Export detection rules

POST /api/detection_engine/rules/_export

Export detection rules to an .ndjson file. The following configuration items are also included in the .ndjson file:

  • Actions
  • Exception lists

You cannot export prebuilt rules.

Query parameters

  • Determines whether a summary of the exported rules is returned.

    Default value is false.

  • File name for saving the exported rules.

    Default value is export.ndjson.

application/json; Elastic-Api-Version=2023-10-31

Body

  • objects array[object] Required

    Array of rule_id fields. Exports all rules when unspecified.

    Hide objects attribute Show objects attribute object
    • rule_id string Required

      Could be any string, not necessarily a UUID

Responses

  • 200 application/ndjson; Elastic-Api-Version=2023-10-31

    Indicates a successful call.

    An .ndjson file containing the returned rules.

POST /api/detection_engine/rules/_export
curl \
 -X POST https://localhost:5601/api/detection_engine/rules/_export \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
  "objects": [
    {
      "rule_id": "string"
    }
  ]
}
Response examples (200)
@file