From aa2b43dc7cc228d9a543e8e98e0a7474fb62da6b Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 9 Jun 2021 13:54:21 -0400 Subject: [PATCH] Add sh scripts with _bulk_action route usage examples (#101736) (#101792) Co-authored-by: Dmitry Shevchenko --- .../scripts/delete_rules_by_query.sh | 29 +++++++++++++++++++ .../scripts/disable_rules_by_query.sh | 29 +++++++++++++++++++ .../scripts/duplicate_rules_by_query.sh | 29 +++++++++++++++++++ .../scripts/enable_rules_by_query.sh | 29 +++++++++++++++++++ .../scripts/export_rules_by_query.sh | 29 +++++++++++++++++++ 5 files changed, 145 insertions(+) create mode 100755 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/delete_rules_by_query.sh create mode 100755 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/disable_rules_by_query.sh create mode 100755 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/duplicate_rules_by_query.sh create mode 100755 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/enable_rules_by_query.sh create mode 100755 x-pack/plugins/security_solution/server/lib/detection_engine/scripts/export_rules_by_query.sh diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/delete_rules_by_query.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/delete_rules_by_query.sh new file mode 100755 index 0000000000000..d78726f9e23b5 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/delete_rules_by_query.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License +# 2.0; you may not use this file except in compliance with the Elastic License +# 2.0. +# + +set -e +./check_env_variables.sh + +QUERY=${1} + +# Example delete all rules +# ./delete_rules_by_query.sh + +# Example delete rules with tag "test" +# ./delete_rules_by_query.sh 'alert.attributes.tags: \"test\"' + +curl -s -k \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: 123' \ + -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ + -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \ + --data "{ + \"query\": \"$QUERY\", + \"action\": \"delete\" +}" | jq . diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/disable_rules_by_query.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/disable_rules_by_query.sh new file mode 100755 index 0000000000000..1c7f05f4057cf --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/disable_rules_by_query.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License +# 2.0; you may not use this file except in compliance with the Elastic License +# 2.0. +# + +set -e +./check_env_variables.sh + +QUERY=${1} + +# Example disable all rules +# ./disable_rules_by_query.sh + +# Example disable rules with tag "test" +# ./disable_rules_by_query.sh 'alert.attributes.tags: \"test\"' + +curl -s -k \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: 123' \ + -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ + -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \ + --data "{ + \"query\": \"$QUERY\", + \"action\": \"disable\" +}" | jq . diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/duplicate_rules_by_query.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/duplicate_rules_by_query.sh new file mode 100755 index 0000000000000..13da480d74f83 --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/duplicate_rules_by_query.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License +# 2.0; you may not use this file except in compliance with the Elastic License +# 2.0. +# + +set -e +./check_env_variables.sh + +QUERY=${1} + +# Example duplicate all rules +# ./duplicate_rules_by_query.sh + +# Example duplicate rules with tag "test" +# ./duplicate_rules_by_query.sh 'alert.attributes.tags: \"test\"' + +curl -s -k \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: 123' \ + -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ + -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \ + --data "{ + \"query\": \"$QUERY\", + \"action\": \"duplicate\" +}" | jq . diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/enable_rules_by_query.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/enable_rules_by_query.sh new file mode 100755 index 0000000000000..52bb51b6dd6df --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/enable_rules_by_query.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License +# 2.0; you may not use this file except in compliance with the Elastic License +# 2.0. +# + +set -e +./check_env_variables.sh + +QUERY=${1} + +# Example enable all rules +# ./enable_rules_by_query.sh + +# Example enable rules with tag "test" +# ./enable_rules_by_query.sh 'alert.attributes.tags: \"test\"' + +curl -s -k \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: 123' \ + -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ + -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \ + --data "{ + \"query\": \"$QUERY\", + \"action\": \"enable\" +}" | jq . diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/export_rules_by_query.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/export_rules_by_query.sh new file mode 100755 index 0000000000000..954fc2104262b --- /dev/null +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/export_rules_by_query.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License +# 2.0; you may not use this file except in compliance with the Elastic License +# 2.0. +# + +set -e +./check_env_variables.sh + +QUERY=${1} + +# Example export all rules +# ./export_rules_by_query.sh + +# Example export rules with tag "test" +# ./export_rules_by_query.sh 'alert.attributes.tags: \"test\"' + +curl -s -k \ + -H 'Content-Type: application/json' \ + -H 'kbn-xsrf: 123' \ + -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \ + -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \ + --data "{ + \"query\": \"$QUERY\", + \"action\": \"export\" +}"