I'm trying to export all the 722 rules into an ndjson file, but the file is incomplete. There are two sets of rule: Elastic rules and Custom rules.
I go to Security > Overview > Rules > Select all 722 rules > Bulk Actions > Export selected.
However, the resulting output contains the following, which is NOT what I need.
Now, when I select the 20 Custom rules, I do get the expect output.
Any idea on how to fix this? Or am I doing something wrong?
Thanks for your help!
CodePudding user response:
It is an ongoing issue I think.
CodePudding user response:
Found a solution to this.
What worked for me was to use a GET request to return all rules in json format
https://<IP address":<port>5601/api/detection_engine/rules/_find?page=1&per_page=<number of results to include>
All the info is here: https://www.elastic.co/guide/en/security/current/rules-api-find.html