Export rules

edit

Exports rules to an ndjson file.

The Kibana Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Console.

You cannot export prebuilt rules but they are available at https://github.com/elastic/detection-rules/tree/main/rules/.

Request URL

edit

POST <kibana host>:<port>/api/detection_engine/rules/_export

URL query parameters

edit
Name Type Description Required

exclude_export_details

Boolean

Determines whether a summary of the exported rules is returned.

No, defaults to false.

file_name

String

File name for saving the exported rules.

No, defaults to export.ndjson

When using cURL to export rules to a file, use the -O and -J options to save the rules to the file name specified in the URL.

Request body

edit

An optional JSON objects array containing the rule_id fields of the rules you want to export:

Name Type Description Required

objects

String[]

Array of rule_id fields.

No, exports all rules when unspecified.

Example request

edit

Exports two rules without details and saves them to the exported_rules.ndjson file:

POST api/detection_engine/rules/_export?exclude_export_details=true&file_name=exported_rules.ndjson
{
  "objects": [
    {
      "rule_id":"343580b5-c811-447c-8d2d-2ccf052c6900"
    },
    {
      "rule_id":"2938c9fa-53eb-4c04-b79c-33cbf041b18d"
    }
  ]
}

Response code

edit
200
Indicates a successful call.