Detlef
(Detlef Wolf)
February 2, 2022, 5:13pm
1
I'm trying to extract my created detection rules.
From my python script I receive the following debug messages:
2022-02-02 17:57:22,859 __main__ INFO Selected the following elastic host for requests: dw-prodkib-00.mydom.country
2022-02-02 17:57:22,859 __main__ DEBUG Executing POST request against Kibana with http://dw-prodkib-00.mydom.country:5601/api/detection_engine/rules/_export?file_name=/tmp/exportedRulesProduction.ndjson
2022-02-02 17:57:22,859 __main__ DEBUG elasticRequest.auth=('elastic', 'TopSecretPassword')
2022-02-02 17:57:22,859 __main__ DEBUG elasticRequest.headers={'content-type': 'application/json', 'Accept-Charset': 'UTF-8'}
2022-02-02 17:57:22,860 urllib3.connectionpool DEBUG Starting new HTTP connection (1): dw-prodkib-00.mydom.country:5601
2022-02-02 17:57:22,914 urllib3.connectionpool DEBUG http://dw-prodkib-00.mydom.country:5601 "POST /api/detection_engine/rules/_export?file_name=/tmp/exportedRulesProduction.ndjson HTTP/1.1" 400 92
2022-02-02 17:57:22,915 __main__ ERROR An Http Error occurred:HTTPError('400 Client Error: Bad Request for url: http://dw-prodkib-00.mydom.country:5601/api/detection_engine/rules/_export?file_name=/tmp/exportedRulesProduction.ndjson')
2022-02-02 17:57:22,916 __main__ ERROR An exception occurred while processing export rules request
I already tried without any parameter, but the error remains the same.
jamesspi
(Jamesspi)
February 3, 2022, 10:42am
2
Hi @Detlef , as I mentioned on the community slack, it looks like you haven't added a kbn-xsrf
header, which is needed for any API call to Kibana.
Detlef
(Detlef Wolf)
February 3, 2022, 10:56am
3
That was the trick.
2022-02-03 11:50:10,513 __main__ INFO Selected the following elastic host for requests: dw-prodkib-00.<my
2022-02-03 11:50:10,513 __main__ DEBUG Executing POST request against Kibana with http://dw-prodkib-00.mydom.country:5601/api/detection_engine/rules/_export?file_name=/tmp/exportedRulesProduction.ndjson
2022-02-03 11:50:10,513 __main__ DEBUG kibanaRequest.auth=('elastic', 'TopSecretPassword')
2022-02-03 11:50:10,513 __main__ DEBUG kibanaRequest.headers={'content-type': 'application/json', 'Accept-Charset': 'UTF-8', 'kbn-xsrf': 'true'}
2022-02-03 11:50:10,515 urllib3.connectionpool DEBUG Starting new HTTP connection (1): dw-prodkib-00.mydom.country:5601
2022-02-03 11:50:12,115 urllib3.connectionpool DEBUG http://dw-prodkib-00.mydom.country:5601 "POST /api/detection_engine/rules/_export?file_name=/tmp/exportedRulesProduction.ndjson HTTP/1.1" 200 297
2022-02-03 11:50:12,117 __main__ INFO Rules have been exported successfully
2022-02-03 11:50:12,118 __main__ INFO to file /tmp/exportedRulesProduction.ndjson
Thanks to @jamesspi
system
(system)
Closed
March 3, 2022, 12:10pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.