Per the detection rules API documentation and elastic detection rules repo, I am unable to find examples of how to use these objects in TOML format. How would these schema's look in TOML? My detections show up in elastic using the detections API but are missing these fields.
So far I have tried
[alert_suppression]
group_by = [ "example" ]
missing_fields_strategy = "suppress"
[alert_suppression.duration]
unit = "h"
value = 5
and
[[exceptions_list]]
id = "test-id"
list_id = "test-list-id"
namespace_type = "single"
type = "detection"