Add sh scripts with _bulk_action route usage examples (#101736) (#101792)

Co-authored-by: Dmitry Shevchenko <dmshevch@gmail.com>
2021-06-09 13:54:21 -04:00 · 2021-06-09 13:54:21 -04:00 · aa2b43dc7c
commit aa2b43dc7c
parent feaa672fe4
5 changed files with 145 additions and 0 deletions
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/delete_rules_by_query.sh
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/delete_rules_by_query.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+set -e
+./check_env_variables.sh
+
+QUERY=${1}
+
+# Example delete all rules
+# ./delete_rules_by_query.sh
+
+# Example delete rules with tag "test"
+# ./delete_rules_by_query.sh 'alert.attributes.tags: \"test\"'
+
+curl -s -k \
+ -H 'Content-Type: application/json' \
+ -H 'kbn-xsrf: 123' \
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+ -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \
+ --data "{
+  \"query\": \"$QUERY\",
+  \"action\": \"delete\"
+}" | jq .
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/disable_rules_by_query.sh
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/disable_rules_by_query.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+set -e
+./check_env_variables.sh
+
+QUERY=${1}
+
+# Example disable all rules
+# ./disable_rules_by_query.sh
+
+# Example disable rules with tag "test"
+# ./disable_rules_by_query.sh 'alert.attributes.tags: \"test\"'
+
+curl -s -k \
+ -H 'Content-Type: application/json' \
+ -H 'kbn-xsrf: 123' \
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+ -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \
+ --data "{
+  \"query\": \"$QUERY\",
+  \"action\": \"disable\"
+}" | jq .
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/duplicate_rules_by_query.sh
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/duplicate_rules_by_query.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+set -e
+./check_env_variables.sh
+
+QUERY=${1}
+
+# Example duplicate all rules
+# ./duplicate_rules_by_query.sh
+
+# Example duplicate rules with tag "test"
+# ./duplicate_rules_by_query.sh 'alert.attributes.tags: \"test\"'
+
+curl -s -k \
+ -H 'Content-Type: application/json' \
+ -H 'kbn-xsrf: 123' \
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+ -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \
+ --data "{
+  \"query\": \"$QUERY\",
+  \"action\": \"duplicate\"
+}" | jq .
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/enable_rules_by_query.sh
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/enable_rules_by_query.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+set -e
+./check_env_variables.sh
+
+QUERY=${1}
+
+# Example enable all rules
+# ./enable_rules_by_query.sh
+
+# Example enable rules with tag "test"
+# ./enable_rules_by_query.sh 'alert.attributes.tags: \"test\"'
+
+curl -s -k \
+ -H 'Content-Type: application/json' \
+ -H 'kbn-xsrf: 123' \
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+ -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \
+ --data "{
+  \"query\": \"$QUERY\",
+  \"action\": \"enable\"
+}" | jq .
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/export_rules_by_query.sh
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/export_rules_by_query.sh
@ -0,0 +1,29 @@
+#!/bin/sh
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License
+# 2.0; you may not use this file except in compliance with the Elastic License
+# 2.0.
+#
+
+set -e
+./check_env_variables.sh
+
+QUERY=${1}
+
+# Example export all rules
+# ./export_rules_by_query.sh
+
+# Example export rules with tag "test"
+# ./export_rules_by_query.sh 'alert.attributes.tags: \"test\"'
+
+curl -s -k \
+ -H 'Content-Type: application/json' \
+ -H 'kbn-xsrf: 123' \
+ -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+ -X POST ${KIBANA_URL}${SPACE_URL}/api/detection_engine/rules/_bulk_action \
+ --data "{
+  \"query\": \"$QUERY\",
+  \"action\": \"export\"
+}"