Hi there,
I am trying to find out more about resolver-related APIs for Elastic Security, as I was not able to find any information about them from this page.
These 3 HTTP requests were made (in the same order below) when I toggled the Analyze event for the Kibana Visual Event Visualizer.
Request 1:
https://[IP_Address]/api/endpoint/resolver/entity?_id=[id_string]&indices=.alerts-security.alerts-default&indices=packetbeat-*&indices=winlogbeat-*
Request 2:
https://[IP_Address]/api/endpoint/resolver/tree
Request Payload:
- {ancestors: 20, descendants: 500,…}
- indexPatterns: [".alerts-security.alerts-default", "packetbeat-", "winlogbeat-"]
- nodes: ["{[id_string]}"]
- schema: {id: "process.entity_id", parent: "process.parent.entity_id", name: "process.name"}
- timeRange: {from: "2022-04-25TXX:XX:XX.XXXZ", to: "2022-05-30TYY:YY:YY.YYYZ"}
Request 3:
https://[IP_address]/api/endpoint/resolver/events?limit=5000
- {timeRange: {from: "2022-04-25TXX:XX:XX.XXXZ", to: "2022-05-30TYY:YY:YY.YYYZ"},…}
- indexPatterns: [".alerts-security.alerts-default", "packetbeat-", "winlogbeat-"]
- timeRange: {from: "2022-04-25TXX:XX:XX.XXXZ", to: "2022-05-30TYY:YY:YY.YYYZ"}