Importing rules with detection_rules CLI


I've been recently importing rules with detection_rules - detection-rules/ at main · elastic/detection-rules · GitHub. My usecase is to convert our custom Kibana rules into toml files so we can manage our custom rules via configuration files.

I noticed the CLI tool only imports the required fields. All other fields such as tags, exceptions, to, from, interval, enabled are not imported.

Is there a way to import all the fields (both required and optional) with the detection_rules CLI tool?


Hey there @Fredrick, thanks for reporting this issue!

It definitely should be importing all schema valid fields, so I went ahead and opened up a github issue over in the detection-rules repo for them to dig in further and hopefully get a fix in. Please follow that issue for updates.

One last question, what stack version are you trying to import these into? Just in case there's a stack API issue we need to look into as well.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.