How to upload ".toml" rules from github to Kibana

TheHunter1 · March 15, 2021, 2:26pm

Hello,

I would like to upload this rule: detection-rules/credential_access_cmdline_dump_tool.toml at a0e86e20d6ad039dfe4446b28f3c29642b50385c · elastic/detection-rules · GitHub to my Cluster

The problem is in Kibana I see that it accepts only .ndjson format

Could you please tell me how can I upload it.
Thanks for your help

Frank_Hassanabad · March 15, 2021, 7:24pm

The CLI should help you out:

github.com

elastic/detection-rules/blob/main/CLI.md#commands-using-elasticsearch-and-kibana-clients

# Command Line Interface (CLI)

This covers more advanced CLI use cases and workflows. To [get started](README.md#getting-started) with the CLI, reference 
the [README](README.md). Basic use of the CLI such as [creating a rule](CONTRIBUTING.md#creating-a-rule-with-the-cli) or 
[testing](CONTRIBUTING.md#testing-a-rule-with-the-cli) are referenced in the [contribution guide](CONTRIBUTING.md).


## Using a config file or environment variables

CLI commands which are tied to Kibana and Elasticsearch are capable of parsing auth-related keyword args from a config 
file or environment variables. 

If a value is set in multiple places, such as config file and environment variable, the order of precedence will be as 
follows:
* explicitly passed args (such as `--user joe`)
* environment variables
* config values
* prompt (this only applies to certain values)

#### Setup a config file

This file has been truncated. show original

system · April 12, 2021, 7:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.