Lists index endpointedit
Before using exceptions and lists, use the index endpoint to create .lists
and .items system data streams in the relevant
Kibana space.
For information about the permissions and privileges required to create
.lists and .items data streams, refer to Enable and access detections.
Create data streamedit
Creates .lists and .items data streams. The data streams naming convention is
.lists-<space name> and .items-<space name>.
Request URLedit
POST <kibana host>:<port>/api/lists/index
Example requestedit
Creates .lists and .items data streams.
POST api/lists/index
Response codeedit
-
200 - Indicates a successful call.
Get data streamedit
Verifies .lists and .items data streams exist.
Request URLedit
GET <kibana host>:<port>/api/lists/index
Example requestedit
Verifies the lists data stream for the Kibana security exists:
GET api/lists/index
Response codeedit
-
200 - Indicates a successful call.
-
404 - Indicates no data stream exists.
Example responsesedit
Example response when the data streams exist:
{
"list_index": true,
"list_item_index": true
}
Example response when the data streams do not exist:
{
"message": "data stream .lists-default and data stream .items-default does not exist",
"status_code": 404
}
Delete data streamsedit
Deletes the .lists and .items data streams.
Request URLedit
DELETE <kibana host>:<port>/api/lists/index
Example requestedit
Deletes the .lists and .items data streams:
DELETE api/lists/index
Response codeedit
-
200 - Indicates a successful call.