IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Elastic Security Solution [8.2] Elastic Security APIs Exceptions API
« Update exception container Update exception item »

Summary exception containeredit

Retrieves an exception container summary.

Console supports only Elasticsearch APIs. You cannot interact with Kibana APIs with Console and must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Request URLedit

POST <kibana host>:<port>/api/exception_lists/summary

Request bodyedit

A JSON object with these fields:

Name Type Description Required

filter

String

Search filter clause.

Yes

id

String

Exception container ID.

Yes

list_id

String

Unique identifier.

Yes

namespace_type

String

Determines whether the exception container is available in all Kibana spaces or just the space in which it is created, where:

  • single: Only available in the Kibana space in which it is created.
  • agnostic: Available in all Kibana spaces.

Yes

Example requestsedit

Gets the summary from an exception container:

GET api/exception_lists/summary
{
  "filter": "filter-clause",
  "id": "allowed-process-id",
  "list_id": "allowed-processes",
  "namespace_type": "single",
}

Response codeedit

200
Indicates a successful call.

Response payloadedit

A summary of the exception container:

{
    windows: 1,
    linux: 3,
    macos: 2,
    total: 6,
}

For a host isolation exception, the values for windows, linux, macos, and total are all the same, as each host isolation exception entry applies to all operating systems. For example:

{
    windows: 5,
    linux: 5,
    macos: 5,
    total: 5,
}
« Update exception container Update exception item »