Import an exception list
Import an exception list and its associated items from an NDJSON file.
Query parameters
-
overwrite boolean
Determines whether existing exception lists with the same
list_id
are overwritten. If any exception items have the sameitem_id
, those are also overwritten.Default value is
false
. -
overwrite_exceptions boolean
Default value is
false
. -
overwrite_action_connectors boolean
Default value is
false
. -
as_new_list boolean
Determines whether the list being imported will have a new
list_id
generated. Additionalitem_id
's are generated for each exception item. Both the exception list and its items are overwritten.Default value is
false
.
Responses
-
200 application/json; Elastic-Api-Version=2023-10-31
Successful response
-
400 application/json; Elastic-Api-Version=2023-10-31
Invalid input data response
-
401 application/json; Elastic-Api-Version=2023-10-31
Unsuccessful authentication response
-
403 application/json; Elastic-Api-Version=2023-10-31
Not enough privileges response
-
500 application/json; Elastic-Api-Version=2023-10-31
Internal server error response
POST
/api/exception_lists/_import
curl \
-X POST https://localhost:5601/api/exception_lists/_import \
-H "Content-Type: multipart/form-data; Elastic-Api-Version=2023-10-31"
Response examples (200)
{
"errors": [
{
"error": {
"message": "string",
"status_code": 42
},
"id": "string",
"item_id": "string",
"list_id": "string"
}
],
"success": true,
"success_count": 42,
"success_count_exception_list_items": 42,
"success_count_exception_lists": 42,
"success_exception_list_items": true,
"success_exception_lists": true
}
Response examples (400)
Security_exceptions_api_platformerrorresponse
{
"error": "string",
"message": "string",
"statusCode": 42
}
{
"message": "string",
"status_code": 42
}
Response examples (401)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (403)
{
"error": "string",
"message": "string",
"statusCode": 42
}
Response examples (500)
{
"message": "string",
"status_code": 42
}