IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Import rules
editImport rules
editThis API supports Token-based authentication only.
Imports rules from an ndjson file.
The Kibana Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Console.
Request URL
editPOST <kibana host>:<port>/api/detection_engine/rules/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the ndjson file containing the rules.
For example, using cURL:
curl -X POST "<KibanaURL>/api/detection_engine/rules/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
Boolean |
Determines whether existing rules with the same
|
No, defaults to |
Example request
editImports the rules in the detection_rules.ndjson
file and overwrites
existing rules with the same rule_id
values:
curl -X POST "api/detection_engine/rules/_import?overwrite=true" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@detection_rules.ndjson"
Response code
edit-
200
- Indicates a successful call.