Spaces method and path for this operation:
get /s/{space_id}/api/security/entity_store/resolution/group
Refer to Spaces for more information.
Get the resolution group for a given entity, returning all linked entities. Requires an enterprise license.
[Required authorization] Route required privileges: securitySolution AND securitySolution-entity-analytics.
GET
/api/security/entity_store/resolution/group
curl
curl -X GET -H "Authorization: ApiKey ${API_KEY}" \
"${KIBANA_URL}/api/security/entity_store/resolution/group?entity_id=user%3Ajane.doe%40example.com"
GET kbn://api/security/entity_store/resolution/group?entity_id=user:jane.doe@example.com
Response examples (200)
Returns the resolution group for an entity, including the target entity, all aliases, and the group size.
{
"aliases": [
{
"@timestamp": "2026-04-10T08:25:00.000Z",
"entity": {
"id": "user:jdoe@example.com",
"name": "jdoe",
"relationships": {
"resolution": {
"resolved_to": "user:jane.doe@example.com"
}
},
"type": "user"
},
"user": {
"name": "jdoe"
}
}
],
"group_size": 2,
"target": {
"@timestamp": "2026-04-10T08:30:00.000Z",
"entity": {
"id": "user:jane.doe@example.com",
"name": "jane.doe",
"type": "user"
},
"user": {
"email": [
"jane.doe@example.com"
],
"name": "jane.doe"
}
}
}
Response examples (400)
The resolution search returned too many results and was truncated.
{
"error": "Bad Request",
"message": "Resolution search truncated",
"statusCode": 400
}
Response examples (404)
The specified entity does not exist or has no resolution group.
{
"error": "Not Found",
"message": "Entities not found: [user:nonexistent@example.com]",
"statusCode": 404
}