Dismiss an attack discovery generation Technical Preview; added in 9.2.0

POST /api/attack_discovery/generations/{execution_uuid}/_dismiss
Api key auth

Dismisses an attack discovery generation for the current user, indicating that it's status should not be reported in the UI. This sets the generation's status to "dismissed" and affects how the generation appears in subsequent queries. Technical preview

Path parameters

  • execution_uuid string(nonempty) Required

    The unique identifier for the Attack discovery generation execution. This UUID is returned when an attack discovery generation is created and can be found in generation responses.

    Minimum length is 1.

Responses

  • 200 application/json

    Successful response - The attack discovery generation has been dismissed

    Hide response attributes Show response attributes object
    • alerts_context_count number

      The number of alerts that were sent as context to the LLM for this generation.

    • connector_id string Required

      The unique identifier of the connector used to generate the attack discoveries.

    • connector_stats object

      Statistical information about the connector's performance for this user, providing insights into usage patterns and success rates.

      Hide connector_stats attributes Show connector_stats attributes object
      • average_successful_duration_nanoseconds number

        The average duration in nanoseconds for successful generations using this connector by the current user.

      • successful_generations number

        The total number of Attack discoveries successfully created for this generation

    • discoveries number Required

      The number of attack discoveries that were generated during this execution.

    • end string

      The timestamp when the generation process completed, in ISO 8601 format. This field may be absent for generations that haven't finished.

    • execution_uuid string Required

      The unique identifier for this attack discovery generation execution. This UUID can be used to reference this specific generation in other API calls.

    • loading_message string Required

      A human-readable message describing the current state or progress of the generation process. Provides context about what the AI is analyzing.

    • reason string

      Additional context or reasoning provided when a generation fails or encounters issues. This field helps diagnose problems with the generation process.

    • start string Required

      The timestamp when the generation process began, in ISO 8601 format. This marks the beginning of the AI analysis.

    • status string Required

      The current status of the attack discovery generation. After dismissing, this will be set to "dismissed".

      Values are canceled, dismissed, failed, started, or succeeded.
  • 400 application/json

    Generic Error

    Hide response attributes Show response attributes object
    • error string Required

      Error type or category

    • message string Required

      Human-readable error message describing what went wrong with the request.

    • status_code number Required

      HTTP status code indicating the type of client error
POST /api/attack_discovery/generations/{execution_uuid}/_dismiss 
curl \ --request POST 'http://localhost:5601/api/attack_discovery/generations/46b218d5-535d-4329-be56-d0f6af6986b7/_dismiss' \ --header "Authorization: $API_KEY" \ --header "Content-Type: application/json"