Get the latest attack discovery generations metadata for the current user Technical Preview; added in 9.2.0

View as Markdown
GET /api/attack_discovery/generations
Api key auth Basic auth

Spaces method and path for this operation:

get /s/{space_id}/api/attack_discovery/generations

Refer to Spaces for more information.

Get the latest attack discovery generations metadata (that are not dismissed) for the current user. This endpoint retrieves generation metadata including execution status and statistics for Attack discovery generations. Technical preview

Query parameters

  • end string

    End of the time range for filtering generations. Accepts absolute timestamps (ISO 8601) or relative date math (e.g. "now", "now-24h").

  • size number

    The maximum number of generations to retrieve

    Minimum value is 1. Default value is 50.

  • start string

    Start of the time range for filtering generations. Accepts absolute timestamps (ISO 8601) or relative date math (e.g. "now-7d").

Responses

  • 200 application/json

    Successful response

    Hide response attribute Show response attribute object
    • generations array[object] Required

      List of attack discovery generations

      Hide generations attributes Show generations attributes object
      • alerts_context_count number

        The number of alerts sent as context (max kibana.alert.rule.execution.metrics.alert_counts.active) to the LLM for the generation

      • connector_id string Required

        The connector id (event.dataset) for this generation

      • connector_stats object

        Stats applicable to the connector for this generation

        Hide connector_stats attributes Show connector_stats attributes object
        • average_successful_duration_nanoseconds number

          The average duration (avg event.duration) in nanoseconds of successful generations for the same connector id, for the current user

        • successful_generations number

          The number of successful generations for the same connector id, for the current user

      • discoveries number Required

        The number of new Attack discovery alerts (max kibana.alert.rule.execution.metrics.alert_counts.new) for this generation

      • end string

        When generation ended (max event.end)

      • execution_uuid string Required

        The unique identifier (kibana.alert.rule.execution.uuid) for the generation

      • loading_message string Required

        Generation loading message (kibana.alert.rule.execution.status)

      • reason string

        Reason for failed generations (event.reason)

      • start string Required

        When generation started (min event.start)

      • status string Required

        The status of the attack discovery generation

        Values are canceled, dismissed, failed, started, or succeeded.
  • 400 application/json

    Bad request

    Hide response attributes Show response attributes object
    • error string

      Error type

    • message string

      Human-readable error message

    • status_code number

      HTTP status code
GET /api/attack_discovery/generations 
curl \
 --request GET 'http://localhost:5601/api/attack_discovery/generations?size=50&start=now-24h&end=now' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json"