Kibana · Capability

Kibana APIs — Security Detections API

Kibana APIs — Security Detections API. 25 operations. Lead operation: Delete an alerts index. Self-contained Naftiko capability covering one Kibana business surface.

Run with Naftiko KibanaSecurity Detections API

What You Can Do

DELETE
Deletealertsindex — Delete an alerts index
/v1/api/detection-engine/index
GET
Readalertsindex — Reads the alert index name if it exists
/v1/api/detection-engine/index
POST
Createalertsindex — Create an alerts index
/v1/api/detection-engine/index
GET
Readprivileges — Returns user privileges for the Kibana space
/v1/api/detection-engine/privileges
DELETE
Deleterule — Delete a detection rule
/v1/api/detection-engine/rules
GET
Readrule — Retrieve a detection rule
/v1/api/detection-engine/rules
PATCH
Patchrule — Patch a detection rule
/v1/api/detection-engine/rules
POST
Createrule — Create a detection rule
/v1/api/detection-engine/rules
PUT
Updaterule — Update a detection rule
/v1/api/detection-engine/rules
POST
Performrulesbulkaction — Apply a bulk action to detection rules
/v1/api/detection-engine/rules/bulk-action
POST
Exportrules — Export detection rules
/v1/api/detection-engine/rules/export
GET
Findrules — List all detection rules
/v1/api/detection-engine/rules/find
POST
Importrules — Import detection rules
/v1/api/detection-engine/rules/import
PUT
Installprebuiltrulesandtimelines — Install prebuilt detection rules and Timelines
/v1/api/detection-engine/rules/prepackaged
GET
Readprebuiltrulesandtimelinesstatus — Retrieve the status of prebuilt detection rules and Timelines
/v1/api/detection-engine/rules/prepackaged/status
POST
Rulepreview — Preview rule alerts generated on specified time range
/v1/api/detection-engine/rules/preview
POST
Setalertassignees — Assign and unassign users from detection alerts
/v1/api/detection-engine/signals/assignees
POST
Finalizealertsmigration — Finalize detection alert migrations
/v1/api/detection-engine/signals/finalize-migration
DELETE
Alertsmigrationcleanup — Clean up detection alert migrations
/v1/api/detection-engine/signals/migration
POST
Createalertsmigration — Initiate a detection alert migration
/v1/api/detection-engine/signals/migration
GET
Readalertsmigrationstatus — Retrieve the status of detection alert migrations
/v1/api/detection-engine/signals/migration-status
POST
Searchalerts — Find and/or aggregate detection alerts
/v1/api/detection-engine/signals/search
POST
Setalertsstatus — Set a detection alert status
/v1/api/detection-engine/signals/status
POST
Setalerttags — Add and remove detection alert tags
/v1/api/detection-engine/signals/tags
GET
Readtags — List all detection rule tags
/v1/api/detection-engine/tags

MCP Tools

delete-alerts-index

Delete an alerts index

idempotent
reads-alert-index-name-if

Reads the alert index name if it exists

read-only idempotent
create-alerts-index

Create an alerts index

returns-user-privileges-kibana-space

Returns user privileges for the Kibana space

read-only idempotent
delete-detection-rule

Delete a detection rule

idempotent
retrieve-detection-rule

Retrieve a detection rule

read-only idempotent
patch-detection-rule

Patch a detection rule

idempotent
create-detection-rule

Create a detection rule

update-detection-rule

Update a detection rule

idempotent
apply-bulk-action-detection-rules

Apply a bulk action to detection rules

export-detection-rules

Export detection rules

list-all-detection-rules

List all detection rules

read-only idempotent
import-detection-rules

Import detection rules

install-prebuilt-detection-rules-and

Install prebuilt detection rules and Timelines

idempotent
retrieve-status-prebuilt-detection-rules

Retrieve the status of prebuilt detection rules and Timelines

read-only idempotent
preview-rule-alerts-generated-specified

Preview rule alerts generated on specified time range

assign-and-unassign-users-detection

Assign and unassign users from detection alerts

finalize-detection-alert-migrations

Finalize detection alert migrations

clean-up-detection-alert-migrations

Clean up detection alert migrations

idempotent
initiate-detection-alert-migration

Initiate a detection alert migration

retrieve-status-detection-alert-migrations

Retrieve the status of detection alert migrations

read-only idempotent
find-and-aggregate-detection-alerts

Find and/or aggregate detection alerts

read-only
set-detection-alert-status

Set a detection alert status

add-and-remove-detection-alert

Add and remove detection alert tags

list-all-detection-rule-tags

List all detection rule tags

read-only idempotent

Capability Spec

kibana-security-detections-api.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Kibana APIs — Security Detections API
  description: 'Kibana APIs — Security Detections API. 25 operations. Lead operation: Delete an alerts index. Self-contained
    Naftiko capability covering one Kibana business surface.'
  tags:
  - Kibana
  - Security Detections API
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    KIBANA_API_KEY: KIBANA_API_KEY
capability:
  consumes:
  - type: http
    namespace: kibana-security-detections-api
    baseUri: https://{kibana_url}
    description: Kibana APIs — Security Detections API business capability. Self-contained, no shared references.
    resources:
    - name: api-detection_engine-index
      path: /api/detection_engine/index
      operations:
      - name: deletealertsindex
        method: DELETE
        description: Delete an alerts index
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: readalertsindex
        method: GET
        description: Reads the alert index name if it exists
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createalertsindex
        method: POST
        description: Create an alerts index
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-detection_engine-privileges
      path: /api/detection_engine/privileges
      operations:
      - name: readprivileges
        method: GET
        description: Returns user privileges for the Kibana space
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-detection_engine-rules
      path: /api/detection_engine/rules
      operations:
      - name: deleterule
        method: DELETE
        description: Delete a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: query
          type: string
          description: The rule's `id` value.
        - name: rule_id
          in: query
          type: string
          description: The rule's `rule_id` value.
      - name: readrule
        method: GET
        description: Retrieve a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: query
          type: string
          description: The rule's `id` value.
        - name: rule_id
          in: query
          type: string
          description: The rule's `rule_id` value.
      - name: patchrule
        method: PATCH
        description: Patch a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: createrule
        method: POST
        description: Create a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: updaterule
        method: PUT
        description: Update a detection rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-rules-_bulk_action
      path: /api/detection_engine/rules/_bulk_action
      operations:
      - name: performrulesbulkaction
        method: POST
        description: Apply a bulk action to detection rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: dry_run
          in: query
          type: boolean
          description: Enables dry run mode for the request call.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-detection_engine-rules-_export
      path: /api/detection_engine/rules/_export
      operations:
      - name: exportrules
        method: POST
        description: Export detection rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: exclude_export_details
          in: query
          type: boolean
          description: Determines whether a summary of the exported rules is returned.
        - name: file_name
          in: query
          type: string
          description: File name for saving the exported rules.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    - name: api-detection_engine-rules-_find
      path: /api/detection_engine/rules/_find
      operations:
      - name: findrules
        method: GET
        description: List all detection rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: fields
          in: query
          type: array
          description: List of `alert.attributes` field names to return for each rule (for example `name`, `enabled`).
        - name: filter
          in: query
          type: string
          description: Search query
        - name: sort_field
          in: query
          type: string
          description: Field to sort by
        - name: sort_order
          in: query
          type: string
          description: Sort order
        - name: page
          in: query
          type: integer
          description: Page number
        - name: per_page
          in: query
          type: integer
          description: Rules per page
        - name: gaps_range_start
          in: query
          type: string
          description: Gaps range start
        - name: gaps_range_end
          in: query
          type: string
          description: Gaps range end
        - name: gap_fill_statuses
          in: query
          type: array
          description: Gap fill statuses
        - name: gap_auto_fill_scheduler_id
          in: query
          type: string
          description: Gap auto fill scheduler ID used to determine gap fill status for rules
    - name: api-detection_engine-rules-_import
      path: /api/detection_engine/rules/_import
      operations:
      - name: importrules
        method: POST
        description: Import detection rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: overwrite
          in: query
          type: boolean
          description: Determines whether existing rules with the same `rule_id` are overwritten.
        - name: overwrite_exceptions
          in: query
          type: boolean
          description: Determines whether existing exception lists with the same `list_id` are overwritten. Both the exception
            list container and its items are overwritten.
        - name: overwrite_action_connectors
          in: query
          type: boolean
          description: Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten.
        - name: as_new_list
          in: query
          type: boolean
          description: Generates a new list ID for each imported exception list.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-rules-prepackaged
      path: /api/detection_engine/rules/prepackaged
      operations:
      - name: installprebuiltrulesandtimelines
        method: PUT
        description: Install prebuilt detection rules and Timelines
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-detection_engine-rules-prepackaged-_status
      path: /api/detection_engine/rules/prepackaged/_status
      operations:
      - name: readprebuiltrulesandtimelinesstatus
        method: GET
        description: Retrieve the status of prebuilt detection rules and Timelines
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-detection_engine-rules-preview
      path: /api/detection_engine/rules/preview
      operations:
      - name: rulepreview
        method: POST
        description: Preview rule alerts generated on specified time range
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: enable_logged_requests
          in: query
          type: boolean
          description: Enables logging and returning in response ES queries, performed during rule execution
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-signals-assignees
      path: /api/detection_engine/signals/assignees
      operations:
      - name: setalertassignees
        method: POST
        description: Assign and unassign users from detection alerts
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-signals-finalize_migration
      path: /api/detection_engine/signals/finalize_migration
      operations:
      - name: finalizealertsmigration
        method: POST
        description: Finalize detection alert migrations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-signals-migration
      path: /api/detection_engine/signals/migration
      operations:
      - name: alertsmigrationcleanup
        method: DELETE
        description: Clean up detection alert migrations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: createalertsmigration
        method: POST
        description: Initiate a detection alert migration
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-signals-migration_status
      path: /api/detection_engine/signals/migration_status
      operations:
      - name: readalertsmigrationstatus
        method: GET
        description: Retrieve the status of detection alert migrations
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: from
          in: query
          type: string
          description: Maximum age of qualifying detection alerts
          required: true
    - name: api-detection_engine-signals-search
      path: /api/detection_engine/signals/search
      operations:
      - name: searchalerts
        method: POST
        description: Find and/or aggregate detection alerts
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-signals-status
      path: /api/detection_engine/signals/status
      operations:
      - name: setalertsstatus
        method: POST
        description: Set a detection alert status
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-signals-tags
      path: /api/detection_engine/signals/tags
      operations:
      - name: setalerttags
        method: POST
        description: Add and remove detection alert tags
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-detection_engine-tags
      path: /api/detection_engine/tags
      operations:
      - name: readtags
        method: GET
        description: List all detection rule tags
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.KIBANA_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: kibana-security-detections-api-rest
    port: 8080
    description: REST adapter for Kibana APIs — Security Detections API. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/api/detection-engine/index
      name: api-detection-engine-index
      description: REST surface for api-detection_engine-index.
      operations:
      - method: DELETE
        name: deletealertsindex
        description: Delete an alerts index
        call: kibana-security-detections-api.deletealertsindex
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: readalertsindex
        description: Reads the alert index name if it exists
        call: kibana-security-detections-api.readalertsindex
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createalertsindex
        description: Create an alerts index
        call: kibana-security-detections-api.createalertsindex
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/privileges
      name: api-detection-engine-privileges
      description: REST surface for api-detection_engine-privileges.
      operations:
      - method: GET
        name: readprivileges
        description: Returns user privileges for the Kibana space
        call: kibana-security-detections-api.readprivileges
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules
      name: api-detection-engine-rules
      description: REST surface for api-detection_engine-rules.
      operations:
      - method: DELETE
        name: deleterule
        description: Delete a detection rule
        call: kibana-security-detections-api.deleterule
        with:
          id: rest.id
          rule_id: rest.rule_id
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: readrule
        description: Retrieve a detection rule
        call: kibana-security-detections-api.readrule
        with:
          id: rest.id
          rule_id: rest.rule_id
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: patchrule
        description: Patch a detection rule
        call: kibana-security-detections-api.patchrule
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createrule
        description: Create a detection rule
        call: kibana-security-detections-api.createrule
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updaterule
        description: Update a detection rule
        call: kibana-security-detections-api.updaterule
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/bulk-action
      name: api-detection-engine-rules-bulk-action
      description: REST surface for api-detection_engine-rules-_bulk_action.
      operations:
      - method: POST
        name: performrulesbulkaction
        description: Apply a bulk action to detection rules
        call: kibana-security-detections-api.performrulesbulkaction
        with:
          dry_run: rest.dry_run
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/export
      name: api-detection-engine-rules-export
      description: REST surface for api-detection_engine-rules-_export.
      operations:
      - method: POST
        name: exportrules
        description: Export detection rules
        call: kibana-security-detections-api.exportrules
        with:
          exclude_export_details: rest.exclude_export_details
          file_name: rest.file_name
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/find
      name: api-detection-engine-rules-find
      description: REST surface for api-detection_engine-rules-_find.
      operations:
      - method: GET
        name: findrules
        description: List all detection rules
        call: kibana-security-detections-api.findrules
        with:
          fields: rest.fields
          filter: rest.filter
          sort_field: rest.sort_field
          sort_order: rest.sort_order
          page: rest.page
          per_page: rest.per_page
          gaps_range_start: rest.gaps_range_start
          gaps_range_end: rest.gaps_range_end
          gap_fill_statuses: rest.gap_fill_statuses
          gap_auto_fill_scheduler_id: rest.gap_auto_fill_scheduler_id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/import
      name: api-detection-engine-rules-import
      description: REST surface for api-detection_engine-rules-_import.
      operations:
      - method: POST
        name: importrules
        description: Import detection rules
        call: kibana-security-detections-api.importrules
        with:
          overwrite: rest.overwrite
          overwrite_exceptions: rest.overwrite_exceptions
          overwrite_action_connectors: rest.overwrite_action_connectors
          as_new_list: rest.as_new_list
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/prepackaged
      name: api-detection-engine-rules-prepackaged
      description: REST surface for api-detection_engine-rules-prepackaged.
      operations:
      - method: PUT
        name: installprebuiltrulesandtimelines
        description: Install prebuilt detection rules and Timelines
        call: kibana-security-detections-api.installprebuiltrulesandtimelines
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/prepackaged/status
      name: api-detection-engine-rules-prepackaged-status
      description: REST surface for api-detection_engine-rules-prepackaged-_status.
      operations:
      - method: GET
        name: readprebuiltrulesandtimelinesstatus
        description: Retrieve the status of prebuilt detection rules and Timelines
        call: kibana-security-detections-api.readprebuiltrulesandtimelinesstatus
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/rules/preview
      name: api-detection-engine-rules-preview
      description: REST surface for api-detection_engine-rules-preview.
      operations:
      - method: POST
        name: rulepreview
        description: Preview rule alerts generated on specified time range
        call: kibana-security-detections-api.rulepreview
        with:
          enable_logged_requests: rest.enable_logged_requests
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/assignees
      name: api-detection-engine-signals-assignees
      description: REST surface for api-detection_engine-signals-assignees.
      operations:
      - method: POST
        name: setalertassignees
        description: Assign and unassign users from detection alerts
        call: kibana-security-detections-api.setalertassignees
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/finalize-migration
      name: api-detection-engine-signals-finalize-migration
      description: REST surface for api-detection_engine-signals-finalize_migration.
      operations:
      - method: POST
        name: finalizealertsmigration
        description: Finalize detection alert migrations
        call: kibana-security-detections-api.finalizealertsmigration
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/migration
      name: api-detection-engine-signals-migration
      description: REST surface for api-detection_engine-signals-migration.
      operations:
      - method: DELETE
        name: alertsmigrationcleanup
        description: Clean up detection alert migrations
        call: kibana-security-detections-api.alertsmigrationcleanup
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createalertsmigration
        description: Initiate a detection alert migration
        call: kibana-security-detections-api.createalertsmigration
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/migration-status
      name: api-detection-engine-signals-migration-status
      description: REST surface for api-detection_engine-signals-migration_status.
      operations:
      - method: GET
        name: readalertsmigrationstatus
        description: Retrieve the status of detection alert migrations
        call: kibana-security-detections-api.readalertsmigrationstatus
        with:
          from: rest.from
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/search
      name: api-detection-engine-signals-search
      description: REST surface for api-detection_engine-signals-search.
      operations:
      - method: POST
        name: searchalerts
        description: Find and/or aggregate detection alerts
        call: kibana-security-detections-api.searchalerts
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/status
      name: api-detection-engine-signals-status
      description: REST surface for api-detection_engine-signals-status.
      operations:
      - method: POST
        name: setalertsstatus
        description: Set a detection alert status
        call: kibana-security-detections-api.setalertsstatus
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/signals/tags
      name: api-detection-engine-signals-tags
      description: REST surface for api-detection_engine-signals-tags.
      operations:
      - method: POST
        name: setalerttags
        description: Add and remove detection alert tags
        call: kibana-security-detections-api.setalerttags
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/detection-engine/tags
      name: api-detection-engine-tags
      description: REST surface for api-detection_engine-tags.
      operations:
      - method: GET
        name: readtags
        description: List all detection rule tags
        call: kibana-security-detections-api.readtags
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: kibana-security-detections-api-mcp
    port: 9090
    transport: http
    description: MCP adapter for Kibana APIs — Security Detections API. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: delete-alerts-index
      description: Delete an alerts index
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: kibana-security-detections-api.deletealertsindex
      outputParameters:
      - type: object
        mapping: $.
    - name: reads-alert-index-name-if
      description: Reads the alert index name if it exists
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.readalertsindex
      outputParameters:
      - type: object
        mapping: $.
    - name: create-alerts-index
      description: Create an alerts index
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.createalertsindex
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-user-privileges-kibana-space
      description: Returns user privileges for the Kibana space
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.readprivileges
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-detection-rule
      description: Delete a detection rule
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: kibana-security-detections-api.deleterule
      with:
        id: tools.id
        rule_id: tools.rule_id
      outputParameters:
      - type: object
        mapping: $.
    - name: retrieve-detection-rule
      description: Retrieve a detection rule
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.readrule
      with:
        id: tools.id
        rule_id: tools.rule_id
      outputParameters:
      - type: object
        mapping: $.
    - name: patch-detection-rule
      description: Patch a detection rule
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.patchrule
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: create-detection-rule
      description: Create a detection rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.createrule
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: update-detection-rule
      description: Update a detection rule
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.updaterule
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: apply-bulk-action-detection-rules
      description: Apply a bulk action to detection rules
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.performrulesbulkaction
      with:
        dry_run: tools.dry_run
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: export-detection-rules
      description: Export detection rules
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.exportrules
      with:
        exclude_export_details: tools.exclude_export_details
        file_name: tools.file_name
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-all-detection-rules
      description: List all detection rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.findrules
      with:
        fields: tools.fields
        filter: tools.filter
        sort_field: tools.sort_field
        sort_order: tools.sort_order
        page: tools.page
        per_page: tools.per_page
        gaps_range_start: tools.gaps_range_start
        gaps_range_end: tools.gaps_range_end
        gap_fill_statuses: tools.gap_fill_statuses
        gap_auto_fill_scheduler_id: tools.gap_auto_fill_scheduler_id
      outputParameters:
      - type: object
        mapping: $.
    - name: import-detection-rules
      description: Import detection rules
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.importrules
      with:
        overwrite: tools.overwrite
        overwrite_exceptions: tools.overwrite_exceptions
        overwrite_action_connectors: tools.overwrite_action_connectors
        as_new_list: tools.as_new_list
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: install-prebuilt-detection-rules-and
      description: Install prebuilt detection rules and Timelines
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.installprebuiltrulesandtimelines
      outputParameters:
      - type: object
        mapping: $.
    - name: retrieve-status-prebuilt-detection-rules
      description: Retrieve the status of prebuilt detection rules and Timelines
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: kibana-security-detections-api.readprebuiltrulesandtimelinesstatus
      outputParameters:
      - type: object
        mapping: $.
    - name: preview-rule-alerts-generated-specified
      description: Preview rule alerts generated on specified time range
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.rulepreview
      with:
        enable_logged_requests: tools.enable_logged_requests
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: assign-and-unassign-users-detection
      description: Assign and unassign users from detection alerts
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.setalertassignees
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: finalize-detection-alert-migrations
      description: Finalize detection alert migrations
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: kibana-security-detections-api.finalizealertsmigration
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: clean-up-detection-alert-migrations
      description: Clean up detection alert migrations
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: kibana-security-detections-api.alert

# --- truncated at 32 KB (34 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/kibana/refs/heads/main/capabilities/kibana-security-detections-api.yaml