Skip to content

Commit

Permalink
[FR] Add required-fields option to import-rules (#3546)
Browse files Browse the repository at this point in the history 
(cherry picked from commit b6a7e7e)
  • Loading branch information
@Mikaayenson @github-actions
Mikaayenson authored and github-actions[bot] committed Mar 28, 2024
1 parent 8f6a51c commit 7b74136
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
3 changes: 2 additions & 1 deletion CLI.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,10 @@ and will accept any valid rule in the following formats:
```console
Usage: detection_rules import-rules [OPTIONS] [INPUT_FILE]...

Import rules from json, toml, or Kibana exported rule file(s).
Import rules from json, toml, yaml, or Kibana exported rule file(s).

Options:
--required-only Only prompt for required fields
-d, --directory DIRECTORY Load files from a directory
-h, --help Show this message and exit.
```
Expand Down
6 changes: 4 additions & 2 deletions detection_rules/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,8 +94,9 @@ def generate_rules_index(ctx: click.Context, query, overwrite, save_files=True):

@root.command('import-rules')
@click.argument('input-file', type=click.Path(dir_okay=False, exists=True), nargs=-1, required=False)
@click.option('--required-only', is_flag=True, help='Only prompt for required fields')
@click.option('--directory', '-d', type=click.Path(file_okay=False, exists=True), help='Load files from a directory')
def import_rules(input_file, directory):
def import_rules(input_file, required_only, directory):
"""Import rules from json, toml, yaml, or Kibana exported rule file(s)."""
rule_files = glob.glob(os.path.join(directory, '**', '*.*'), recursive=True) if directory else []
rule_files = sorted(set(rule_files + list(input_file)))
Expand All @@ -115,7 +116,8 @@ def name_to_filename(name):
base_path = name_to_filename(base_path) if base_path else base_path
rule_path = os.path.join(RULES_DIR, base_path) if base_path else None
additional = ['index'] if not contents.get('data_view_id') else ['data_view_id']
rule_prompt(rule_path, required_only=True, save=True, verbose=True, additional_required=additional, **contents)
rule_prompt(rule_path, required_only=required_only, save=True, verbose=True,
additional_required=additional, **contents)


@root.command('build-limited-rules')
Expand Down

0 comments on commit 7b74136

Please sign in to comment.