I've been recently importing rules with detection_rules - detection-rules/CLI.md at main · elastic/detection-rules · GitHub. My usecase is to convert our custom Kibana rules into toml files so we can manage our custom rules via configuration files.
I noticed the CLI tool only imports the required fields. All other fields such as tags, exceptions, to, from, interval, enabled are not imported.
Is there a way to import all the fields (both required and optional) with the detection_rules CLI tool?
Hey there @Fredrick, thanks for reporting this issue!
It definitely should be importing all schema valid fields, so I went ahead and opened up a github issue over in the detection-rules repo for them to dig in further and hopefully get a fix in. Please follow that issue for updates.
One last question, what stack version are you trying to import these into? Just in case there's a stack API issue we need to look into as well.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.