Hello,
I would like to upload this rule: detection-rules/credential_access_cmdline_dump_tool.toml at a0e86e20d6ad039dfe4446b28f3c29642b50385c · elastic/detection-rules · GitHub to my Cluster
The problem is in Kibana I see that it accepts only .ndjson format
Could you please tell me how can I upload it.
The CLI should help you out:
# Command Line Interface (CLI)
This covers more advanced CLI use cases and workflows. To [get started](README.md#getting-started) with the CLI, reference
the [README](README.md). Basic use of the CLI such as [creating a rule](CONTRIBUTING.md#creating-a-rule-with-the-cli) or
[testing](CONTRIBUTING.md#testing-a-rule-with-the-cli) are referenced in the [contribution guide](CONTRIBUTING.md).
## Using a config file or environment variables
CLI commands which are tied to Kibana and Elasticsearch are capable of parsing auth-related keyword args from a config
file or environment variables.
If a value is set in multiple places, such as config file and environment variable, the order of precedence will be as
follows:
* explicitly passed args (such as `--user joe`)
* environment variables
* config values
* prompt (this only applies to certain values)
#### Setup a config file
show original
system
April 12, 2021, 7:25pm
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.