The SIEM app is now a part of the Elastic Security solution.
Click
here to view SIEM documentation for previous releases.
Import list items
editImport list items
editImports a list of items from a .txt
or .csv
file.
You can import items to a new or existing list container.
Request URL
editPOST <kibana host>:<port>/api/lists/items/_import
The request must include:
-
The
Content-Type: multipart/form-data
HTTP header. - A link to the file containing the list items.
For example, using cURL:
curl -X POST "<kibana host>:<port>/api/lists/items/_import" -u <username>:<password> -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@<link to file>"
URL query parameters
editName | Type | Description | Required |
---|---|---|---|
|
String |
ID of the list container. |
Required when importing to an existing container. |
|
String |
The datatype of excludes the list container holds, which can
be either |
Required when importing to a new container. |
Example requests
editAdds the IP addresses in the internal-IPs.txt
to the internal-ip-excludes
list container:
curl -X POST "api/lists/items/_import?list_id=internal-ip-excludes" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@internal-IPs.txt"
Adds the IP addresses in the internal-IPs.txt
to a new list container:
curl -X POST "api/lists/items/_import?type=ip" -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form "file=@internal-IPs.txt"
Response code
edit-
200
- Indicates a successful call.
Response payload
edit{ "_version": "WzcsMV0=", "id": "internal-ip-excludes", "created_at": "2020-08-11T10:38:51.087Z", "created_by": "elastic", "description": "Contains list items that exclude internal IP addresses from detection rule matches.", "immutable": false, "name": "Trusted internal IP addresses", "tie_breaker_id": "195f54fb-244d-4f9a-9a5b-e728901347e0", "type": "ip", "updated_at": "2020-08-11T10:42:30.205Z", "updated_by": "elastic", "version": 1 }