Spaces method and path for this operation:
post /s/{space_id}/api/security/entity_store/resolution/link
Refer to Spaces for more information.
Link one or more entities to a target entity, creating a resolution group. Requires an enterprise license.
[Required authorization] Route required privileges: securitySolution AND securitySolution-entity-analytics.
POST
/api/security/entity_store/resolution/link
curl
curl -X POST -H "kbn-xsrf: true" -H "Authorization: ApiKey ${API_KEY}" \
-H "Content-Type: application/json" \
-d '{"target_id":"user:jane.doe@example.com","entity_ids":["user:jdoe@example.com"]}' \
"${KIBANA_URL}/api/security/entity_store/resolution/link"
POST kbn://api/security/entity_store/resolution/link
{
"target_id": "user:jane.doe@example.com",
"entity_ids": ["user:jdoe@example.com"]
}
Request example
Link two user entities to a target entity, creating a resolution group.
{
"entity_ids": [
"user:jdoe@example.com",
"user:j.doe@example.com"
],
"target_id": "user:jane.doe@example.com"
}
Response examples (200)
The entities were successfully linked to the target entity.
{
"linked": [
"user:jdoe@example.com",
"user:j.doe@example.com"
],
"skipped": [],
"target_id": "user:jane.doe@example.com"
}
Response examples (400)
Mixed entity types
All entities in a resolution group must be of the same type.
{
"error": "Bad Request",
"message": "Cannot link entities of different types",
"statusCode": 400
}
Cannot link an entity to itself.
{
"error": "Bad Request",
"message": "Cannot link entity 'user:jane.doe@example.com' to itself.",
"statusCode": 400
}
Response examples (404)
One or more of the specified entity identifiers were not found.
{
"error": "Not Found",
"message": "Entities not found: [user:nonexistent@example.com, user:also-nonexistent@example.com]",
"statusCode": 404
}