stack kb security-entity-analytics-api create-watchlist cli command

elastic stack kb security-entity-analytics-api create-watchlist \
  --name <name> \
  --risk-modifier <risk-modifier> \
  [options]
		

Create a new watchlist

--name string required

Unique name for the watchlist

--risk-modifier number required

Risk score modifier associated with the watchlist

--description string

Description of the watchlist

--entity-sources string[]

Optional entity sources to create and link to the watchlist

--[no-]managed

Indicates if the watchlist is managed by the system

--input-file string

path to a JSON file to use as command input

-V --[no-]version

Print the Elastic CLI version

--config-file string

path to a config file (default: ~/.elasticrc.yml)

--use-context string

override the active context from the config file

--command-profile string

restrict available commands to a deployment profile (serverless, stack, default)

--[no-]json

output as JSON

--output-fields string

comma-separated list of fields to include in output (dot-notation supported)

--output-template string

Mustache-like template for custom text output (e.g. "{{id}}: {{name}}")

--[no-]dry-run

validate all inputs and exit without performing any action (preview changes without applying them)