Kibana · Capability
Kibana APIs — Security entity store
Kibana APIs — Security entity store. 14 operations. Lead operation: Update the Entity Store. Self-contained Naftiko capability covering one Kibana business surface.
What You Can Do
PUT
Putsecurityentitystore
— Update the Entity Store
/v1/api/security/entity-store
GET
Getsecurityentitystoreentities
— List entities
/v1/api/security/entity-store/entities
DELETE
Deletesecurityentitystoreentities
— Delete an entity
/v1/api/security/entity-store/entities
PUT
Putsecurityentitystoreentitiesbulk
— Bulk update entities
/v1/api/security/entity-store/entities/bulk
POST
Postsecurityentitystoreentitiesentitytype
— Create an entity
/v1/api/security/entity-store/entities/{entitytype}
PUT
Putsecurityentitystoreentitiesentitytype
— Update an entity
/v1/api/security/entity-store/entities/{entitytype}
POST
Postsecurityentitystoreinstall
— Install the Entity Store
/v1/api/security/entity-store/install
GET
Getsecurityentitystoreresolutiongroup
— Get resolution group
/v1/api/security/entity-store/resolution/group
POST
Postsecurityentitystoreresolutionlink
— Link entities
/v1/api/security/entity-store/resolution/link
POST
Postsecurityentitystoreresolutionunlink
— Unlink entities
/v1/api/security/entity-store/resolution/unlink
PUT
Putsecurityentitystorestart
— Start Entity Store engines
/v1/api/security/entity-store/start
GET
Getsecurityentitystorestatus
— Get Entity Store status
/v1/api/security/entity-store/status
PUT
Putsecurityentitystorestop
— Stop Entity Store engines
/v1/api/security/entity-store/stop
POST
Postsecurityentitystoreuninstall
— Uninstall the Entity Store
/v1/api/security/entity-store/uninstall
MCP Tools
update-entity-store
Update the Entity Store
idempotent
list-entities
List entities
read-only
idempotent
delete-entity
Delete an entity
idempotent
bulk-update-entities
Bulk update entities
idempotent
create-entity
Create an entity
update-entity
Update an entity
idempotent
install-entity-store
Install the Entity Store
get-resolution-group
Get resolution group
read-only
idempotent
link-entities
Link entities
unlink-entities
Unlink entities
start-entity-store-engines
Start Entity Store engines
idempotent
get-entity-store-status
Get Entity Store status
read-only
idempotent
stop-entity-store-engines
Stop Entity Store engines
idempotent
uninstall-entity-store
Uninstall the Entity Store
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Kibana APIs — Security entity store
description: 'Kibana APIs — Security entity store. 14 operations. Lead operation: Update the Entity Store. Self-contained
Naftiko capability covering one Kibana business surface.'
tags:
- Kibana
- Security entity store
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
KIBANA_API_KEY: KIBANA_API_KEY
capability:
consumes:
- type: http
namespace: kibana-security-entity-store
baseUri: https://{kibana_url}
description: Kibana APIs — Security entity store business capability. Self-contained, no shared references.
resources:
- name: api-security-entity_store
path: /api/security/entity_store
operations:
- name: putsecurityentitystore
method: PUT
description: Update the Entity Store
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-entities
path: /api/security/entity_store/entities
operations:
- name: getsecurityentitystoreentities
method: GET
description: List entities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: filter
in: query
type: string
description: A Kibana Query Language (KQL) filter for the search-after mode.
- name: size
in: query
type: integer
description: Number of entities to return in search-after mode.
- name: searchAfter
in: query
type: string
description: JSON-encoded search_after value for cursor-based pagination.
- name: source
in: query
type: array
description: Fields to include in the response source.
- name: fields
in: query
type: array
description: Fields to include in the response.
- name: sort_field
in: query
type: string
description: Field to sort results by in page mode.
- name: sort_order
in: query
type: string
description: Sort order in page mode.
- name: page
in: query
type: integer
description: Page number to return (1-indexed) in page mode.
- name: per_page
in: query
type: integer
description: Number of entities per page in page mode.
- name: filterQuery
in: query
type: string
description: An Elasticsearch query string to filter entities in page mode.
- name: entity_types
in: query
type: array
description: Entity types to include in the results.
- name: api-security-entity_store-entities
path: /api/security/entity_store/entities/
operations:
- name: deletesecurityentitystoreentities
method: DELETE
description: Delete an entity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-entities-bulk
path: /api/security/entity_store/entities/bulk
operations:
- name: putsecurityentitystoreentitiesbulk
method: PUT
description: Bulk update entities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: force
in: query
type: string
description: When true, allows updating protected fields.
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-entities-entityType
path: /api/security/entity_store/entities/{entityType}
operations:
- name: postsecurityentitystoreentitiesentitytype
method: POST
description: Create an entity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: entityType
in: path
type: string
description: The entity type to create.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: putsecurityentitystoreentitiesentitytype
method: PUT
description: Update an entity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: entityType
in: path
type: string
description: The entity type to update.
required: true
- name: force
in: query
type: string
description: When true, allows updating protected fields.
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-install
path: /api/security/entity_store/install
operations:
- name: postsecurityentitystoreinstall
method: POST
description: Install the Entity Store
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-resolution-group
path: /api/security/entity_store/resolution/group
operations:
- name: getsecurityentitystoreresolutiongroup
method: GET
description: Get resolution group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: entity_id
in: query
type: string
description: The entity identifier to look up the resolution group for.
required: true
- name: api-security-entity_store-resolution-link
path: /api/security/entity_store/resolution/link
operations:
- name: postsecurityentitystoreresolutionlink
method: POST
description: Link entities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-resolution-unlink
path: /api/security/entity_store/resolution/unlink
operations:
- name: postsecurityentitystoreresolutionunlink
method: POST
description: Unlink entities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-start
path: /api/security/entity_store/start
operations:
- name: putsecurityentitystorestart
method: PUT
description: Start Entity Store engines
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-status
path: /api/security/entity_store/status
operations:
- name: getsecurityentitystorestatus
method: GET
description: Get Entity Store status
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: include_components
in: query
type: string
description: If true, returns a detailed status of each engine including all its components.
- name: api-security-entity_store-stop
path: /api/security/entity_store/stop
operations:
- name: putsecurityentitystorestop
method: PUT
description: Stop Entity Store engines
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: api-security-entity_store-uninstall
path: /api/security/entity_store/uninstall
operations:
- name: postsecurityentitystoreuninstall
method: POST
description: Uninstall the Entity Store
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: kbn-xsrf
in: header
type: string
description: A required header to protect against CSRF attacks
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
authentication:
type: apikey
key: Authorization
value: '{{env.KIBANA_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: kibana-security-entity-store-rest
port: 8080
description: REST adapter for Kibana APIs — Security entity store. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/api/security/entity-store
name: api-security-entity-store
description: REST surface for api-security-entity_store.
operations:
- method: PUT
name: putsecurityentitystore
description: Update the Entity Store
call: kibana-security-entity-store.putsecurityentitystore
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/entities
name: api-security-entity-store-entities
description: REST surface for api-security-entity_store-entities.
operations:
- method: GET
name: getsecurityentitystoreentities
description: List entities
call: kibana-security-entity-store.getsecurityentitystoreentities
with:
filter: rest.filter
size: rest.size
searchAfter: rest.searchAfter
source: rest.source
fields: rest.fields
sort_field: rest.sort_field
sort_order: rest.sort_order
page: rest.page
per_page: rest.per_page
filterQuery: rest.filterQuery
entity_types: rest.entity_types
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/entities
name: api-security-entity-store-entities
description: REST surface for api-security-entity_store-entities.
operations:
- method: DELETE
name: deletesecurityentitystoreentities
description: Delete an entity
call: kibana-security-entity-store.deletesecurityentitystoreentities
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/entities/bulk
name: api-security-entity-store-entities-bulk
description: REST surface for api-security-entity_store-entities-bulk.
operations:
- method: PUT
name: putsecurityentitystoreentitiesbulk
description: Bulk update entities
call: kibana-security-entity-store.putsecurityentitystoreentitiesbulk
with:
kbn-xsrf: rest.kbn-xsrf
force: rest.force
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/entities/{entitytype}
name: api-security-entity-store-entities-entitytype
description: REST surface for api-security-entity_store-entities-entityType.
operations:
- method: POST
name: postsecurityentitystoreentitiesentitytype
description: Create an entity
call: kibana-security-entity-store.postsecurityentitystoreentitiesentitytype
with:
kbn-xsrf: rest.kbn-xsrf
entityType: rest.entityType
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: PUT
name: putsecurityentitystoreentitiesentitytype
description: Update an entity
call: kibana-security-entity-store.putsecurityentitystoreentitiesentitytype
with:
kbn-xsrf: rest.kbn-xsrf
entityType: rest.entityType
force: rest.force
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/install
name: api-security-entity-store-install
description: REST surface for api-security-entity_store-install.
operations:
- method: POST
name: postsecurityentitystoreinstall
description: Install the Entity Store
call: kibana-security-entity-store.postsecurityentitystoreinstall
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/resolution/group
name: api-security-entity-store-resolution-group
description: REST surface for api-security-entity_store-resolution-group.
operations:
- method: GET
name: getsecurityentitystoreresolutiongroup
description: Get resolution group
call: kibana-security-entity-store.getsecurityentitystoreresolutiongroup
with:
entity_id: rest.entity_id
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/resolution/link
name: api-security-entity-store-resolution-link
description: REST surface for api-security-entity_store-resolution-link.
operations:
- method: POST
name: postsecurityentitystoreresolutionlink
description: Link entities
call: kibana-security-entity-store.postsecurityentitystoreresolutionlink
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/resolution/unlink
name: api-security-entity-store-resolution-unlink
description: REST surface for api-security-entity_store-resolution-unlink.
operations:
- method: POST
name: postsecurityentitystoreresolutionunlink
description: Unlink entities
call: kibana-security-entity-store.postsecurityentitystoreresolutionunlink
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/start
name: api-security-entity-store-start
description: REST surface for api-security-entity_store-start.
operations:
- method: PUT
name: putsecurityentitystorestart
description: Start Entity Store engines
call: kibana-security-entity-store.putsecurityentitystorestart
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/status
name: api-security-entity-store-status
description: REST surface for api-security-entity_store-status.
operations:
- method: GET
name: getsecurityentitystorestatus
description: Get Entity Store status
call: kibana-security-entity-store.getsecurityentitystorestatus
with:
include_components: rest.include_components
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/stop
name: api-security-entity-store-stop
description: REST surface for api-security-entity_store-stop.
operations:
- method: PUT
name: putsecurityentitystorestop
description: Stop Entity Store engines
call: kibana-security-entity-store.putsecurityentitystorestop
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/api/security/entity-store/uninstall
name: api-security-entity-store-uninstall
description: REST surface for api-security-entity_store-uninstall.
operations:
- method: POST
name: postsecurityentitystoreuninstall
description: Uninstall the Entity Store
call: kibana-security-entity-store.postsecurityentitystoreuninstall
with:
kbn-xsrf: rest.kbn-xsrf
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: kibana-security-entity-store-mcp
port: 9090
transport: http
description: MCP adapter for Kibana APIs — Security entity store. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: update-entity-store
description: Update the Entity Store
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-entity-store.putsecurityentitystore
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: list-entities
description: List entities
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-entity-store.getsecurityentitystoreentities
with:
filter: tools.filter
size: tools.size
searchAfter: tools.searchAfter
source: tools.source
fields: tools.fields
sort_field: tools.sort_field
sort_order: tools.sort_order
page: tools.page
per_page: tools.per_page
filterQuery: tools.filterQuery
entity_types: tools.entity_types
outputParameters:
- type: object
mapping: $.
- name: delete-entity
description: Delete an entity
hints:
readOnly: false
destructive: true
idempotent: true
call: kibana-security-entity-store.deletesecurityentitystoreentities
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: bulk-update-entities
description: Bulk update entities
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-entity-store.putsecurityentitystoreentitiesbulk
with:
kbn-xsrf: tools.kbn-xsrf
force: tools.force
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-entity
description: Create an entity
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-entity-store.postsecurityentitystoreentitiesentitytype
with:
kbn-xsrf: tools.kbn-xsrf
entityType: tools.entityType
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-entity
description: Update an entity
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-entity-store.putsecurityentitystoreentitiesentitytype
with:
kbn-xsrf: tools.kbn-xsrf
entityType: tools.entityType
force: tools.force
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: install-entity-store
description: Install the Entity Store
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-entity-store.postsecurityentitystoreinstall
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-resolution-group
description: Get resolution group
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-entity-store.getsecurityentitystoreresolutiongroup
with:
entity_id: tools.entity_id
outputParameters:
- type: object
mapping: $.
- name: link-entities
description: Link entities
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-entity-store.postsecurityentitystoreresolutionlink
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: unlink-entities
description: Unlink entities
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-entity-store.postsecurityentitystoreresolutionunlink
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: start-entity-store-engines
description: Start Entity Store engines
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-entity-store.putsecurityentitystorestart
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-entity-store-status
description: Get Entity Store status
hints:
readOnly: true
destructive: false
idempotent: true
call: kibana-security-entity-store.getsecurityentitystorestatus
with:
include_components: tools.include_components
outputParameters:
- type: object
mapping: $.
- name: stop-entity-store-engines
description: Stop Entity Store engines
hints:
readOnly: false
destructive: false
idempotent: true
call: kibana-security-entity-store.putsecurityentitystorestop
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: uninstall-entity-store
description: Uninstall the Entity Store
hints:
readOnly: false
destructive: false
idempotent: false
call: kibana-security-entity-store.postsecurityentitystoreuninstall
with:
kbn-xsrf: tools.kbn-xsrf
body: tools.body
outputParameters:
- type: object
mapping: $.