diff --git a/CLI.md b/CLI.md index 6e84e3f45bc..858abae03f5 100644 --- a/CLI.md +++ b/CLI.md @@ -81,9 +81,10 @@ and will accept any valid rule in the following formats: ```console Usage: detection_rules import-rules [OPTIONS] [INPUT_FILE]... - Import rules from json, toml, or Kibana exported rule file(s). + Import rules from json, toml, yaml, or Kibana exported rule file(s). Options: + --required-only Only prompt for required fields -d, --directory DIRECTORY Load files from a directory -h, --help Show this message and exit. ``` diff --git a/detection_rules/main.py b/detection_rules/main.py index 980a807393e..09758fa91be 100644 --- a/detection_rules/main.py +++ b/detection_rules/main.py @@ -94,8 +94,9 @@ def generate_rules_index(ctx: click.Context, query, overwrite, save_files=True): @root.command('import-rules') @click.argument('input-file', type=click.Path(dir_okay=False, exists=True), nargs=-1, required=False) +@click.option('--required-only', is_flag=True, help='Only prompt for required fields') @click.option('--directory', '-d', type=click.Path(file_okay=False, exists=True), help='Load files from a directory') -def import_rules(input_file, directory): +def import_rules(input_file, required_only, directory): """Import rules from json, toml, yaml, or Kibana exported rule file(s).""" rule_files = glob.glob(os.path.join(directory, '**', '*.*'), recursive=True) if directory else [] rule_files = sorted(set(rule_files + list(input_file))) @@ -115,7 +116,8 @@ def name_to_filename(name): base_path = name_to_filename(base_path) if base_path else base_path rule_path = os.path.join(RULES_DIR, base_path) if base_path else None additional = ['index'] if not contents.get('data_view_id') else ['data_view_id'] - rule_prompt(rule_path, required_only=True, save=True, verbose=True, additional_required=additional, **contents) + rule_prompt(rule_path, required_only=required_only, save=True, verbose=True, + additional_required=additional, **contents) @root.command('build-limited-rules')