Install prebuilt detection rules and Timelines

PUT /api/detection_engine/rules/prepackaged

Install and update all Elastic prebuilt detection rules and Timelines.

This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. When you call this endpoint, it will:

Install any new prebuilt detection rules that are not currently installed in your system.
Update any existing prebuilt detection rules that have been modified or improved by Elastic.
Install any new prebuilt Timelines that are not currently installed in your system.
Update any existing prebuilt Timelines that have been modified or improved by Elastic.

This ensures that your detection engine is always up-to-date with the latest rules and Timelines, providing you with the most current and effective threat detection capabilities.

Responses

200 application/json

Indicates a successful call
Hide response attributes Show response attributes object
- rules_installed integer Required
  
  The number of rules installed
  
  Minimum value is 0.
- rules_updated integer Required
  
  The number of rules updated
  
  Minimum value is 0.
- timelines_installed integer Required
  
  The number of timelines installed
  
  Minimum value is 0.
- timelines_updated integer Required
  
  The number of timelines updated
  
  Minimum value is 0.

PUT /api/detection_engine/rules/prepackaged

curl \
 --request PUT 'https://localhost:5601/api/detection_engine/rules/prepackaged' \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "rules_updated": 0,
  "rules_installed": 112,
  "timelines_updated": 2,
  "timelines_installed": 5
}