From 4ef606b3c68e875a43e33a88e8e3b07e2e5bc3ce Mon Sep 17 00:00:00 2001
From: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Date: Wed, 1 May 2024 15:00:33 -0600
Subject: [PATCH] [New Rule] AWS S3 Bucket Enumeration or Brute Force (#3635)

* [New Rule] AWS S3 Bucket Enumeration or Brute Force
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
---------

Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

(cherry picked from commit 54ff270c62e2811f48fa9ba3e7ae324f532821fd)
---
 detection_rules/rule.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/detection_rules/rule.py b/detection_rules/rule.py
index 1ac6f7a4e..605b9157f 100644
--- a/detection_rules/rule.py
+++ b/detection_rules/rule.py
@@ -595,8 +595,11 @@ class QueryValidator:
         raise NotImplementedError()
 
     @cached
-    def get_required_fields(self, index: str) -> List[dict]:
+    def get_required_fields(self, index: str) -> List[Optional[dict]]:
         """Retrieves fields needed for the query along with type information from the schema."""
+        if isinstance(self, ESQLValidator):
+            return []
+
         current_version = Version.parse(load_current_package_version(), optional_minor_and_patch=True)
         ecs_version = get_stack_schemas()[str(current_version)]['ecs']
         beats_version = get_stack_schemas()[str(current_version)]['beats']