From 4828ae07df818452ac826a1f917c16e4b763883a Mon Sep 17 00:00:00 2001
From: eric-forte-elastic
 <119343520+eric-forte-elastic@users.noreply.github.com>
Date: Thu, 28 Sep 2023 14:09:05 -0400
Subject: [PATCH] [FR] Added asset tag to expected tags (#3115)

* Added asset tag to expected tags

* removed *

* Add regex wildcard tag support

* Updated tag format test location

* Updated to use env variable

* fixed typo
---
 CLI.md                  | 1 +
 tests/test_all_rules.py | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/CLI.md b/CLI.md
index b36304e6a..37a253f1a 100644
--- a/CLI.md
+++ b/CLI.md
@@ -39,6 +39,7 @@ Using the environment variable `DR_BYPASS_NOTE_VALIDATION_AND_PARSE` will bypass
 Using the environment variable `DR_BYPASS_BBR_LOOKBACK_VALIDATION` will bypass the Detection Rules lookback and interval validation
 on the building block rules.
 
+Using the environment variable `DR_BYPASS_TAGS_VALIDATION` will bypass the Detection Rules Unit Tests on the `tags` field in toml files.
 
 ## Importing rules into the repo
 
diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py
index 458c0be1f..67aeb151a 100644
--- a/tests/test_all_rules.py
+++ b/tests/test_all_rules.py
@@ -240,6 +240,7 @@ class TestThreatMappings(BaseRuleTest):
                           f'Flatten to a single entry per tactic')
 
 
+@unittest.skipIf(os.environ.get('DR_BYPASS_TAGS_VALIDATION') is not None, "Skipping tag validation")
 class TestRuleTags(BaseRuleTest):
     """Test tags data for rules."""
 
@@ -313,6 +314,7 @@ class TestRuleTags(BaseRuleTest):
                 self.fail(error_msg)
 
     def test_primary_tactic_as_tag(self):
+        """Test that the primary tactic is present as a tag."""
         from detection_rules.attack import tactics
 
         invalid = []