IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Signals endpoint Exceptions API »
Elastic Docs Elastic Security Solution [7.16] Elastic Security APIs Detections API

Prebuilt rules

edit

Prebuilt rules

edit

The prepackaged endpoint is for retrieving rule statuses and loading Elastic prebuilt detection rules.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Load prebuilt rules

edit

Loads and updates Elastic prebuilt rules.

By default, all loaded prebuilt rules are disabled.

Request URL

edit

PUT <kibana host>:<port>/api/detection_engine/rules/prepackaged

Example request
edit
PUT api/detection_engine/rules/prepackaged

Response code

edit
200
Indicates a successful call.
Response payload
edit

A JSON object listing the number of loaded and updated prebuilt rules.

Example response:

{
  "rules_installed": 112,
  "rules_updated": 0
}

Get rule status

edit

Returns rule statuses.

Request URL

edit

GET <kibana host>:<port>/api/detection_engine/rules/prepackaged/_status

Example request
edit
GET api/detection_engine/rules/prepackaged/_status

Response code

edit
200
Indicates a successful call.
Response payload
edit

A JSON object listing rule statuses.

Example response:

{
  "rules_custom_installed": 0,
  "rules_installed": 0,
  "rules_not_installed": 112,
  "rules_not_updated": 0
}
« Signals endpoint Exceptions API »