查找匿名化字段

编辑

检索可以包含在 LLM 上下文中的匿名化字段列表。

请求 URL

编辑

GET <kibana 主机>:<端口>/api/security_ai_assistant/anonymization_fields/_find

URL 查询参数

编辑
名称 类型 描述 必需

page

数字

要返回的页码。默认为 1

per_page

数字

每页返回的项目数。默认为 10

filter

字符串

要应用于请求的过滤查询。

sort_field

字符串

用于对结果进行排序的字段。有效值为

  • anonymized
  • allowed
  • updated_at
  • created_at

sort_order

字符串

对结果进行排序的顺序。有效值为

  • asc
  • desc

fields

字符串

定义要在响应中返回的文档字段。例如,如果设置为 nameallowed,则响应中将省略其余字段。

示例请求

编辑

示例 1

获取所有匿名化字段的列表。

GET api/security_ai_assistant/anonymization_fields/_find?page=1&per_page=100

响应代码

编辑

200 表示调用成功。

响应负载

编辑

具有唯一 id 的 JSON 匿名化字段对象。

示例 1

匿名化字段响应负载

{
  "perPage": 100,
  "page": 1,
  "total": 100,
  "data": [
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "_id",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "lR12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "@timestamp",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "lh12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "cloud.availability_zone",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "lx12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "cloud.provider",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "mB12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "cloud.region",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "mR12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "destination.ip",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "mh12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "dns.question.name",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "mx12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "dns.question.type",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "nB12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "event.category",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "nR12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "event.dataset",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "nh12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.executable",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "xx12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.exit_code",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "yB12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.Ext.memory_region.bytes_compressed_present",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "yR12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.Ext.memory_region.malware_signature.all_names",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "yh12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.Ext.memory_region.malware_signature.primary.matches",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "yx12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.Ext.memory_region.malware_signature.primary.signature.name",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "zB12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.Ext.token.integrity_level_name",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "zR12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.hash.md5",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "zh12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.hash.sha1",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "zx12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "process.hash.sha256",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "0B12SZEBYaDeA-NhmkwG"
    },
    {
      "timestamp": "2024-08-13T01:59:55.141Z",
      "createdAt": "2024-08-13T01:59:55.141Z",
      "field": "user.risk.calculated_score_norm",
      "allowed": true,
      "anonymized": false,
      "namespace": "default",
      "id": "-B12SZEBYaDeA-NhmkwG"
    }
  ]
}