The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Import rules
editImport rules
editImports rules from an ndjson file.
Request URL
editPOST <kibana host>:<port>/api/detection_engine/rules/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the ndjson file containing the rules.
For example, using cURL:
curl -X POST "<KibanaURL>/api/detection_engine/rules/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
Boolean |
Determines whether existing rules with the same
|
No, defaults to |
Example request
editImports the rules in the detection_rules.ndjson
file and overwrites
existing rules with the same rule_id
values:
curl -X POST "api/detection_engine/rules/_import?overwrite=true" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@detection_rules.ndjson"
Response code
edit-
200
- Indicates a successful call.