IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Import rules
editImport rules
editImports rules from an ndjson file.
Request URL
editPOST <kibana host>:<port>/api/detection_engine/rules/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the ndjson file containing the rules.
For example, using cURL:
curl -X POST "<KibanaURL>/api/detection_engine/rules/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
Boolean |
Determines whether existing rules with the same
|
No, defaults to |
Example request
editImports the rules in the detection_rules.ndjson
file and overwrites
existing rules with the same rule_id
values:
curl -X POST "api/detection_engine/rules/_import?overwrite=true" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@detection_rules.ndjson"
Response code
edit-
200
- Indicates a successful call.