Subscribe to sample log generation for multiple Cloud SIEM content packs in a single call.
Each requested content pack is processed independently; the response includes a per-item
status so partial successes can be inspected.
Availability: this endpoint is restricted to Cloud SIEM trial organizations on an
eligible pricing model. Non-trial orgs receive 403 Forbidden, the feature flag may also reject
requests with 400 Bad Request, and legacy pricing tiers receive per-item responses with status: not_available.
This endpoint requires
any
of the following permissions:
security_monitoring_filters_write
logs_modify_indexes
OAuth apps require the security_monitoring_filters_write, logs_modify_indexes authorization scope to access this endpoint.
Request
Body Data (required)
The content packs to subscribe to and the desired duration of the subscriptions.
Response containing the per-content-pack results of a bulk subscription request.
Expand All
Field
Type
Description
data [required]
[object]
The list of bulk subscription results, one per requested content pack.
attributes [required]
object
The attributes describing a sample log generation subscription.
content_pack_id [required]
string
The identifier of the Cloud SIEM content pack the subscription targets.
created_at [required]
date-time
The time at which the subscription was created.
expires_at [required]
date-time
The time at which the subscription expires and stops generating logs.
is_active [required]
boolean
Whether the subscription is currently active and generating logs.
status [required]
enum
The status of the subscription.
Allowed enum values: subscribed,renewed,unsubscribed,no_active_subscription,not_available,active,expired
id [required]
string
The unique identifier of the subscription, when one was created.
meta [required]
object
Per-item status returned for a bulk subscription request.
error
string
A description of the error encountered for this content pack, if the subscription could not be created.
status [required]
int32
The HTTP status code that resulted from creating the subscription for this content pack.
type [required]
enum
The type of the resource. The value should always be subscriptions.
Allowed enum values: subscriptions
default: subscriptions
{"data":[{"attributes":{"content_pack_id":"aws-cloudtrail","created_at":"2026-05-08T20:02:13.77481Z","expires_at":"2026-05-11T20:02:13.77481Z","is_active":true,"status":"subscribed"},"id":"123","meta":{"error":"content pack does not exist","status":200},"type":"subscriptions"}]}
