spong/bulk_add_actions_to_all_rules.sh

## bulk_add_actions_to_all_rules.sh
#!/bin/bash
ACTIONS='[{"group":"default","id":"b1331930-f6f1-11ec-a712-05a690d63aa5","params":{"message":"Rule{{context.rule.name}}generated{{state.signals_count}}alerts"},"action_type_id":".slack"}]'
RULES=$(curl -s -k -u elastic:changeme -X GET http://localhost:5601/kbn/api/detection_engine/rules/_find\?page\=1\&per_page\=10000 | jq --argjson ACTIONS "$ACTIONS" '[.data | .[] | {rule_id, actions: $ACTIONS, throttle: "rule"}]')

echo $RULES | jq .
curl -s -k \
  -H 'Content-Type: application/json' \
  -H "Accept: application/json" \
  -H 'kbn-xsrf: 123' \
  -u elastic:changeme \
  -X PATCH http://localhost:5601/kbn/api/detection_engine/rules/_bulk_update \
  -d "$RULES" \
  -v \
  | jq .;
	#!/bin/bash
	ACTIONS='[{"group":"default","id":"b1331930-f6f1-11ec-a712-05a690d63aa5","params":{"message":"Rule{{context.rule.name}}generated{{state.signals_count}}alerts"},"action_type_id":".slack"}]'
	RULES=$(curl -s -k -u elastic:changeme -X GET http://localhost:5601/kbn/api/detection_engine/rules/_find\?page\=1\&per_page\=10000 \| jq --argjson ACTIONS "$ACTIONS" '[.data \| .[] \| {rule_id, actions: $ACTIONS, throttle: "rule"}]')

	echo $RULES \| jq .
	curl -s -k \
	-H 'Content-Type: application/json' \
	-H "Accept: application/json" \
	-H 'kbn-xsrf: 123' \
	-u elastic:changeme \
	-X PATCH http://localhost:5601/kbn/api/detection_engine/rules/_bulk_update \
	-d "$RULES" \
	-v \
	\| jq .;
No results found