Detection Rule CLI still relevant?

Hello All, Long time lurker and new user to Elastic Stack.

Is the Detection-Rule CLI still applicable in the 'latest n greatest' installation of elastic 8.6?

(GitHub - elastic/detection-rules: Rules for Elastic Security's detection engine)

Thank you in advance!

1 Like

Hey there @JCoffey85! :wave:

Thanks for lurking and now posting! :slightly_smiling_face:

So the detection-rules repo and corresponding CLI are still applicable for the latest and greatest rule releases.

This repo is the 'single source of truth' for all of our bundled detection rules within Elastic Security, and from this repo we'll cut releases of the Prebuilt Security Detection Rules integration which can be installed directly from within the stack via the Integrations app:

Similar to the docs link for this integration above, you can fetch a json representation of all available packages directly from EPR (Elastic Package Registry).

Lastly, you're still more than welcome to leverage the Detection Rules CLI from the rules repo to test/manage/load rules as you wish, and you will have access to the latest 'pre-release' rules before we cut the next integration release (i.e. iterative updates to rules between stack releases, so be careful as they may not be fully tested or compatible with current integrations quite yet).

Hope that helps! And please do let us know if you have any other questions :slightly_smiling_face:


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.