Update detection rules from elastic github repository to on-premises

Hi there,

I would like to know if is possible to update existing rules from elastic detection rules repository to kibana on-premises?

For example: CVE-2020-1350 which has been released by the elastic security team.

Thanks for the attention.

@francescouk, we're considering options for this feature but don't have an automated solution today. Clarifying a little, you'd be interested in a feature that polls a github repository and automatically updates any rules with the same ID that may have changed?

Yes, also all the rules that have been added. This would make sure that all rules always been updated.

If not, maybe a tool to convert the toml to ndjson also would help.

Best regards,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.