#! this request accesses system indices: [.kibana_1, .kibana_7.14.0_001, .kibana_security_session_1, .kibana_task_manager_1, .kibana_task_manager_7.14.0_001], but in a future major version, direct access to system indices will be prevented by default { "took" : 666, "timed_out" : false, "_shards" : { "total" : 7, "successful" : 7, "skipped" : 0, "failed" : 0 }, "hits" : { "total" : { "value" : 2, "relation" : "eq" }, "max_score" : 1.0, "hits" : [ { "_index" : ".kibana_1", "_type" : "_doc", "_id" : "new:alert:f3f3c2d5-4cd0-42bc-8720-a6b2cc797b25", "_score" : 1.0, "_source" : { "alert" : { "name" : "Space_Rule", "tags" : [ "__internal_rule_id:de798d45-3755-4532-bd6c-c82d1a4003af", "__internal_immutable:false" ], "alertTypeId" : "siem.signals", "consumer" : "siem", "params" : { "description" : "Test", "ruleId" : "de798d45-3755-4532-bd6c-c82d1a4003af", "index" : [ "apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "packetbeat-*", "winlogbeat-*" ], "falsePositives" : [ ], "from" : "now-65s", "immutable" : false, "query" : "host.name : * ", "language" : "kuery", "outputIndex" : ".siem-signals-new", "savedId" : null, "timelineId" : null, "timelineTitle" : null, "meta" : { "from" : "1m", "kibana_siem_app_url" : "https://aacbde9659b84b68a92b8df09b530957.europe-west1.gcp.cloud.es.io:9243/s/new/app/siem" }, "filters" : [ ], "maxSignals" : 100, "riskScore" : 50, "severity" : "low", "threat" : [ ], "to" : "now", "type" : "query", "references" : [ ], "note" : null, "version" : 1 }, "schedule" : { "interval" : "5s" }, "enabled" : true, "actions" : [ ], "throttle" : null, "apiKeyOwner" : "elastic", "apiKey" : "xsEIg280UqS7oxSlpaBAi1aY22dASI80ES5hKAU1xaMfNCsEvzs8E82XYyJqrwhoJP50HGzJbqMI5zRKSlArOowD0KXrMTunHizUTjvnMRiB4J/aV0edt+RWbDwtUCuVJFHaM1e2l6wZzt6vBbK9MH+zGv6dDiL3EY5cl9wVmiR0eVl5SiW/J+Ue60EEmiDDnTo+VuYqhgVxMg==", "createdBy" : "elastic", "updatedBy" : "elastic", "createdAt" : "2021-07-28T04:57:51.164Z", "muteAll" : false, "mutedInstanceIds" : [ ], "scheduledTaskId" : "e0474c80-ef60-11eb-94c9-670b3b3d88ea" }, "type" : "alert", "references" : [ ], "namespace" : "new", "updated_at" : "2021-07-28T05:01:32.386Z" } }, { "_index" : ".kibana_7.14.0_001", "_type" : "_doc", "_id" : "new:alert:f3f3c2d5-4cd0-42bc-8720-a6b2cc797b25", "_score" : 1.0, "_source" : { "alert" : { "name" : "Space_Rule", "tags" : [ "__internal_rule_id:de798d45-3755-4532-bd6c-c82d1a4003af", "__internal_immutable:false" ], "alertTypeId" : "siem.signals", "consumer" : "siem", "params" : { "description" : "Test", "ruleId" : "de798d45-3755-4532-bd6c-c82d1a4003af", "index" : [ "apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "packetbeat-*", "winlogbeat-*" ], "falsePositives" : [ ], "from" : "now-65s", "immutable" : false, "query" : "host.name : * ", "language" : "kuery", "outputIndex" : ".siem-signals-new", "meta" : { "from" : "1m", "kibana_siem_app_url" : "https://aacbde9659b84b68a92b8df09b530957.europe-west1.gcp.cloud.es.io:9243/s/new/app/siem" }, "filters" : [ ], "maxSignals" : 100, "riskScore" : 50, "severity" : "low", "threat" : [ ], "to" : "now", "type" : "query", "references" : [ ], "version" : 1, "riskScoreMapping" : [ ], "severityMapping" : [ ], "exceptionsList" : [ ] }, "schedule" : { "interval" : "5s" }, "enabled" : true, "actions" : [ ], "throttle" : null, "apiKeyOwner" : "elastic", "apiKey" : "4g+xQzBhI6iKei5ag0g7wd1OVbS3ADbV3NA237OvUxoGY3hcXGXSj/uSpW+t6q1CZW8OYgAc1US79ftSWLILcfUCQWTTTQXwvieD6ucUfoL12qv4J02JGHTi3isKl/kcv8oWR7xM3df5C+6BY65Xaywi4kwWB4R17kk3eEtvATXIkZgbnuxApDHyNMMGWjd1sotKflC1XOOPEQ==", "createdBy" : "elastic", "updatedBy" : "elastic", "createdAt" : "2021-07-28T04:57:51.164Z", "muteAll" : false, "mutedInstanceIds" : [ ], "scheduledTaskId" : "e0474c80-ef60-11eb-94c9-670b3b3d88ea", "meta" : { "versionApiKeyLastmodified" : "pre-7.10.0" }, "executionStatus" : { "status" : "error", "lastExecutionDate" : "2021-07-28T06:09:44.530Z", "error" : { "reason" : "unknown", "message" : "params invalid: Invalid value \"undefined\" supplied to \"author\"" } }, "updatedAt" : "2021-07-28T05:01:32.386Z", "notifyWhen" : "onActiveAlert" }, "type" : "alert", "references" : [ ], "namespace" : "new", "migrationVersion" : { "alert" : "7.13.0" }, "coreMigrationVersion" : "7.14.0", "updated_at" : "2021-07-28T06:09:44.580Z" } } ] } }