Prebuilt rulesedit

The prepackaged endpoint is for retrieving rule statuses and loading Elastic prebuilt detection rules.

Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.

Load prebuilt rulesedit

Loads and updates Elastic prebuilt rules.

By default, all loaded prebuilt rules are disabled.

Request URLedit

PUT <kibana host>:<port>/api/detection_engine/rules/prepackaged

Example requestedit
PUT api/detection_engine/rules/prepackaged

Response codeedit

200
Indicates a successful call.
Response payloadedit

A JSON object listing the number of loaded and updated prebuilt rules.

Example response:

{
  "rules_installed": 112,
  "rules_updated": 0
}

Get rule statusedit

Returns rule statuses.

Request URLedit

GET <kibana host>:<port>/api/detection_engine/rules/prepackaged/_status

Example requestedit
GET api/detection_engine/rules/prepackaged/_status

Response codeedit

200
Indicates a successful call.
Response payloadedit

A JSON object listing rule statuses.

Example response:

{
  "rules_custom_installed": 0,
  "rules_installed": 0,
  "rules_not_installed": 112,
  "rules_not_updated": 0
}