@@ -422,6 +422,13 @@ components:
422422 required: true
423423 schema:
424424 type: string
425+ HistoricalSignalID:
426+ description: The ID of the historical signal.
427+ in: path
428+ name: histsignal_id
429+ required: true
430+ schema:
431+ type: string
425432 IncidentAttachmentFilterQueryParameter:
426433 description: Specifies which types of attachments are included in the response.
427434 explode: false
@@ -726,6 +733,58 @@ components:
726733 required: true
727734 schema:
728735 type: string
736+ QueryFilterFrom:
737+ description: The minimum timestamp for requested security signals.
738+ example: '2019-01-02T09:42:36.320Z'
739+ in: query
740+ name: filter[from]
741+ required: false
742+ schema:
743+ format: date-time
744+ type: string
745+ QueryFilterSearch:
746+ description: The search query for security signals.
747+ example: security:attack status:high
748+ in: query
749+ name: filter[query]
750+ required: false
751+ schema:
752+ type: string
753+ QueryFilterTo:
754+ description: The maximum timestamp for requested security signals.
755+ example: '2019-01-03T09:42:36.320Z'
756+ in: query
757+ name: filter[to]
758+ required: false
759+ schema:
760+ format: date-time
761+ type: string
762+ QueryPageCursor:
763+ description: A list of results using the cursor provided in the previous query.
764+ example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
765+ in: query
766+ name: page[cursor]
767+ required: false
768+ schema:
769+ type: string
770+ QueryPageLimit:
771+ description: The maximum number of security signals in the response.
772+ example: 25
773+ in: query
774+ name: page[limit]
775+ required: false
776+ schema:
777+ default: 10
778+ format: int32
779+ maximum: 1000
780+ type: integer
781+ QuerySort:
782+ description: The order of the security signals in results.
783+ in: query
784+ name: sort
785+ required: false
786+ schema:
787+ $ref: '#/components/schemas/SecurityMonitoringSignalsSort'
729788 RelationInclude:
730789 description: Include relationship data.
731790 explode: true
@@ -64269,52 +64328,12 @@ paths:
6426964328 security signals.'
6427064329 operationId: ListSecurityMonitoringSignals
6427164330 parameters:
64272- - description: The search query for security signals.
64273- example: security:attack status:high
64274- in: query
64275- name: filter[query]
64276- required: false
64277- schema:
64278- type: string
64279- - description: The minimum timestamp for requested security signals.
64280- example: '2019-01-02T09:42:36.320Z'
64281- in: query
64282- name: filter[from]
64283- required: false
64284- schema:
64285- format: date-time
64286- type: string
64287- - description: The maximum timestamp for requested security signals.
64288- example: '2019-01-03T09:42:36.320Z'
64289- in: query
64290- name: filter[to]
64291- required: false
64292- schema:
64293- format: date-time
64294- type: string
64295- - description: The order of the security signals in results.
64296- in: query
64297- name: sort
64298- required: false
64299- schema:
64300- $ref: '#/components/schemas/SecurityMonitoringSignalsSort'
64301- - description: A list of results using the cursor provided in the previous query.
64302- example: eyJzdGFydEF0IjoiQVFBQUFYS2tMS3pPbm40NGV3QUFBQUJCV0V0clRFdDZVbG8zY3pCRmNsbHJiVmxDWlEifQ==
64303- in: query
64304- name: page[cursor]
64305- required: false
64306- schema:
64307- type: string
64308- - description: The maximum number of security signals in the response.
64309- example: 25
64310- in: query
64311- name: page[limit]
64312- required: false
64313- schema:
64314- default: 10
64315- format: int32
64316- maximum: 1000
64317- type: integer
64331+ - $ref: '#/components/parameters/QueryFilterSearch'
64332+ - $ref: '#/components/parameters/QueryFilterFrom'
64333+ - $ref: '#/components/parameters/QueryFilterTo'
64334+ - $ref: '#/components/parameters/QuerySort'
64335+ - $ref: '#/components/parameters/QueryPageCursor'
64336+ - $ref: '#/components/parameters/QueryPageLimit'
6431864337 responses:
6431964338 '200':
6432064339 content:
@@ -65595,6 +65614,123 @@ paths:
6559565614 permissions:
6559665615 - incident_settings_write
6559765616 x-unstable: '**Note**: This endpoint is deprecated.'
65617+ /api/v2/siem-historical-detections/histsignals:
65618+ get:
65619+ description: List hist signals.
65620+ operationId: ListSecurityMonitoringHistsignals
65621+ parameters:
65622+ - $ref: '#/components/parameters/QueryFilterSearch'
65623+ - $ref: '#/components/parameters/QueryFilterFrom'
65624+ - $ref: '#/components/parameters/QueryFilterTo'
65625+ - $ref: '#/components/parameters/QuerySort'
65626+ - $ref: '#/components/parameters/QueryPageCursor'
65627+ - $ref: '#/components/parameters/QueryPageLimit'
65628+ responses:
65629+ '200':
65630+ content:
65631+ application/json:
65632+ schema:
65633+ $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
65634+ description: OK
65635+ '400':
65636+ $ref: '#/components/responses/BadRequestResponse'
65637+ '403':
65638+ $ref: '#/components/responses/NotAuthorizedResponse'
65639+ '404':
65640+ $ref: '#/components/responses/NotFoundResponse'
65641+ '429':
65642+ $ref: '#/components/responses/TooManyRequestsResponse'
65643+ security:
65644+ - apiKeyAuth: []
65645+ appKeyAuth: []
65646+ - AuthZ:
65647+ - security_monitoring_signals_read
65648+ summary: List hist signals
65649+ tags:
65650+ - Security Monitoring
65651+ x-permission:
65652+ operator: OR
65653+ permissions:
65654+ - security_monitoring_signals_read
65655+ x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
65656+
65657+ Please check the documentation regularly for updates.'
65658+ /api/v2/siem-historical-detections/histsignals/search:
65659+ get:
65660+ description: Search hist signals.
65661+ operationId: SearchSecurityMonitoringHistsignals
65662+ requestBody:
65663+ content:
65664+ application/json:
65665+ schema:
65666+ $ref: '#/components/schemas/SecurityMonitoringSignalListRequest'
65667+ required: false
65668+ responses:
65669+ '200':
65670+ content:
65671+ application/json:
65672+ schema:
65673+ $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
65674+ description: OK
65675+ '400':
65676+ $ref: '#/components/responses/BadRequestResponse'
65677+ '403':
65678+ $ref: '#/components/responses/NotAuthorizedResponse'
65679+ '404':
65680+ $ref: '#/components/responses/NotFoundResponse'
65681+ '429':
65682+ $ref: '#/components/responses/TooManyRequestsResponse'
65683+ security:
65684+ - apiKeyAuth: []
65685+ appKeyAuth: []
65686+ - AuthZ:
65687+ - security_monitoring_signals_read
65688+ summary: Search hist signals
65689+ tags:
65690+ - Security Monitoring
65691+ x-permission:
65692+ operator: OR
65693+ permissions:
65694+ - security_monitoring_signals_read
65695+ x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
65696+
65697+ Please check the documentation regularly for updates.'
65698+ /api/v2/siem-historical-detections/histsignals/{histsignal_id}:
65699+ get:
65700+ description: Get a hist signal's details.
65701+ operationId: GetSecurityMonitoringHistsignal
65702+ parameters:
65703+ - $ref: '#/components/parameters/HistoricalSignalID'
65704+ responses:
65705+ '200':
65706+ content:
65707+ application/json:
65708+ schema:
65709+ $ref: '#/components/schemas/SecurityMonitoringSignalResponse'
65710+ description: OK
65711+ '400':
65712+ $ref: '#/components/responses/BadRequestResponse'
65713+ '403':
65714+ $ref: '#/components/responses/NotAuthorizedResponse'
65715+ '404':
65716+ $ref: '#/components/responses/NotFoundResponse'
65717+ '429':
65718+ $ref: '#/components/responses/TooManyRequestsResponse'
65719+ security:
65720+ - apiKeyAuth: []
65721+ appKeyAuth: []
65722+ - AuthZ:
65723+ - security_monitoring_signals_read
65724+ summary: Get a hist signal's details
65725+ tags:
65726+ - Security Monitoring
65727+ x-permission:
65728+ operator: OR
65729+ permissions:
65730+ - security_monitoring_signals_read
65731+ x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
65732+
65733+ Please check the documentation regularly for updates.'
6559865734 /api/v2/siem-historical-detections/jobs:
6559965735 get:
6560065736 description: List historical jobs.
@@ -65816,6 +65952,48 @@ paths:
6581665952 - security_monitoring_rules_write
6581765953 x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
6581865954
65955+ Please check the documentation regularly for updates.'
65956+ /api/v2/siem-historical-detections/jobs/{job_id}/histsignals:
65957+ get:
65958+ description: Get a job's hist signals.
65959+ operationId: GetSecurityMonitoringHistsignalsByJobId
65960+ parameters:
65961+ - $ref: '#/components/parameters/HistoricalJobID'
65962+ - $ref: '#/components/parameters/QueryFilterSearch'
65963+ - $ref: '#/components/parameters/QueryFilterFrom'
65964+ - $ref: '#/components/parameters/QueryFilterTo'
65965+ - $ref: '#/components/parameters/QuerySort'
65966+ - $ref: '#/components/parameters/QueryPageCursor'
65967+ - $ref: '#/components/parameters/QueryPageLimit'
65968+ responses:
65969+ '200':
65970+ content:
65971+ application/json:
65972+ schema:
65973+ $ref: '#/components/schemas/SecurityMonitoringSignalsListResponse'
65974+ description: OK
65975+ '400':
65976+ $ref: '#/components/responses/BadRequestResponse'
65977+ '403':
65978+ $ref: '#/components/responses/NotAuthorizedResponse'
65979+ '404':
65980+ $ref: '#/components/responses/NotFoundResponse'
65981+ '429':
65982+ $ref: '#/components/responses/TooManyRequestsResponse'
65983+ security:
65984+ - apiKeyAuth: []
65985+ appKeyAuth: []
65986+ - AuthZ:
65987+ - security_monitoring_signals_read
65988+ summary: Get a job's hist signals
65989+ tags:
65990+ - Security Monitoring
65991+ x-permission:
65992+ operator: OR
65993+ permissions:
65994+ - security_monitoring_signals_read
65995+ x-unstable: '**Note**: This endpoint is in beta and may be subject to changes.
65996+
6581965997 Please check the documentation regularly for updates.'
6582065998 /api/v2/slo/report:
6582165999 post:
0 commit comments