Importing rules with detection_rules CLI

Fredrick · March 7, 2023, 2:26pm

Hello!

I've been recently importing rules with detection_rules - detection-rules/CLI.md at main · elastic/detection-rules · GitHub. My usecase is to convert our custom Kibana rules into toml files so we can manage our custom rules via configuration files.

I noticed the CLI tool only imports the required fields. All other fields such as tags, exceptions, to, from, interval, enabled are not imported.

Is there a way to import all the fields (both required and optional) with the detection_rules CLI tool?

Thanks,

spong · March 9, 2023, 10:35pm

Hey there @Fredrick, thanks for reporting this issue!

It definitely should be importing all schema valid fields, so I went ahead and opened up a github issue over in the detection-rules repo for them to dig in further and hopefully get a fix in. Please follow that issue for updates.

One last question, what stack version are you trying to import these into? Just in case there's a stack API issue we need to look into as well.

Thanks!
Garrett

system · April 6, 2023, 10:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.