Export/Import Event,Alert Rules or Saved Queries

Export/Import Event,Alert Rules or Saved Queries

The attached python3 code can be used to export one, several, or all event rules, alert rules, or saved queries. 


1. Download the attached zip, unzip it

2. Install requirements: python3 -m pip install requirements.txt

3. Export desired objects to folder (see commands below)

4. Import objects from folder (see commands below)


Notes: 

 * You will need API keys for your intended export and import environments.

 * Context queries will be included in exported alert rules. 

 * --domainsuffix only required if not .uptycs.io


Example 1. Export all event and alert rules from tenant_a then import them to tenant_b: 

  # export 

  python3 object_export.py tenant_a_api_key.json -e --all tenant_a_objects --domainsuffix .myuptycs.com

  python3 object_export.py tenant_a_api_key.json -a --all tenant_a_objects --domainsuffix .myuptycs.com

  # import 

  python3 object_import.py tenant_b_api_key.json tenant_a_objects --domainsuffix .myuptycs.com


 



    • Related Articles

    • AWS Tag Creation From Uptycs Saved Queries

      aws_tag_from_query.py This script applies AWS tags to resources based on an Uptycs saved query. It uses the AWS Python SDK (boto3).  Usage:   python3 aws_tag_from_query.py <uptycs_apikey_file> [-q <"query name"> | --all] -k <key> [-v <value>] -ec2 ...

    • Uptycs alert integration with Rocket Chat

      Following is a step by step ReadMe for integration of Uptycs alert with Rocket Chat https://github.com/Uptycs/toolsreadme/blob/master/rocketchat.md

    • Demisto - Security Orchestration

      Integrate Uptycs into your Security Orchestration, Automation, and Response architecture using Demisto. Access a full repertoire of Uptycs "actions" directly from within Demisto, and integrate Uptycs actions into your playbooks with simple drag and ...

    • Create Jira Tickets from Uptycs Alerts

      This python module allows you to create Jira tickets from Uptycs alerts.  Usage: ./uptjira.py <uptycs_apikey_file> [--domainsuffix <uptycs_domain>] The --domainsuffix flag is only required for uptycs domains other than '.uptycs.io' This python script ...

    • usql

      usql is a command line SQL client for Uptycs with auto-complete and syntax highlighting features. Pre-requisites for installation Python 2.7 or higher For complete details, refer to the article below ...