IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Find exception items Get exception item »
Elastic Docs Elastic Security Solution [7.13] Elastic Security APIs Exceptions API

Get exception container

edit

Get exception container

edit

Retrieves an exception container using its id or list_id field.

The Kibana Console supports only Elasticsearch APIs. You cannot interact with the Kibana APIs with the Console and must use curl or another HTTP tool instead. For more information, refer to Console.

Request URL

edit

GET <kibana host>:<port>/api/exception_lists

URL query parameters

edit

The URL query must include the container’s id or list_id:

  • id - GET /api/exception_lists?id=<id>
  • list_id - GET /api/exception_lists?list_id=<list_id>

Example request

edit

Retrieves the list container with a list_id of allowed-processes:

GET api/exception_lists?list_id=internal-ip-excludes

Response code

edit
200
Indicates a successful call.

Response payload

edit
{
  "_tags": [],
  "created_at": "2020-07-14T08:24:22.884Z",
  "created_by": "LiverpoolFC",
  "description": "Excludes trusted processes",
  "id": "6c03f6a0-c5ab-11ea-a3d8-a5b753aeeb9e",
  "list_id": "allowed-processes",
  "name": "Process exceptions",
  "namespace_type": "single",
  "tags": [
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "65e16c8a-0d45-4e38-8a8f-094658a5df90",
  "type": "detection",
  "updated_at": "2020-07-14T08:24:23.050Z",
  "updated_by": "LiverpoolFC"
}
« Find exception items Get exception item »