[8.18] [EDR Workflows] OpenApi Missing Content - Response Actions (#2…

…12510) (#212868)

# Backport

This will backport the following commits from `main` to `8.18`:
- [[EDR Workflows] OpenApi Missing Content - Response Actions
(#212510)](#212510)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Konrad
Szwarc","email":"konrad.szwarc@elastic.co"},"sourceCommit":{"committedDate":"2025-02-28T16:44:00Z","message":"[EDR
Workflows] OpenApi Missing Content - Response Actions (#212510)\n\n##
For reviewers:\nOnly `*.schema.yml` files were edited
(excluding\n`*.bundled.schema.yml`). Rest of the changes comes from auto
generation\nand can be ignored.\n\n## Description\n\nPart of DW team
effort - elastic/security-team#11804\n\nThis PR aligns the
property/schema descriptions and examples in\nAsciiDocs with OpenAPI
schemas. The primary goal of this PR was not to\nextend or enhance the
documentation but to migrate from one system to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/security/8.17/management-api-overview.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist\n\nChanges:\n\nCopied
missing property descriptions from AsciiDoc to OpenApi
properties\nCopied existing AsciiDoc examples for both requests and
responses\nFixed falsy query object in some GET requests - in OpenApi it
was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Paul
Tavares
<56442535+paul-tavares@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"2700a2a95158dc5d5a77ff074119b1b61f949310","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend
Workflows","backport:prev-minor","backport:prev-major","v8.16.0","v8.17.0","v8.18.0","v9.1.0"],"title":"[EDR
Workflows] OpenApi Missing Content - Response
Actions","number":212510,"url":"https://github.com/elastic/kibana/pull/212510","mergeCommit":{"message":"[EDR
Workflows] OpenApi Missing Content - Response Actions (#212510)\n\n##
For reviewers:\nOnly `*.schema.yml` files were edited
(excluding\n`*.bundled.schema.yml`). Rest of the changes comes from auto
generation\nand can be ignored.\n\n## Description\n\nPart of DW team
effort - elastic/security-team#11804\n\nThis PR aligns the
property/schema descriptions and examples in\nAsciiDocs with OpenAPI
schemas. The primary goal of this PR was not to\nextend or enhance the
documentation but to migrate from one system to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/security/8.17/management-api-overview.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist\n\nChanges:\n\nCopied
missing property descriptions from AsciiDoc to OpenApi
properties\nCopied existing AsciiDoc examples for both requests and
responses\nFixed falsy query object in some GET requests - in OpenApi it
was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Paul
Tavares
<56442535+paul-tavares@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"2700a2a95158dc5d5a77ff074119b1b61f949310"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.17","8.18"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/212794","number":212794,"state":"MERGED","mergeCommit":{"sha":"3ceba17cbd76f89b72986190b8c77f5079706282","message":"[9.0]
[EDR Workflows] OpenApi Missing Content - Response Actions (#212510)
(#212794)\n\n# Backport\n\nThis will backport the following commits from
`main` to `9.0`:\n- [[EDR Workflows] OpenApi Missing Content - Response
Actions\n(#212510)](https://github.com/elastic/kibana/pull/212510)\n\n\n\n###
Questions ?\nPlease refer to the [Backport
tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by:
Konrad Szwarc
<konrad.szwarc@elastic.co>"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212510","number":212510,"mergeCommit":{"message":"[EDR
Workflows] OpenApi Missing Content - Response Actions (#212510)\n\n##
For reviewers:\nOnly `*.schema.yml` files were edited
(excluding\n`*.bundled.schema.yml`). Rest of the changes comes from auto
generation\nand can be ignored.\n\n## Description\n\nPart of DW team
effort - elastic/security-team#11804\n\nThis PR aligns the
property/schema descriptions and examples in\nAsciiDocs with OpenAPI
schemas. The primary goal of this PR was not to\nextend or enhance the
documentation but to migrate from one system to\nanother.\n\nAscii docs
-\nhttps://www.elastic.co/guide/en/security/8.17/management-api-overview.html\nOpenApi
generated docs
-\nhttps://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist\n\nChanges:\n\nCopied
missing property descriptions from AsciiDoc to OpenApi
properties\nCopied existing AsciiDoc examples for both requests and
responses\nFixed falsy query object in some GET requests - in OpenApi it
was\ndefined as an object, not as path query
params.\n\n---------\n\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Paul
Tavares
<56442535+paul-tavares@users.noreply.github.com>\nCo-authored-by:
natasha-moore-elastic
<137783811+natasha-moore-elastic@users.noreply.github.com>","sha":"2700a2a95158dc5d5a77ff074119b1b61f949310"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.gen.ts

@@ -16,7 +16,8 @@
 
 import { z } from '@kbn/zod';
 
-import { SuccessResponse } from '../../model/schema/common.gen';
+export type GetEndpointActionResponse = z.infer<typeof GetEndpointActionResponse>;
+export const GetEndpointActionResponse = z.object({});
 
 export type EndpointGetActionsDetailsRequestParams = z.infer<
   typeof EndpointGetActionsDetailsRequestParams
@@ -29,4 +30,4 @@ export type EndpointGetActionsDetailsRequestParamsInput = z.input<
 >;
 
 export type EndpointGetActionsDetailsResponse = z.infer<typeof EndpointGetActionsDetailsResponse>;
-export const EndpointGetActionsDetailsResponse = SuccessResponse;
+export const EndpointGetActionsDetailsResponse = GetEndpointActionResponse;

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.schema.yaml

@@ -16,12 +16,46 @@ paths:
           required: true
           schema:
             type: string
+            description: The ID of the action to retrieve.
+            example: 'fr518850-681a-4y60-aa98-e22640cae2b8'
       responses:
         '200':
           description: OK
           content:
             application/json:
               schema:
-                $ref: '../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
+                $ref: '#/components/schemas/GetEndpointActionResponse'
+components:
+  schemas:
+    GetEndpointActionResponse:
+      type: object
+      properties: { }
+      example:
+        data:
+          id: "b3d6de74-36b0-4fa8-be46-c375bf1771bf"
+          agents:
+            - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
+          agentType: "endpoint"
+          command: "running-processes"
+          startedAt: "2022-08-08T15:24:57.402Z"
+          completedAt: "2022-08-08T09:50:47.672Z"
+          createdBy: "elastic"
+          isCompleted: true
+          wasSuccessful: true
+          isExpired: false
+          outputs:
+            afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0:
+              type: "json"
+              content:
+                entries:
+                  - pid: "822"
+                    entity_id: "fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt"
+                    user: "Dexter"
+                    command: "/opt/cmd1"
+                  - pid: "984"
+                    entity_id: "pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt"
+                    user: "Jada"
+                    command: "/opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3"
+
 
 

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.gen.ts

@@ -17,42 +17,37 @@
 import { z } from '@kbn/zod';
 
 import {
-  SuccessResponse,
-  AgentIds,
-  AgentTypes,
-  Commands,
   Page,
+  PageSize,
+  Commands,
+  AgentIds,
+  UserIds,
   StartDate,
   EndDate,
-  UserIds,
-  Types,
+  AgentTypes,
   WithOutputs,
+  Types,
 } from '../../model/schema/common.gen';
 
-export type GetEndpointActionListRouteQuery = z.infer<typeof GetEndpointActionListRouteQuery>;
-export const GetEndpointActionListRouteQuery = z.object({
-  agentIds: AgentIds.optional(),
-  agentTypes: AgentTypes.optional(),
-  commands: Commands.optional(),
+export type GetEndpointActionListResponse = z.infer<typeof GetEndpointActionListResponse>;
+export const GetEndpointActionListResponse = z.object({});
+
+export type EndpointGetActionsListRequestQuery = z.infer<typeof EndpointGetActionsListRequestQuery>;
+export const EndpointGetActionsListRequestQuery = z.object({
   page: Page.optional(),
-  /**
-   * Number of items per page
-   */
-  pageSize: z.number().int().min(1).max(10000).optional().default(10),
+  pageSize: PageSize.optional(),
+  commands: Commands.optional(),
+  agentIds: AgentIds.optional(),
+  userIds: UserIds.optional(),
   startDate: StartDate.optional(),
   endDate: EndDate.optional(),
-  userIds: UserIds.optional(),
-  types: Types.optional(),
+  agentTypes: AgentTypes.optional(),
   withOutputs: WithOutputs.optional(),
-});
-
-export type EndpointGetActionsListRequestQuery = z.infer<typeof EndpointGetActionsListRequestQuery>;
-export const EndpointGetActionsListRequestQuery = z.object({
-  query: GetEndpointActionListRouteQuery,
+  types: Types.optional(),
 });
 export type EndpointGetActionsListRequestQueryInput = z.input<
   typeof EndpointGetActionsListRequestQuery
 >;
 
 export type EndpointGetActionsListResponse = z.infer<typeof EndpointGetActionsListResponse>;
-export const EndpointGetActionsListResponse = SuccessResponse;
+export const EndpointGetActionsListResponse = GetEndpointActionListResponse;

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.schema.yaml

@@ -11,44 +11,121 @@ paths:
       x-codegen-enabled: true
       x-labels: [ess, serverless]
       parameters:
-        - name: query
+        - name: page
           in: query
-          required: true
+          required: false
           schema:
-            $ref: '#/components/schemas/GetEndpointActionListRouteQuery'
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/Page'
+        - name: pageSize
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/PageSize'
+        - name: commands
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/Commands'
+        - name: agentIds
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentIds'
+        - name: userIds
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/UserIds'
+        - name: startDate
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/StartDate'
+        - name: endDate
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/EndDate'
+        - name: agentTypes
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentTypes'
+        - name: withOutputs
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/WithOutputs'
+        - name: types
+          in: query
+          required: false
+          schema:
+            $ref: '../../model/schema/common.schema.yaml#/components/schemas/Types'
       responses:
         '200':
           description: OK
           content:
             application/json:
               schema:
-                $ref: '../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
+                $ref: '#/components/schemas/GetEndpointActionListResponse'
 components:
   schemas:
-    GetEndpointActionListRouteQuery:
+    GetEndpointActionListResponse:
       type: object
-      properties:
-        agentIds:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentIds'
-        agentTypes:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentTypes'
-        commands:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/Commands'
-        page:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/Page'
-        pageSize:
-          type: integer
-          default: 10
-          minimum: 1
-          maximum: 10000
-          description: Number of items per page
-        startDate:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/StartDate'
-        endDate:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/EndDate'
-        userIds:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/UserIds'
-        types:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/Types'
-        withOutputs:
-          $ref: '../../model/schema/common.schema.yaml#/components/schemas/WithOutputs'
+      properties: { }
+      example:
+        page: 1
+        pageSize: 10
+        total: 4
+        startDate: "now-24h/h"
+        endDate: "now"
+        elasticAgentIds:
+          - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
+        data:
+          - id: "b3d6de74-36b0-4fa8-be46-c375bf1771bf"
+            agents:
+              - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
+            command: "running-processes"
+            agentType: "endpoint"
+            startedAt: "2022-08-08T15:24:57.402Z"
+            isCompleted: true
+            completedAt: "2022-08-08T09:50:47.672Z"
+            wasSuccessful: true
+            isExpired: false
+            createdBy: "elastic"
+          - id: "43b4098b-8752-4fbb-a7a7-6df7c74d0ee3"
+            agents:
+              - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
+            command: "isolate"
+            agentType: "endpoint"
+            startedAt: "2022-08-08T15:23:37.359Z"
+            isCompleted: true
+            completedAt: "2022-08-08T10:41:57.352Z"
+            wasSuccessful: true
+            isExpired: false
+            createdBy: "elastic"
+          - id: "5bc92c86-b8e6-42dd-837f-12ad29e09caa"
+            agents:
+              - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
+            command: "kill-process"
+            agentType: "endpoint"
+            startedAt: "2022-08-08T14:38:44.125Z"
+            isCompleted: true
+            completedAt: "2022-08-08T09:44:50.952Z"
+            wasSuccessful: true
+            isExpired: false
+            createdBy: "elastic"
+            comment: "bad process - taking up too much cpu"
+          - id: "790d54e0-3aa3-4e5b-8255-3ce9d851246a"
+            agents:
+              - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
+            command: "unisolate"
+            agentType: "endpoint"
+            startedAt: "2022-08-08T14:38:15.391Z"
+            isCompleted: true
+            completedAt: "2022-08-08T09:40:47.398Z"
+            wasSuccessful: true
+            isExpired: false
+            createdBy: "elastic"
+            comment: "Not a threat to the network"
+

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.gen.ts

@@ -16,12 +16,7 @@
 
 import { z } from '@kbn/zod';
 
-import {
-  SuccessResponse,
-  BaseActionSchema,
-  Command,
-  Timeout,
-} from '../../../model/schema/common.gen';
+import { BaseActionSchema, Command, Timeout } from '../../../model/schema/common.gen';
 
 export type ExecuteRouteRequestBody = z.infer<typeof ExecuteRouteRequestBody>;
 export const ExecuteRouteRequestBody = BaseActionSchema.merge(
@@ -33,11 +28,14 @@ export const ExecuteRouteRequestBody = BaseActionSchema.merge(
   })
 );
 
+export type ExecuteRouteResponse = z.infer<typeof ExecuteRouteResponse>;
+export const ExecuteRouteResponse = z.object({});
+
 export type EndpointExecuteActionRequestBody = z.infer<typeof EndpointExecuteActionRequestBody>;
 export const EndpointExecuteActionRequestBody = ExecuteRouteRequestBody;
 export type EndpointExecuteActionRequestBodyInput = z.input<
   typeof EndpointExecuteActionRequestBody
 >;
 
 export type EndpointExecuteActionResponse = z.infer<typeof EndpointExecuteActionResponse>;
-export const EndpointExecuteActionResponse = SuccessResponse;
+export const EndpointExecuteActionResponse = ExecuteRouteResponse;

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml

@@ -22,11 +22,18 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse'
+                $ref: '#/components/schemas/ExecuteRouteResponse'
 
 components:
   schemas:
     ExecuteRouteRequestBody:
+      example:
+        parameters:
+          command: "ls -al"
+          timeout: 600
+        endpoint_ids:
+          - "b3d6de74-36b0-4fa8-be46-c375bf1771bf"
+        comment: "Get list of all files"
       allOf:
         - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema'
         - type: object
@@ -42,3 +49,31 @@ components:
                   $ref: '../../../model/schema/common.schema.yaml#/components/schemas/Command'
                 timeout:
                   $ref: '../../../model/schema/common.schema.yaml#/components/schemas/Timeout'
+    ExecuteRouteResponse:
+      type: object
+      properties: { }
+      example:
+        data:
+          id: "9f934028-2300-4927-b531-b26376793dc4"
+          agents:
+            - "ed518850-681a-4d60-bb98-e22640cae2a8"
+          hosts:
+            ed518850-681a-4d60-bb98-e22640cae2a8:
+              name: "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r"
+          agentType: "endpoint"
+          command: "execute"
+          startedAt: "2023-07-28T18:43:27.362Z"
+          isCompleted: false
+          wasSuccessful: false
+          isExpired: false
+          status: "pending"
+          outputs: { }
+          agentState:
+            ed518850-681a-4d60-bb98-e22640cae2a8:
+              isCompleted: false
+              wasSuccessful: false
+          createdBy: "myuser"
+          comment: "Get list of all files"
+          parameters:
+            command: "ls -al"
+            timeout: 600

x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.gen.ts

@@ -16,7 +16,7 @@
 
 import { z } from '@kbn/zod';
 
-import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen';
+import { BaseActionSchema } from '../../../model/schema/common.gen';
 
 export type GetFileRouteRequestBody = z.infer<typeof GetFileRouteRequestBody>;
 export const GetFileRouteRequestBody = BaseActionSchema.merge(
@@ -27,11 +27,14 @@ export const GetFileRouteRequestBody = BaseActionSchema.merge(
   })
 );
 
+export type GetFileRouteResponse = z.infer<typeof GetFileRouteResponse>;
+export const GetFileRouteResponse = z.object({});
+
 export type EndpointGetFileActionRequestBody = z.infer<typeof EndpointGetFileActionRequestBody>;
 export const EndpointGetFileActionRequestBody = GetFileRouteRequestBody;
 export type EndpointGetFileActionRequestBodyInput = z.input<
   typeof EndpointGetFileActionRequestBody
 >;
 
 export type EndpointGetFileActionResponse = z.infer<typeof EndpointGetFileActionResponse>;
-export const EndpointGetFileActionResponse = SuccessResponse;
+export const EndpointGetFileActionResponse = GetFileRouteResponse;