IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Get exception container Export exception list »
Elastic Docs Elastic Security Solution [7.13] Elastic Security APIs Exceptions API

Get exception item

edit

Get exception item

edit

Retrieves an exception item using its id or item_id field.

The Kibana Console supports only Elasticsearch APIs. You cannot interact with the Kibana APIs with the Console and must use curl or another HTTP tool instead. For more information, refer to Console.

Request URL

edit

GET <kibana host>:<port>/api/exception_lists/items

URL query parameters

edit

The URL query must include one of the following:

  • id - GET /api/exception_lists/items?id=<id>
  • item_id - GET /api/exception_lists/items?item_id=<item_id>

Example requests

edit

Retrieves the item with an item_id of global-allow-processes:

GET api/exception_lists/items?item_id=global-allow-processes

Response code

edit
200
Indicates a successful call.

Response payload

edit
{
  "_tags": [],
  "comments": [
    {
      "comment": "Allowed on all hosts.",
      "created_at": "2020-07-14T13:40:39.804Z",
      "created_by": "LiverpoolFC"
    }
  ],
  "created_at": "2020-07-14T13:40:39.804Z",
  "created_by": "LiverpoolFC",
  "description": "Global process allowlist",
  "entries": [
    {
      "field": "process.name",
      "operator": "included",
      "type": "match",
      "value": "housekeeping"
    }
  ],
  "id": "9b25aec0-c5d7-11ea-a3d8-a5b753aeeb9e",
  "item_id": "global-allow-processes",
  "list_id": "allowed-processes",
  "name": "Host-process global exclusion",
  "namespace_type": "single",
  "tags": [
    "global",
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "28c6b069-8e39-4f9a-b93c-95e5a15b46c5",
  "type": "simple",
  "updated_at": "2020-07-14T13:40:39.980Z",
  "updated_by": "LiverpoolFC"
}
« Get exception container Export exception list »