Find and/or aggregate detection alerts

POST /api/detection_engine/signals/search
Api key auth Basic auth

Spaces method and path for this operation:

post /s/{space_id}/api/detection_engine/signals/search

Refer to Spaces for more information.

Find and/or aggregate detection alerts that match the given query.

application/json

Body Required

Search and/or aggregation query

Responses

  • 200 application/json

    Successful response

    Elasticsearch search response

    Additional properties are allowed.
  • 400 application/json

    Invalid input data response

    One of:
    Security_Detections_API_PlatformErrorResponse object Security_Detections_API_SiemErrorResponse object
  • 401 application/json

    Unsuccessful authentication response

    Hide response attributes Show response attributes object
    • error string Required
    • message string Required
    • statusCode integer Required
  • 500 application/json

    Internal server error response

    Hide response attributes Show response attributes object
    • message string Required
    • status_code integer Required
POST /api/detection_engine/signals/search 
curl \
 --request POST 'http://localhost:5601/api/detection_engine/signals/search' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"_source":true,"aggs":{},"fields":["string"],"query":{},"runtime_mappings":{},"size":42,"sort":"string","track_total_hits":true}'