Loading

Using the API

You can create and manage detection rules programmatically instead of using the Kibana UI. This is useful for CI/CD pipelines, bulk rule management, rule-as-code workflows, and integrating detection management with external tooling.

The detection APIs are part of the Kibana API. Use the appropriate reference for your deployment type:

Elastic Stack
Security detections API: Create, read, update, delete, and bulk-manage detection rules. Also covers alert management (status, tags, assignees) and prebuilt rule installation.
Elastic Cloud Serverless
Security detections API (Serverless): The same detection operations, scoped to Serverless projects.

For rule exceptions and value lists, use these additional APIs:

For a complete list of Elastic Security APIs, refer to Elastic Security APIs.