Prebuilt rulesedit

The prepackaged endpoint is for retrieving rule statuses and loading Elastic prebuilt detection rules.

Load prebuilt rulesedit

Loads and updates Elastic prebuilt rules.

By default, all loaded prebuilt rules are disabled.

Request URLedit

PUT <kibana host>:<port>/api/detection_engine/rules/prepackaged

Example requestedit
PUT api/detection_engine/rules/prepackaged

Response codeedit

200
Indicates a successful call.
Response payloadedit

A JSON object listing the number of loaded and updated prebuilt rules.

Example response:

{
  "rules_installed": 112,
  "rules_updated": 0
}

Get rule statusedit

Returns rule statuses.

Request URLedit

GET <kibana host>:<port>/api/detection_engine/rules/prepackaged/_status

Example requestedit
GET api/detection_engine/rules/prepackaged/_status

Response codeedit

200
Indicates a successful call.
Response payloadedit

A JSON object listing rule statuses.

Example response:

{
  "rules_custom_installed": 0,
  "rules_installed": 0,
  "rules_not_installed": 112,
  "rules_not_updated": 0
}