Enhance Readability of validation check failures (#4299)

detection_rules/rule_validators.py

@@ -17,6 +17,7 @@ from marshmallow import ValidationError
 from semver import Version
 
 import kql
+import click
 
 from . import ecs, endgame
 from .config import CUSTOM_RULES_DIR, load_current_package_version, parse_rules_config
@@ -371,7 +372,9 @@ class EQLValidator(QueryValidator):
                         # auto add the field and re-validate
                         self.auto_add_field(validation_checks["stack"], data.index_or_dataview[0])
                     else:
-                        raise ValueError(f"Error in both stack and integrations checks: {validation_checks}")
+                        click.echo(f"Stack Error Trace: {validation_checks["stack"]}")
+                        click.echo(f"Integrations Error Trace: {validation_checks["integrations"]}")
+                        raise ValueError("Error in both stack and integrations checks")
 
                 else:
                     break

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "0.3.5"
+version = "0.3.6"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"

tests/test_python_library.py

@@ -55,7 +55,7 @@ class TestEQLInSet(BaseRuleTest):
                 """,
             },
         }
-        expected_error_message = r"Error in both stack and integrations checks:.*Unable to compare ip to string.*"
+        expected_error_message = r"Error in both stack and integrations checks"
         with self.assertRaisesRegex(ValueError, expected_error_message):
             rc.load_dict(eql_rule)
         # Change to appropriate destination.address field