diff --git a/detection_rules/rule_validators.py b/detection_rules/rule_validators.py index bb4de0613..3ce6e4f35 100644 --- a/detection_rules/rule_validators.py +++ b/detection_rules/rule_validators.py @@ -17,6 +17,7 @@ from marshmallow import ValidationError from semver import Version import kql +import click from . import ecs, endgame from .config import CUSTOM_RULES_DIR, load_current_package_version, parse_rules_config @@ -371,7 +372,9 @@ class EQLValidator(QueryValidator): # auto add the field and re-validate self.auto_add_field(validation_checks["stack"], data.index_or_dataview[0]) else: - raise ValueError(f"Error in both stack and integrations checks: {validation_checks}") + click.echo(f"Stack Error Trace: {validation_checks["stack"]}") + click.echo(f"Integrations Error Trace: {validation_checks["integrations"]}") + raise ValueError("Error in both stack and integrations checks") else: break diff --git a/pyproject.toml b/pyproject.toml index a31d59a3d..8ef7db211 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "detection_rules" -version = "0.3.5" +version = "0.3.6" description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine." readme = "README.md" requires-python = ">=3.12" diff --git a/tests/test_python_library.py b/tests/test_python_library.py index c82f43492..3d0ab8b09 100644 --- a/tests/test_python_library.py +++ b/tests/test_python_library.py @@ -55,7 +55,7 @@ class TestEQLInSet(BaseRuleTest): """, }, } - expected_error_message = r"Error in both stack and integrations checks:.*Unable to compare ip to string.*" + expected_error_message = r"Error in both stack and integrations checks" with self.assertRaisesRegex(ValueError, expected_error_message): rc.load_dict(eql_rule) # Change to appropriate destination.address field