When moving configuration from one FortiSIEM to another, it can be necessary to export all the customized rules in one go for backup purposes or to import it in another FortiSIEM.

Here are the steps to follow from super CLI as root:

echo "<Rules>" > /tmp/rules-tmp.xml
psql -U phoenix phoenixdb -t -c "select rule_xml from ph_drq_rule where creation_type=1;" |sed "s# *+##g" >> /tmp/rules-tmp.xml
echo "</Rules>" >> /tmp/rules-tmp.xml
cat /tmp/rules-tmp.xml | xmllint --format - > /tmp/rules.xml
rm -rf /tmp/rules-tmp.xml

Download the file at /tmp/rules.xml from scp / Winscp to have it on the local desktop. This file can be reused for import in other FortiSIEMs.