I am using Elasticsearch - 8.7.1 and I am trying to update my security rules in EDR with a email action in bulk. I have tried the following --
PUT api/detection_engine/rules/_bulk_action
{
"action": "edit",
"edit": [{ "type": "add_rule_actions", "value":{ "actions":[{"action_type_id":".email","params":{"to":"email-id","subject":"{{alert.actionGroup}}{{alert.actionSubgroup}}{{alert.actionGroupName}}","message":"Rule {{context.rule.name}} generated {{state.signals_count}} alerts"}}] , "throttle": "rule" } }]
}
However it says -
{
"error": "no handler found for uri [/api/detection_engine/rules/_bulk_action?pretty=true] and method [PUT]"
}
Also tried curl -
curl -X POST "https://url:9200/api/detection_engine/rules/_bulk_action?pretty" -H 'Content-Type: application/json' -d'
{
"action": "edit",
"edit": [{ "type": "add_rule_actions", "value":{ "actions":[{"action_type_id":".email","params":{"to":"email-id","subject":"{{alert.actionGroup}}{{alert.actionSubgroup}}{{alert.actionGroupName}}","message":"Rule {{context.rule.name}} generated {{state.signals_count}} alerts"}}] , "throttle": "rule" } }]
}
'
Any idea what might be wrong in the approach? Also, I have tried POST instead of PUT with same error..