Updating the alerting for all rules with the API

ARDiver86 · April 22, 2022, 11:20pm

Since the ability to bulk edit rules and assign an action does not exist, how can I do this with the API? I've tried a few methods via the Kibana console under dev tools but cannot get any of the GET's to return data (like GET /api/detection_engine/rules)

What I'm trying to accomplish is set the action for all 600+ rules to be Microsoft Teams with a specific format:

{{#context.alerts}}
{{signal.rule.name}}
{{signal.rule.severity}} - {{signal.reason}}

{{signal.rule.description}}
{{/context.alerts}}

system · May 20, 2022, 11:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Default action? Elastic Security detection-rules	4	510	July 27, 2021
Same action for every SIEM detection rule Kibana elastic-stack-alerting	3	333	March 15, 2022
Default alert action? Elastic Security	3	369	November 2, 2022
Update field on all SIEM detection Rules in one go SIEM	6	436	April 18, 2022
Bulk alerting configuration SIEM	6	491	May 9, 2023

Updating the alerting for all rules with the API

Related Topics