[wip] add live queries open api spec

elastic · Aug 2, 2023 · 80c8e5a · 80c8e5a
1 parent f2d4120
commit 80c8e5a
Show file tree

Hide file tree

Showing 6 changed files with 430 additions and 0 deletions.
diff --git a/x-pack/plugins/osquery/common/api/live_query/create_live_query.schema.yaml b/x-pack/plugins/osquery/common/api/live_query/create_live_query.schema.yaml
@@ -0,0 +1,54 @@
+openapi: 3.0.0
+info:
+  title: Create Live Query Schema
+  version: 8.9.0
+paths: {}
+components:
+  schemas:
+    CreateLiveQueryRequestBody:
+      type: object
+      properties:
+        agent_ids:
+          type: array
+          items:
+            type: string
+        agent_all:
+          type: boolean
+        agent_platforms:
+          type: array
+          items:
+            type: string
+        agent_policy_ids:
+          type: array
+          items:
+            type: string
+        query:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/QueryOrUndefined'
+        queries:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/ArrayQueries'
+        saved_query_id:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/SavedQueryIdOrUndefined'
+        ecs_mapping:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/EcsMappingOrUndefined'
+        pack_id:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/PackIdOrUndefined'
+        alert_ids:
+          type: array
+          items:
+            type: string
+        case_ids:
+          type: array
+          items:
+            type: string
+        event_ids:
+          type: array
+          items:
+            type: string
+        metadata:
+          anyOf:
+            - type: object
+            - type: null
+    SuccessResponse:
+      type: object
+      properties:
+      # Define properties for the success response if needed
diff --git a/x-pack/plugins/osquery/common/api/live_query/find_live_query.schema.yaml b/x-pack/plugins/osquery/common/api/live_query/find_live_query.schema.yaml
@@ -0,0 +1,23 @@
+openapi: 3.0.0
+info:
+  title: Create Live Query Schema
+  version: 8.9.0
+components:
+  schemas:
+    FindLiveQueryRequestQuery:
+      type: object
+      properties:
+        filterQuery:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/FilterQueryOrUndefined'
+        page:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/PageOrUndefined'
+        pageSize:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/PageSizeOrUndefined'
+        sort:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
+        sortOrder:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
+    SuccessResponse:
+      type: object
+      properties:
+      # Define properties for the success response if needed
diff --git a/x-pack/plugins/osquery/common/api/live_query/find_live_query_details.schema.yaml b/x-pack/plugins/osquery/common/api/live_query/find_live_query_details.schema.yaml
@@ -0,0 +1,15 @@
+openapi: 3.0.0
+info:
+  title: Create Live Query Schema
+  version: 8.9.0
+components:
+  schemas:
+    FindLiveQueryDetailsRequestParams:
+      type: object
+      properties:
+        id:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/Id'
+    SuccessResponse:
+      type: object
+      properties:
+      # Define properties for the success response if needed
diff --git a/x-pack/plugins/osquery/common/api/live_query/find_live_query_results.schema.yaml b/x-pack/plugins/osquery/common/api/live_query/find_live_query_results.schema.yaml
@@ -0,0 +1,31 @@
+openapi: 3.0.0
+info:
+  title: Create Live Query Schema
+  version: 8.9.0
+components:
+  schemas:
+    FindLiveQueryResultsRequestQuery:
+      type: object
+      properties:
+        filterQuery:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/FilterQueryOrUndefined'
+        page:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/PageOrUndefined'
+        pageSize:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/PageSizeOrUndefined'
+        sort:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/SortOrUndefined'
+        sortOrder:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/SortOrderOrUndefined'
+    FindLiveQueryResultsRequestParams:
+      type: object
+      properties:
+        id:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/Id'
+        actionId:
+          $ref: '../model/common_attributes.schema.yaml#/components/schemas/Id'
+
+    SuccessResponse:
+      type: object
+      properties:
+      # Define properties for the success response if needed
diff --git a/x-pack/plugins/osquery/common/api/live_query/live_queries.schema.yaml b/x-pack/plugins/osquery/common/api/live_query/live_queries.schema.yaml
@@ -0,0 +1,73 @@
+openapi: 3.0.0
+info:
+  title: Live Queries Schema
+  version: 8.9.0
+paths:
+  /api/osquery/live_queries:
+    get:
+      summary: Find live queries
+      requestBody:
+        required: true
+        content:
+          application/json: {}
+        query:
+          $ref: './find_live_query.schema.yaml#/components/schemas/CreateLiveQueryRequestBody'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+              $ref: './find_live_query.schema.yaml#/components/schemas/SuccessResponse'
+    post:
+      summary: Create a live query
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: './create_live_query.schema.yaml#/components/schemas/CreateLiveQueryRequestBody'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+              $ref: './create_live_query.schema.yaml#/components/schemas/SuccessResponse'
+  /api/osquery/live_queries/{id}:
+    get:
+      summary: Get live query details
+      requestBody:
+        required: true
+        content:
+          application/json: { }
+          query:
+            type: object
+            additionalProperties: true
+          parameters:
+            $ref: './find_live_query_details.schema.yaml#/components/schemas/FindLiveQueryDetailsRequestParams'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json:
+              schema:
+              $ref: './find_live_query_details.schema.yaml#/components/schemas/SuccessResponse'
+  /api/osquery/live_queries/{id}/results/{actionId}:
+      get:
+        summary: Get live query results
+        requestBody:
+          required: true
+          content:
+            application/json: { }
+            query:
+              $ref: './find_live_query_results.schema.yaml#/components/schemas/FindLiveQueryResultsRequestQuery'
+            parameters:
+              $ref: './find_live_query_results.schema.yaml#/components/schemas/FindLiveQueryResultsRequestParams'
+        responses:
+          '200':
+            description: OK
+            content:
+              application/json:
+                schema:
+                $ref: './find_live_query_details.schema.yaml#/components/schemas/SuccessResponse'