I want to import new rules from the repo but the rule's format is json or toml but SIEM only accepts ndjson files. should i manually convert them? is there a tool you recommend?
We have a workflow for this, but it goes the other way. Instead, you push rules into Kibana using the
kibana-upload command. There's some "use at your own risk" disclaimers, and we still recommend waiting for stack releases to get the latest, production-ready rules. But if you want to live on the edge and use the repository, check out the CLI guide
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.