Get exception itemedit

Retrieves an exception item using its id or item_id field.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Request URLedit

GET <kibana host>:<port>/api/exception_lists/items

URL query parametersedit

The URL query must include one of the following:

  • id - GET /api/exception_lists/items?id=<id>
  • item_id - GET /api/exception_lists/items?item_id=<item_id>

Example requestsedit

Retrieves the item with an item_id of global-allow-processes:

GET api/exception_lists/items?item_id=global-allow-processes

Response codeedit

200
Indicates a successful call.

Response payloadedit

{
  "_tags": [],
  "comments": [
    {
      "comment": "Allowed on all hosts.",
      "created_at": "2020-07-14T13:40:39.804Z",
      "created_by": "LiverpoolFC"
    }
  ],
  "created_at": "2020-07-14T13:40:39.804Z",
  "created_by": "LiverpoolFC",
  "description": "Global process allowlist",
  "entries": [
    {
      "field": "process.name",
      "operator": "included",
      "type": "match",
      "value": "housekeeping"
    }
  ],
  "id": "9b25aec0-c5d7-11ea-a3d8-a5b753aeeb9e",
  "item_id": "global-allow-processes",
  "list_id": "allowed-processes",
  "name": "Host-process global exclusion",
  "namespace_type": "single",
  "tags": [
    "global",
    "hosts",
    "processes"
  ],
  "tie_breaker_id": "28c6b069-8e39-4f9a-b93c-95e5a15b46c5",
  "type": "simple",
  "updated_at": "2020-07-14T13:40:39.980Z",
  "updated_by": "LiverpoolFC"
}