Get exception containeredit

Retrieves an exception container using its id or list_id field.

The Kibana Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Console.

Request URLedit

GET <kibana host>:<port>/api/exception_lists

URL query parametersedit

The URL query must include the container’s id or list_id:

  • id - GET /api/exception_lists?id=<id>
  • list_id - GET /api/exception_lists?list_id=<list_id>

Example requestedit

Retrieves the list container with a list_id of allowed-processes:

GET api/exception_lists?list_id=internal-ip-excludes

Response codeedit

200
Indicates a successful call.

Response payloadedit

{
  "_tags": [],
  "created_at": "2020-07-14T08:24:22.884Z",
  "created_by": "LiverpoolFC",
  "description": "Excludes trusted processes",
  "id": "6c03f6a0-c5ab-11ea-a3d8-a5b753aeeb9e",
  "list_id": "allowed-processes",
  "name": "Process exceptions",
  "namespace_type": "single",
  "tags": [
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "65e16c8a-0d45-4e38-8a8f-094658a5df90",
  "type": "detection",
  "updated_at": "2020-07-14T08:24:23.050Z",
  "updated_by": "LiverpoolFC"
}