Export detection rules
Export detection rules to an .ndjson
file. The following configuration items are also included in the .ndjson
file:
- Actions
- Exception lists
You cannot export prebuilt rules.
Query parameters
-
exclude_export_details boolean
Determines whether a summary of the exported rules is returned.
Default value is
false
. -
file_name string
File name for saving the exported rules.
Default value is
export.ndjson
.
POST /api/detection_engine/rules/_export
curl \
-X POST https://localhost:5601/api/detection_engine/rules/_export \
-H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
"objects": [
{
"rule_id": "string"
}
]
}
Response examples (200)
@file