Name of the resource

exceptions

Describe new functionality

Add support for the Kibana Exceptions API

Exceptions are made up of:

• Exception containers: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules.

• Exception items: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to true, the rule does not generate an alert.

We should add resources for both of these exception containers (exception_container) and also exception items (exception_item).

Details

• These a directory for each of these resources should be added to internal/kibana
• When making requests to Kibana use the generated Kibana Open Api Client (eg GetKibanaOapiClient())
• Implement this resource using the terraform-plugin-framework
• Use internal/elasticsearch/security/system_user/resource.go as an example of a terraform-plugin-framework based resource
• When implementing api requests double check the docs to verify all fields are supported

Version Introduced

7.9.0

Anything else?

No response