The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Export rules
editExport rules
editExports rules to an ndjson file.
You cannot export prebuilt rules.
Request URL
editPOST <kibana host>:<port>/api/detection_engine/rules/_export
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
Boolean |
Determines whether a summary of the exported rules is returned. |
No, defaults to |
|
String |
File name for saving the exported rules. |
No, defaults to
|
When using cURL to export rules to a file, use the -O
and -J
options
to save the rules to the file name specified in the URL.
Request body
editAn optional JSON objects
array containing the rule_id
fields of the rules
you want to export:
Name | Type | Description | Required |
---|---|---|---|
|
String[] |
Array of |
No, exports all rules when unspecified. |
Example request
editExports two rules without details and saves them to the exported_rules.ndjson
file:
POST api/detection_engine/rules/_export?exclude_export_details=true&file_name=exported_rules.ndjson { "objects": [ { "rule_id":"343580b5-c811-447c-8d2d-2ccf052c6900" }, { "rule_id":"2938c9fa-53eb-4c04-b79c-33cbf041b18d" } ] }
Response code
edit-
200
- Indicates a successful call.