Importing rules with detection_rules CLI

Fredrick · March 7, 2023, 2:26pm

Hello!

I've been recently importing rules with detection_rules - detection-rules/CLI.md at main · elastic/detection-rules · GitHub. My usecase is to convert our custom Kibana rules into toml files so we can manage our custom rules via configuration files.

I noticed the CLI tool only imports the required fields. All other fields such as tags, exceptions, to, from, interval, enabled are not imported.

Is there a way to import all the fields (both required and optional) with the detection_rules CLI tool?

Thanks,

spong · March 9, 2023, 10:35pm

Hey there @Fredrick, thanks for reporting this issue!

It definitely should be importing all schema valid fields, so I went ahead and opened up a github issue over in the detection-rules repo for them to dig in further and hopefully get a fix in. Please follow that issue for updates.

One last question, what stack version are you trying to import these into? Just in case there's a stack API issue we need to look into as well.

Thanks!
Garrett

system · April 6, 2023, 10:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to upload ".toml" rules from github to Kibana Elastic Security	2	1674	April 12, 2021
Problems With Import-Rules and Create-Rules SIEM detection-rules	2	430	December 10, 2022
Detection Custom Rule not working SIEM elastic-stack-alerting , detection-rules	8	1370	May 27, 2021
Installing all of the Rules from GitHub Endpoint Security	3	581	January 19, 2021
Import rules from public detection rules repo SIEM	3	1656	September 15, 2020

Importing rules with detection_rules CLI

Related topics