Manually assign entities to a watchlist Technical Preview; added in 9.4.0

POST /api/entity_analytics/watchlists/{watchlist_id}/entities/assign
Api key auth Basic auth

Spaces method and path for this operation:

post /s/{space_id}/api/entity_analytics/watchlists/{watchlist_id}/entities/assign

Refer to Spaces for more information.

Assigns the provided entities to the specified watchlist using a "manual" source label. The entities must already exist in the entity store.

If an entity is already on the watchlist, no new document is created — the "manual" label is added to its existing source labels instead.

Path parameters

  • watchlist_id string Required

    The ID of the watchlist to add entities to

application/json

Body Required

  • euids array[string] Required

    The EUIDs of the entities to assign

Responses

  • 200 application/json

    Assignment successful

    Hide response attributes Show response attributes object
    • failed integer Required

      Number of entities that failed to process

    • items array[object] Required
      Hide items attributes Show items attributes object
      • error string

        Error message if the entity failed to process

      • euid string Required

        The EUID of the entity

      • status string Required

        Values are success, failure, or not_found.

    • not_found integer Required

      Number of entities not found in the entity store

    • successful integer Required

      Number of entities successfully assigned

    • total integer Required

      Total number of entities processed
POST /api/entity_analytics/watchlists/{watchlist_id}/entities/assign 
curl \
 --request POST 'https://localhost:5601/api/entity_analytics/watchlists/high-risk-vendors/entities/assign' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"euids":["user:john.doe","host:web-01"]}'
Request example 
{
  "euids": [
    "user:john.doe",
    "host:web-01"
  ]
}
Response examples (200) 
{
  "failed": 0,
  "items": [
    {
      "euid": "user:john.doe",
      "status": "success"
    },
    {
      "euid": "host:web-01",
      "status": "not_found"
    }
  ],
  "not_found": 1,
  "successful": 1,
  "total": 2
}