuiltRules`); return this.kbnClient .request<GetRuleMigrationPrebuiltRulesResponse>({ path: replaceParams( '/internal/siem_migrations/rules/{migration_id}/prebuilt_rules', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Identifies the privileges required for a SIEM rules migration and returns the missing privileges */ async getRuleMigrationPrivileges() { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationPrivileges`); return this.kbnClient .request<GetRuleMigrationPrivilegesResponse>({ path: '/internal/siem_migrations/rules/missing_privileges', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves resources for an existing SIEM rules migration */ async getRuleMigrationResources(props: GetRuleMigrationResourcesProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationResources`); return this.kbnClient .request<GetRuleMigrationResourcesResponse>({ path: replaceParams( '/internal/siem_migrations/rules/{migration_id}/resources', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Identifies missing resources from all the rules of an existing SIEM rules migration */ async getRuleMigrationResourcesMissing(props: GetRuleMigrationResourcesMissingProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationResourcesMissing`); return this.kbnClient .request<GetRuleMigrationResourcesMissingResponse>({ path: replaceParams( '/internal/siem_migrations/rules/{migration_id}/resources/missing', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves the stats of a SIEM rules migration using the migration id provided */ async getRuleMigrationStats(props: GetRuleMigrationStatsProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationStats`); return this.kbnClient .request<GetRuleMigrationStatsResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}/stats', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves the translation stats of a SIEM rules migration using the migration id provided */ async getRuleMigrationTranslationStats(props: GetRuleMigrationTranslationStatsProps) { this.log.info(`${new Date().toISOString()} Calling API GetRuleMigrationTranslationStats`); return this.kbnClient .request<GetRuleMigrationTranslationStatsResponse>({ path: replaceParams( '/internal/siem_migrations/rules/{migration_id}/translation_stats', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get the details of an existing saved Timeline or Timeline template. */ async getTimeline(props: GetTimelineProps) { this.log.info(`${new Date().toISOString()} Calling API GetTimeline`); return this.kbnClient .request<GetTimelineResponse>({ path: '/api/timeline', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Get a list of all saved Timelines or Timeline templates. */ async getTimelines(props: GetTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API GetTimelines`); return this.kbnClient .request<GetTimelinesResponse>({ path: '/api/timelines', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async getWorkflowInsights(props: GetWorkflowInsightsProps) { this.log.info(`${new Date().toISOString()} Calling API GetWorkflowInsights`); return this.kbnClient .request<GetWorkflowInsightsResponse>({ path: '/internal/api/endpoint/workflow_insights', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: - The `Content-Type: multipart/form-data` HTTP header. - A link to the `.ndjson` file containing the rules. > warn > When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. > If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. > info > To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. > info > Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. > You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. > Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. */ async importRules(props: ImportRulesProps) { this.log.info(`${new Date().toISOString()} Calling API ImportRules`); return this.kbnClient .request<ImportRulesResponse>({ path: '/api/detection_engine/rules/_import', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.attachment, query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Import Timelines. */ async importTimelines(props: ImportTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API ImportTimelines`); return this.kbnClient .request<ImportTimelinesResponse>({ path: '/api/timeline/_import', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async initEntityEngine(props: InitEntityEngineProps) { this.log.info(`${new Date().toISOString()} Calling API InitEntityEngine`); return this.kbnClient .request<InitEntityEngineResponse>({ path: replaceParams('/api/entity_store/engines/{entityType}/init', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async initEntityStore(props: InitEntityStoreProps) { this.log.info(`${new Date().toISOString()} Calling API InitEntityStore`); return this.kbnClient .request<InitEntityStoreResponse>({ path: '/api/entity_store/enable', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async initMonitoringEngine() { this.log.info(`${new Date().toISOString()} Calling API InitMonitoringEngine`); return this.kbnClient .request<InitMonitoringEngineResponse>({ path: '/api/entity_analytics/monitoring/engine/init', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine */ async initRiskEngine() { this.log.info(`${new Date().toISOString()} Calling API InitRiskEngine`); return this.kbnClient .request<InitRiskEngineResponse>({ path: '/internal/risk_score/engine/init', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Installs migration rules */ async installMigrationRules(props: InstallMigrationRulesProps) { this.log.info(`${new Date().toISOString()} Calling API InstallMigrationRules`); return this.kbnClient .request<InstallMigrationRulesResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}/install', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Install and update all Elastic prebuilt detection rules and Timelines. This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. When you call this endpoint, it will: - Install any new prebuilt detection rules that are not currently installed in your system. - Update any existing prebuilt detection rules that have been modified or improved by Elastic. - Install any new prebuilt Timelines that are not currently installed in your system. - Update any existing prebuilt Timelines that have been modified or improved by Elastic. This ensures that your detection engine is always up-to-date with the latest rules and Timelines, providing you with the most current and effective threat detection capabilities. */ async installPrebuiltRulesAndTimelines() { this.log.info(`${new Date().toISOString()} Calling API InstallPrebuiltRulesAndTimelines`); return this.kbnClient .request<InstallPrebuiltRulesAndTimelinesResponse>({ path: '/api/detection_engine/rules/prepackaged', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PUT', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Install or update prepackaged Timelines. */ async installPrepackedTimelines(props: InstallPrepackedTimelinesProps) { this.log.info(`${new Date().toISOString()} Calling API InstallPrepackedTimelines`); return this.kbnClient .request<InstallPrepackedTimelinesResponse>({ path: '/api/timeline/_prepackaged', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async internalUploadAssetCriticalityRecords(props: InternalUploadAssetCriticalityRecordsProps) { this.log.info(`${new Date().toISOString()} Calling API InternalUploadAssetCriticalityRecords`); return this.kbnClient .request<InternalUploadAssetCriticalityRecordsResponse>({ path: '/internal/asset_criticality/upload_csv', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.attachment, }) .catch(catchAxiosErrorFormatAndThrow); } /** * List entities records, paging, sorting and filtering as needed. */ async listEntities(props: ListEntitiesProps) { this.log.info(`${new Date().toISOString()} Calling API ListEntities`); return this.kbnClient .request<ListEntitiesResponse>({ path: '/api/entity_store/entities/list', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async listEntityEngines() { this.log.info(`${new Date().toISOString()} Calling API ListEntityEngines`); return this.kbnClient .request<ListEntityEnginesResponse>({ path: '/api/entity_store/engines', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async listPrivMonUsers(props: ListPrivMonUsersProps) { this.log.info(`${new Date().toISOString()} Calling API ListPrivMonUsers`); return this.kbnClient .request<ListPrivMonUsersResponse>({ path: '/api/entity_analytics/monitoring/users/list', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Update specific fields of an existing detection rule using the `rule_id` or `id` field. The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. > warn > When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. > If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. */ async patchRule(props: PatchRuleProps) { this.log.info(`${new Date().toISOString()} Calling API PatchRule`); return this.kbnClient .request<PatchRuleResponse>({ path: '/api/detection_engine/rules', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PATCH', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. */ async patchTimeline(props: PatchTimelineProps) { this.log.info(`${new Date().toISOString()} Calling API PatchTimeline`); return this.kbnClient .request<PatchTimelineResponse>({ path: '/api/timeline', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PATCH', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. > warn > When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. > If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. */ async performRulesBulkAction(props: PerformRulesBulkActionProps) { this.log.info(`${new Date().toISOString()} Calling API PerformRulesBulkAction`); return this.kbnClient .request<PerformRulesBulkActionResponse>({ path: '/api/detection_engine/rules/_bulk_action', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Favorite a Timeline or Timeline template for the current user. */ async persistFavoriteRoute(props: PersistFavoriteRouteProps) { this.log.info(`${new Date().toISOString()} Calling API PersistFavoriteRoute`); return this.kbnClient .request<PersistFavoriteRouteResponse>({ path: '/api/timeline/_favorite', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PATCH', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Add a note to a Timeline or update an existing note. */ async persistNoteRoute(props: PersistNoteRouteProps) { this.log.info(`${new Date().toISOString()} Calling API PersistNoteRoute`); return this.kbnClient .request<PersistNoteRouteResponse>({ path: '/api/note', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PATCH', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Pin/unpin an event to/from an existing Timeline. */ async persistPinnedEventRoute(props: PersistPinnedEventRouteProps) { this.log.info(`${new Date().toISOString()} Calling API PersistPinnedEventRoute`); return this.kbnClient .request<PersistPinnedEventRouteResponse>({ path: '/api/pinned_event', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PATCH', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. */ async previewRiskScore(props: PreviewRiskScoreProps) { this.log.info(`${new Date().toISOString()} Calling API PreviewRiskScore`); return this.kbnClient .request<PreviewRiskScoreResponse>({ path: '/internal/risk_score/preview', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async privMonHealth() { this.log.info(`${new Date().toISOString()} Calling API PrivMonHealth`); return this.kbnClient .request<PrivMonHealthResponse>({ path: '/api/entity_analytics/monitoring/privileges/health', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async readAlertsIndex() { this.log.info(`${new Date().toISOString()} Calling API ReadAlertsIndex`); return this.kbnClient .request<ReadAlertsIndexResponse>({ path: '/api/detection_engine/index', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. */ async readAlertsMigrationStatus(props: ReadAlertsMigrationStatusProps) { this.log.info(`${new Date().toISOString()} Calling API ReadAlertsMigrationStatus`); return this.kbnClient .request<ReadAlertsMigrationStatusResponse>({ path: '/api/detection_engine/signals/migration_status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieve the status of all Elastic prebuilt detection rules and Timelines. This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. */ async readPrebuiltRulesAndTimelinesStatus() { this.log.info(`${new Date().toISOString()} Calling API ReadPrebuiltRulesAndTimelinesStatus`); return this.kbnClient .request<ReadPrebuiltRulesAndTimelinesStatusResponse>({ path: '/api/detection_engine/rules/prepackaged/_status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieves whether or not the user is authenticated, and the user's Kibana space and index privileges, which determine if the user can create an index for the Elastic Security alerts generated by detection engine rules. */ async readPrivileges() { this.log.info(`${new Date().toISOString()} Calling API ReadPrivileges`); return this.kbnClient .request<ReadPrivilegesResponse>({ path: '/api/detection_engine/privileges', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async readRiskEngineSettings() { this.log.info(`${new Date().toISOString()} Calling API ReadRiskEngineSettings`); return this.kbnClient .request<ReadRiskEngineSettingsResponse>({ path: '/internal/risk_score/engine/settings', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Retrieve a detection rule using the `rule_id` or `id` field. The URL query must include one of the following: * `id` - `GET /api/detection_engine/rules?id=<id>` * `rule_id` - `GET /api/detection_engine/rules?rule_id=<rule_id>` The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. */ async readRule(props: ReadRuleProps) { this.log.info(`${new Date().toISOString()} Calling API ReadRule`); return this.kbnClient .request<ReadRuleResponse>({ path: '/api/detection_engine/rules', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * List all unique tags from all detection rules. */ async readTags() { this.log.info(`${new Date().toISOString()} Calling API ReadTags`); return this.kbnClient .request<ReadTagsResponse>({ path: '/api/detection_engine/tags', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async resolveTimeline(props: ResolveTimelineProps) { this.log.info(`${new Date().toISOString()} Calling API ResolveTimeline`); return this.kbnClient .request<ResolveTimelineResponse>({ path: '/api/timeline/resolve', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } async riskEngineGetPrivileges() { this.log.info(`${new Date().toISOString()} Calling API RiskEngineGetPrivileges`); return this.kbnClient .request<RiskEngineGetPrivilegesResponse>({ path: '/internal/risk_engine/privileges', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'GET', }) .catch(catchAxiosErrorFormatAndThrow); } async rulePreview(props: RulePreviewProps) { this.log.info(`${new Date().toISOString()} Calling API RulePreview`); return this.kbnClient .request<RulePreviewResponse>({ path: '/api/detection_engine/rules/preview', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Run a shell command on an endpoint. */ async runScriptAction(props: RunScriptActionProps) { this.log.info(`${new Date().toISOString()} Calling API RunScriptAction`); return this.kbnClient .request<RunScriptActionResponse>({ path: '/api/endpoint/action/runscript', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. */ async scheduleRiskEngineNow() { this.log.info(`${new Date().toISOString()} Calling API ScheduleRiskEngineNow`); return this.kbnClient .request<ScheduleRiskEngineNowResponse>({ path: '/api/risk_score/engine/schedule_now', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Find and/or aggregate detection alerts that match the given query. */ async searchAlerts(props: SearchAlertsProps) { this.log.info(`${new Date().toISOString()} Calling API SearchAlerts`); return this.kbnClient .request<SearchAlertsResponse>({ path: '/api/detection_engine/signals/search', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async searchPrivilegesIndices(props: SearchPrivilegesIndicesProps) { this.log.info(`${new Date().toISOString()} Calling API SearchPrivilegesIndices`); return this.kbnClient .request<SearchPrivilegesIndicesResponse>({ path: '/api/entity_analytics/monitoring/privileges/indices', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'GET', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Assign users to detection alerts, and unassign them from alerts. > info > You cannot add and remove the same assignee in the same request. */ async setAlertAssignees(props: SetAlertAssigneesProps) { this.log.info(`${new Date().toISOString()} Calling API SetAlertAssignees`); return this.kbnClient .request({ path: '/api/detection_engine/signals/assignees', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Set the status of one or more detection alerts. */ async setAlertsStatus(props: SetAlertsStatusProps) { this.log.info(`${new Date().toISOString()} Calling API SetAlertsStatus`); return this.kbnClient .request<SetAlertsStatusResponse>({ path: '/api/detection_engine/signals/status', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * And tags to detection alerts, and remove them from alerts. > info > You cannot add and remove the same alert tag in the same request. */ async setAlertTags(props: SetAlertTagsProps) { this.log.info(`${new Date().toISOString()} Calling API SetAlertTags`); return this.kbnClient .request<SetAlertTagsResponse>({ path: '/api/detection_engine/signals/tags', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async startEntityEngine(props: StartEntityEngineProps) { this.log.info(`${new Date().toISOString()} Calling API StartEntityEngine`); return this.kbnClient .request<StartEntityEngineResponse>({ path: replaceParams('/api/entity_store/engines/{entityType}/start', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Starts a SIEM rules migration using the migration id provided */ async startRuleMigration(props: StartRuleMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API StartRuleMigration`); return this.kbnClient .request<StartRuleMigrationResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}/start', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'PUT', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async stopEntityEngine(props: StopEntityEngineProps) { this.log.info(`${new Date().toISOString()} Calling API StopEntityEngine`); return this.kbnClient .request<StopEntityEngineResponse>({ path: replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Stops a running SIEM rules migration using the migration id provided */ async stopRuleMigration(props: StopRuleMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API StopRuleMigration`); return this.kbnClient .request<StopRuleMigrationResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}/stop', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'PUT', }) .catch(catchAxiosErrorFormatAndThrow); } /** * Suggests user profiles. */ async suggestUserProfiles(props: SuggestUserProfilesProps) { this.log.info(`${new Date().toISOString()} Calling API SuggestUserProfiles`); return this.kbnClient .request({ path: '/internal/detection_engine/users/_find', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', query: props.query, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Calculates and persists Risk Scores for an entity, returning the calculated risk score. */ async triggerRiskScoreCalculation(props: TriggerRiskScoreCalculationProps) { this.log.info(`${new Date().toISOString()} Calling API TriggerRiskScoreCalculation`); return this.kbnClient .request<TriggerRiskScoreCalculationResponse>({ path: '/internal/risk_score/calculation/entity', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async updatePrivMonUser(props: UpdatePrivMonUserProps) { this.log.info(`${new Date().toISOString()} Calling API UpdatePrivMonUser`); return this.kbnClient .request<UpdatePrivMonUserResponse>({ path: replaceParams('/api/entity_analytics/monitoring/users/{id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PUT', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. > warn > When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. > If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. */ async updateRule(props: UpdateRuleProps) { this.log.info(`${new Date().toISOString()} Calling API UpdateRule`); return this.kbnClient .request<UpdateRuleResponse>({ path: '/api/detection_engine/rules', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'PUT', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Updates rules migrations attributes */ async updateRuleMigration(props: UpdateRuleMigrationProps) { this.log.info(`${new Date().toISOString()} Calling API UpdateRuleMigration`); return this.kbnClient .request<UpdateRuleMigrationResponse>({ path: replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'PUT', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async updateWorkflowInsight(props: UpdateWorkflowInsightProps) { this.log.info(`${new Date().toISOString()} Calling API UpdateWorkflowInsight`); return this.kbnClient .request<UpdateWorkflowInsightResponse>({ path: replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'PUT', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } async uploadAssetCriticalityRecords(props: UploadAssetCriticalityRecordsProps) { this.log.info(`${new Date().toISOString()} Calling API UploadAssetCriticalityRecords`); return this.kbnClient .request<UploadAssetCriticalityRecordsResponse>({ path: '/api/asset_criticality/upload_csv', headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.attachment, }) .catch(catchAxiosErrorFormatAndThrow); } /** * Creates or updates resources for an existing SIEM rules migration */ async upsertRuleMigrationResources(props: UpsertRuleMigrationResourcesProps) { this.log.info(`${new Date().toISOString()} Calling API UpsertRuleMigrationResources`); return this.kbnClient .request<UpsertRuleMigrationResourcesResponse>({ path: replaceParams( '/internal/siem_migrations/rules/{migration_id}/resources', props.params ), headers: { [ELASTIC_HTTP_VERSION_HEADER]: '1', }, method: 'POST', body: props.body, }) .catch(catchAxiosErrorFormatAndThrow); } } export interface AlertsMigrationCleanupProps { body: AlertsMigrationCleanupRequestBodyInput; } export interface BulkUpsertAssetCriticalityRecordsProps { body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; } export interface CleanDraftTimelinesProps { body: CleanDraftTimelinesRequestBodyInput; } export interface ConfigureRiskEngineSavedObjectProps { body: ConfigureRiskEngineSavedObjectRequestBodyInput; } export interface CopyTimelineProps { body: CopyTimelineRequestBodyInput; } export interface CreateAlertsMigrationProps { body: CreateAlertsMigrationRequestBodyInput; } export interface CreateAssetCriticalityRecordProps { body: CreateAssetCriticalityRecordRequestBodyInput; } export interface CreatePrivMonUserProps { body: CreatePrivMonUserRequestBodyInput; } export interface CreateRuleProps { body: CreateRuleRequestBodyInput; } export interface CreateRuleMigrationProps { params: CreateRuleMigrationRequestParamsInput; body: CreateRuleMigrationRequestBodyInput; } export interface CreateTimelinesProps { body: CreateTimelinesRequestBodyInput; } export interface CreateUpdateProtectionUpdatesNoteProps { params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; } export interface DeleteAssetCriticalityRecordProps { query: DeleteAssetCriticalityRecordRequestQueryInput; } export interface DeleteEntityEngineProps { query: DeleteEntityEngineRequestQueryInput; params: DeleteEntityEngineRequestParamsInput; } export interface DeleteNoteProps { body: DeleteNoteRequestBodyInput; } export interface DeletePrivMonUserProps { params: DeletePrivMonUserRequestParamsInput; } export interface DeleteRuleProps { query: DeleteRuleRequestQueryInput; } export interface DeleteTimelinesProps { body: DeleteTimelinesRequestBodyInput; } export interface DeprecatedTriggerRiskScoreCalculationProps { body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; } export interface EndpointExecuteActionProps { body: EndpointExecuteActionRequestBodyInput; } export interface EndpointFileDownloadProps { params: EndpointFileDownloadRequestParamsInput; } export interface EndpointFileInfoProps { params: EndpointFileInfoRequestParamsInput; } export interface EndpointGetActionsDetailsProps { params: EndpointGetActionsDetailsRequestParamsInput; } export interface EndpointGetActionsListProps { query: EndpointGetActionsListRequestQueryInput; } export interface EndpointGetActionsStatusProps { query: EndpointGetActionsStatusRequestQueryInput; } export interface EndpointGetFileActionProps { body: EndpointGetFileActionRequestBodyInput; } export interface EndpointGetProcessesActionProps { body: EndpointGetProcessesActionRequestBodyInput; } export interface EndpointIsolateActionProps { body: EndpointIsolateActionRequestBodyInput; } export interface EndpointKillProcessActionProps { body: EndpointKillProcessActionRequestBodyInput; } export interface EndpointScanActionProps { body: EndpointScanActionRequestBodyInput; } export interface EndpointSuspendProcessActionProps { body: EndpointSuspendProcessActionRequestBodyInput; } export interface EndpointUnisolateActionProps { body: EndpointUnisolateActionRequestBodyInput; } export interface EndpointUploadActionProps { attachment: FormData; } export interface ExportRulesProps { query: ExportRulesRequestQueryInput; body: ExportRulesRequestBodyInput; } export interface ExportTimelinesProps { query: ExportTimelinesRequestQueryInput; body: ExportTimelinesRequestBodyInput; } export interface FinalizeAlertsMigrationProps { body: FinalizeAlertsMigrationRequestBodyInput; } export interface FindAssetCriticalityRecordsProps { query: FindAssetCriticalityRecordsRequestQueryInput; } export interface FindRulesProps { query: FindRulesRequestQueryInput; } export interface GetAssetCriticalityRecordProps { query: GetAssetCriticalityRecordRequestQueryInput; } export interface GetDraftTimelinesProps { query: GetDraftTimelinesRequestQueryInput; } export interface GetEndpointMetadataListProps { query: GetEndpointMetadataListRequestQueryInput; } export interface GetEndpointSuggestionsProps { params: GetEndpointSuggestionsRequestParamsInput; body: GetEndpointSuggestionsRequestBodyInput; } export interface GetEntityEngineProps { params: GetEntityEngineRequestParamsInput; } export interface GetEntityStoreStatusProps { query: GetEntityStoreStatusRequestQueryInput; } export interface GetNotesProps { query: GetNotesRequestQueryInput; } export interface GetPolicyResponseProps { query: GetPolicyResponseRequestQueryInput; } export interface GetPrivMonUserProps { params: GetPrivMonUserRequestParamsInput; } export interface GetProtectionUpdatesNoteProps { params: GetProtectionUpdatesNoteRequestParamsInput; } export interface GetRuleExecutionEventsProps { query: GetRuleExecutionEventsRequestQueryInput; params: GetRuleExecutionEventsRequestParamsInput; } export interface GetRuleExecutionResultsProps { query: GetRuleExecutionResultsRequestQueryInput; params: GetRuleExecutionResultsRequestParamsInput; } export interface GetRuleMigrationProps { query: GetRuleMigrationRequestQueryInput; params: GetRuleMigrationRequestParamsInput; } export interface GetRuleMigrationPrebuiltRulesProps { params: GetRuleMigrationPrebuiltRulesRequestParamsInput; } export interface GetRuleMigrationResourcesProps { query: GetRuleMigrationResourcesRequestQueryInput; params: GetRuleMigrationResourcesRequestParamsInput; } export interface GetRuleMigrationResourcesMissingProps { params: GetRuleMigrationResourcesMissingRequestParamsInput; } export interface GetRuleMigrationStatsProps { params: GetRuleMigrationStatsRequestParamsInput; } export interface GetRuleMigrationTranslationStatsProps { params: GetRuleMigrationTranslationStatsRequestParamsInput; } export interface GetTimelineProps { query: GetTimelineRequestQueryInput; } export interface GetTimelinesProps { query: GetTimelinesRequestQueryInput; } export interface GetWorkflowInsightsProps { query: GetWorkflowInsightsRequestQueryInput; } export interface ImportRulesProps { query: ImportRulesRequestQueryInput; attachment: FormData; } export interface ImportTimelinesProps { body: ImportTimelinesRequestBodyInput; } export interface InitEntityEngineProps { params: InitEntityEngineRequestParamsInput; body: InitEntityEngineRequestBodyInput; } export interface InitEntityStoreProps { body: InitEntityStoreRequestBodyInput; } export interface InstallMigrationRulesProps { params: InstallMigrationRulesRequestParamsInput; body: InstallMigrationRulesRequestBodyInput; } export interface InstallPrepackedTimelinesProps { body: InstallPrepackedTimelinesRequestBodyInput; } export interface InternalUploadAssetCriticalityRecordsProps { attachment: FormData; } export interface ListEntitiesProps { query: ListEntitiesRequestQueryInput; } export interface ListPrivMonUsersProps { query: ListPrivMonUsersRequestQueryInput; } export interface PatchRuleProps { body: PatchRuleRequestBodyInput; } export interface PatchTimelineProps { body: PatchTimelineRequestBodyInput; } export interface PerformRulesBulkActionProps { query: PerformRulesBulkActionRequestQueryInput; body: PerformRulesBulkActionRequestBodyInput; } export interface PersistFavoriteRouteProps { body: PersistFavoriteRouteRequestBodyInput; } export interface PersistNoteRouteProps { body: PersistNoteRouteRequestBodyInput; } export interface PersistPinnedEventRouteProps { body: PersistPinnedEventRouteRequestBodyInput; } export interface PreviewRiskScoreProps { body: PreviewRiskScoreRequestBodyInput; } export interface ReadAlertsMigrationStatusProps { query: ReadAlertsMigrationStatusRequestQueryInput; } export interface ReadRuleProps { query: ReadRuleRequestQueryInput; } export interface ResolveTimelineProps { query: ResolveTimelineRequestQueryInput; } export interface RulePreviewProps { query: RulePreviewRequestQueryInput; body: RulePreviewRequestBodyInput; } export interface RunScriptActionProps { body: RunScriptActionRequestBodyInput; } export interface SearchAlertsProps { body: SearchAlertsRequestBodyInput; } export interface SearchPrivilegesIndicesProps { query: SearchPrivilegesIndicesRequestQueryInput; } export interface SetAlertAssigneesProps { body: SetAlertAssigneesRequestBodyInput; } export interface SetAlertsStatusProps { body: SetAlertsStatusRequestBodyInput; } export interface SetAlertTagsProps { body: SetAlertTagsRequestBodyInput; } export interface StartEntityEngineProps { params: StartEntityEngineRequestParamsInput; } export interface StartRuleMigrationProps { params: StartRuleMigrationRequestParamsInput; body: StartRuleMigrationRequestBodyInput; } export interface StopEntityEngineProps { params: StopEntityEngineRequestParamsInput; } export interface StopRuleMigrationProps { params: StopRuleMigrationRequestParamsInput; } export interface SuggestUserProfilesProps { query: SuggestUserProfilesRequestQueryInput; } export interface TriggerRiskScoreCalculationProps { body: TriggerRiskScoreCalculationRequestBodyInput; } export interface UpdatePrivMonUserProps { params: UpdatePrivMonUserRequestParamsInput; body: UpdatePrivMonUserRequestBodyInput; } export interface UpdateRuleProps { body: UpdateRuleRequestBodyInput; } export interface UpdateRuleMigrationProps { params: UpdateRuleMigrationRequestParamsInput; body: UpdateRuleMigrationRequestBodyInput; } export interface UpdateWorkflowInsightProps { params: UpdateWorkflowInsightRequestParamsInput; body: UpdateWorkflowInsightRequestBodyInput; } export interface UploadAssetCriticalityRecordsProps { attachment: FormData; } export interface UpsertRuleMigrationResourcesProps { params: UpsertRuleMigrationResourcesRequestParamsInput; body: UpsertRuleMigrationResourcesRequestBodyInput; }