Home > Blockchain >  Exporting rules to ndjson generates incomplete file
Exporting rules to ndjson generates incomplete file

Time:11-10

I'm trying to export all the 722 rules into an ndjson file, but the file is incomplete. There are two sets of rule: Elastic rules and Custom rules.

I go to Security > Overview > Rules > Select all 722 rules > Bulk Actions > Export selected.

enter image description here

However, the resulting output contains the following, which is NOT what I need.

enter image description here

Now, when I select the 20 Custom rules, I do get the expect output. enter image description here

Any idea on how to fix this? Or am I doing something wrong?

Thanks for your help!

CodePudding user response:

It is an ongoing issue I think.

CodePudding user response:

Found a solution to this.

What worked for me was to use a GET request to return all rules in json format

https://<IP address":<port>5601/api/detection_engine/rules/_find?page=1&per_page=<number of results to include>

All the info is here: https://www.elastic.co/guide/en/security/current/rules-api-find.html

  • Related