Spaces method and path for this operation:
get /s/{space_id}/api/detection_engine/index
Refer to Spaces for more information.
Returns the backing Elasticsearch index for Elastic Security detection alerts in the current space, and whether its mapping is outdated. Use this to verify that an alert index is provisioned before creating or running rules that write alerts to it.
GET
/api/detection_engine/index
curl \
--request GET 'https://localhost:5601/api/detection_engine/index' \
--header "Authorization: $API_KEY"
Response examples (200)
{
"index_mapping_outdated": false,
"name": ".alerts-security.alerts-default"
}
Response examples (401)
{
"error": "Unauthorized",
"message": "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]",
"statusCode": 401
}
Response examples (403)
{
"message": "API [GET /api/detection_engine/index] is unauthorized for the current user. Check Security and Kibana feature privileges (detection engine / alerts) for the space.",
"status_code": 403
}
Response examples (404)
{
"message": "Elastic Security alert index is not found for the current space.",
"status_code": 404
}
Response examples (500)
{
"message": "Internal Server Error",
"status_code": 500
}