Request: Need the Ability to Get to Kibana's Security Detections Endpoints within DevTools and via API Calls

[agafonoo]

Hello!

I am trying to get to the Kibana Detections API endpoints in order to list and create detection rules and I can't.

I am SSH-ed into my Security Onion stand-alone VM and I try the following:

curl -v -k -u myuser:password --request GET "localhost:5601/api/detection_engine/rules/_find"

I also tried this endpoint:

curl -v -k -u myuser:password --request GET "localhost:5601/kibana/api/detection_engine/rules/_find"

The user "myuser" has been assigned a custom api_user role that I created in the Kibana GUI, following Elastic's documentation described here: Elastic docs.

We do have an enterprise-level license for Security Onion in our production environment but I am trying all of these things in my dev environment first to test things out.

Is it possible to get to the Kibana Detections API at all? I was trying to do it with Dev Tools also and didn't see those endpoints at all.

[reyesj2]

This seems to work via dev tools

GET kbn:/api/detection_engine/rules/_find

found at https://www.elastic.co/docs/api/doc/kibana/operation/operation-findrules