Loading

stack kb security-attack-discovery-api post-attack-discovery-generate cli command

Auth required
elastic stack kb security-attack-discovery-api post-attack-discovery-generate \
  --alerts-index-pattern <alerts-index-pattern> \
  --anonymization-fields <anonymization-fields> \
  --api-config <api-config> \
  --size <size> \
  --sub-action <sub-action> \
  [options]
		

Generate attack discoveries from alerts

Behaviour flags:

--dry-run — validate all inputs and exit without performing any action

--alerts-index-pattern string required
The (space specific) index pattern that contains the alerts to use as
--anonymization-fields string[] required
The list of fields, and whether or not they are anonymized, allowed to be sent to LLMs. Consider using the output of the /api/security_ai_assistant/anonymization_fields/_find API (for a specific Kibana space) to provide this value.
--api-config string required
--size number required
--sub-action string required
--connector-name string
--end string
--filter string
An Elasticsearch-style query DSL object used to filter alerts. For example:
--model string
--replacements string
Replacements object used to anonymize/deanonymize messages
--start string
--input-file string
path to a JSON file to use as command input
--[no-]dry-run
validate all inputs and exit without performing any action (preview changes without applying them)
--[no-]json

output as JSON