Assign and unassign users from detection alerts

POST /api/detection_engine/signals/assignees

Api key auth

Assign users to detection alerts, and unassign them from alerts.

You cannot add and remove the same assignee in the same request.

application/json

Body Required

assignees object Required
Hide assignees attributes Show assignees attributes object
- add array[string(nonempty)] Required
  
  A list of user profile uids to assign. Users need to activate their user profile by logging into Kibana at least once.
  
  Minimum length of each is 1.
- remove array[string(nonempty)] Required
  
  A list of user profile uids to unassign. Users need to activate their user profile by logging into Kibana at least once.
  
  Minimum length of each is 1.
ids array[string(nonempty)] Required

A list of alerts ids.

At least 1 element. Minimum length of each is 1.

Responses

200 application/ndjson

Indicates a successful call.
400

Invalid request.

POST /api/detection_engine/signals/assignees

curl \ --request POST 'https://<KIBANA_URL>/api/detection_engine/signals/assignees' \ --header "Authorization: $API_KEY" \ --header "Content-Type: application/json" \ --data '{"ids":["681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6"],"assignees":{"add":["u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0"],"remove":[]}}'

Request examples

{ "ids": [ "681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6" ], "assignees": { "add": [ "u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0" ], "remove": [] } }

{ "ids": [ "681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6" ], "assignees": { "add": [], "remove": [ "u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0" ] } }

Response examples (200)

{ "took": "76,", "noops": "0,", "total": "1,", "batches": "1,", "deleted": "0,", "retries": [ { "bulk": "0," }, { "search": 0 } ], "updated": "1,", "failures": [], "timed_out": "false,", "throttled_millis": "0,", "version_conflicts": "0,", "requests_per_second": "-1,", "throttled_until_millis": "0," }