Closed acumen-kevinr closed 2 months ago
Hi @acumen-kevinr thanks for reaching out! Yes, you can do this using the DAC code. This code is currently in alpha on the DAC-feature branch of detection rules. The command I think you would be most interested in is the detection_rules kibana export-rules
command (documentation). This will export all of the custom rules from your Kibana instance (you can also specify a specific space to use via --space
) to toml files in your repo. Also there is an accompanying import-rules
command you can run to push the rules from your repo to Kibana.
Here are some reference materials that might be useful:
Please let us know if you run into any trouble or have any additional feedback, we are happy to help! Thanks!
Now we have merged in the DAC-feature branch https://github.com/elastic/detection-rules/pull/3889 in main, these features are now in beta. Please check out our quick start guide for how to get started.
Repository Feature
Detections-as-Code (DaC) - (primarily custom rule management)
Problem Description
We have over 1,000 rules that we utilise within Kibana and we would like to transition to DAC as a methodology...is there a way for us to export our entire ruleset and have them generated in the relevant way (i.e. toml) within the DAC code?
I know we can do one rule at a time, kind of, but realistically we'd want to be able to do them all in bulk.
Let me know if there are any plans to add this or if theres a workaround.
Desired Solution
As above - ability to import all rules
Considered Alternatives
No response
Additional Context
No response