# Import detection rules **POST /api/detection_engine/rules/_import** Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: - The `Content-Type: multipart/form-data` HTTP header. - A link to the `.ndjson` file containing the rules. > warn > When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. > If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. > info > To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. > info > Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. > You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. > Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. ## Servers - http://localhost:5601: http://localhost:5601 () ## Authentication methods - Basic auth ## Parameters ### Query parameters - **overwrite** (boolean) Determines whether existing rules with the same `rule_id` are overwritten. - **overwrite_exceptions** (boolean) Determines whether existing exception lists with the same `list_id` are overwritten. Both the exception list container and its items are overwritten. - **overwrite_action_connectors** (boolean) Determines whether existing actions with the same `kibana.alert.rule.actions.id` are overwritten. - **as_new_list** (boolean) Generates a new list ID for each imported exception list. ### Body: multipart/form-data (object) - **file** (string(binary)) The `.ndjson` file containing the rules. ## Responses ### 200 Indicates a successful call. #### Body: application/json (object) - **action_connectors_errors** (array[object]) - **action_connectors_success** (boolean) - **action_connectors_success_count** (integer) - **action_connectors_warnings** (array[object]) - **errors** (array[object]) - **exceptions_errors** (array[object]) - **exceptions_success** (boolean) - **exceptions_success_count** (integer) - **rules_count** (integer) - **success** (boolean) - **success_count** (integer) [Powered by Bump.sh](https://bump.sh)