From 59e394f36b0f311c324681ceddb9045735933df5 Mon Sep 17 00:00:00 2001 From: Sergey Polzunov Date: Wed, 4 Feb 2026 11:17:58 +0100 Subject: [PATCH] [doc fix] Adjust wording in the docs for Kibana import/export commands (#5600) * Wording fix * Version bump * Style fixes * Style fix for tests --- CLI.md | 8 ++++---- detection_rules/custom_rules.py | 2 +- detection_rules/integrations.py | 2 +- detection_rules/kbwrap.py | 4 ++-- detection_rules/rule_formatter.py | 2 +- pyproject.toml | 2 +- tests/test_all_rules.py | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/CLI.md b/CLI.md index 6fe7485a9..dd9df9717 100644 --- a/CLI.md +++ b/CLI.md @@ -161,8 +161,8 @@ Options: -h, --help Show this message and exit. Commands: - export-rules Export custom rules from Kibana. - import-rules Import custom rules into Kibana. + export-rules Export rules from Kibana. + import-rules Import rules into Kibana. search-alerts Search detection engine alerts with KQL. upload-rule [Deprecated] Upload a list of rule .toml files to Kibana. ``` @@ -249,7 +249,7 @@ Options: Usage: detection_rules kibana import-rules [OPTIONS] - Import custom rules into Kibana. + Import rules into Kibana. Options: -f, --rule-file FILE @@ -491,7 +491,7 @@ Options: Usage: detection_rules kibana export-rules [OPTIONS] - Export custom rules from Kibana. + Export rules from Kibana. Options: -d, --directory PATH Directory to export rules to [required] diff --git a/detection_rules/custom_rules.py b/detection_rules/custom_rules.py index 62352e50d..bae82697b 100644 --- a/detection_rules/custom_rules.py +++ b/detection_rules/custom_rules.py @@ -125,7 +125,7 @@ def setup_config(directory: Path, kibana_version: str, overwrite: bool, enable_p # Create the stack-schema-map.yaml file stack_schema_map_content = load_etc_dump(["stack-schema-map.yaml"]) - latest_version = max(stack_schema_map_content.keys(), key=lambda v: Version.parse(v)) + latest_version = max(stack_schema_map_content.keys(), key=Version.parse) latest_entry = {latest_version: stack_schema_map_content[latest_version]} _ = stack_schema_map_config.write_text(yaml.safe_dump(latest_entry, default_flow_style=False)) diff --git a/detection_rules/integrations.py b/detection_rules/integrations.py index da8c34a24..5cbeff140 100644 --- a/detection_rules/integrations.py +++ b/detection_rules/integrations.py @@ -249,7 +249,7 @@ def find_latest_compatible_version( if not compatible_versions: raise ValueError(f"Manifest for {package}:{integration} version {version} is missing compatible versions") - highest_compatible_version = Version.parse(max(compatible_versions, key=lambda x: Version.parse(x))) + highest_compatible_version = Version.parse(max(compatible_versions, key=Version.parse)) if highest_compatible_version > rule_stack_version: # generate notice message that a later integration version is available diff --git a/detection_rules/kbwrap.py b/detection_rules/kbwrap.py index bd741ac77..ed2a2e1c7 100644 --- a/detection_rules/kbwrap.py +++ b/detection_rules/kbwrap.py @@ -109,7 +109,7 @@ def kibana_import_rules( # noqa: PLR0915 overwrite_exceptions: bool = False, overwrite_action_connectors: bool = False, ) -> tuple[dict[str, Any], list[RuleResource]]: - """Import custom rules into Kibana.""" + """Import rules into Kibana.""" def _handle_response_errors(response: dict[str, Any]) -> None: """Handle errors from the import response.""" @@ -277,7 +277,7 @@ def kibana_export_rules( # noqa: PLR0912, PLR0913, PLR0915 export_query: str | None = None, load_rule_loading: bool = False, ) -> list[TOMLRule]: - """Export custom rules from Kibana.""" + """Export rules from Kibana.""" kibana = ctx.obj["kibana"] kibana_include_details = export_exceptions or export_action_connectors or custom_rules_only or export_query diff --git a/detection_rules/rule_formatter.py b/detection_rules/rule_formatter.py index cea3d8b0a..75225f160 100644 --- a/detection_rules/rule_formatter.py +++ b/detection_rules/rule_formatter.py @@ -213,7 +213,7 @@ def toml_write(rule_contents: dict[str, Any], out_file_path: Path | None = None) for i, v in enumerate(obj): # type: ignore[reportUnknownMemberType] if isinstance(v, dict | list): obj[i] = order_rule(v) - obj = sorted(obj, key=lambda x: json.dumps(x)) # type: ignore[reportUnknownArgumentType, reportUnknownVariableType] + obj = sorted(obj, key=json.dumps) # type: ignore[reportUnknownArgumentType, reportUnknownVariableType] return obj diff --git a/pyproject.toml b/pyproject.toml index 2fdf447ae..904d4eea5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "detection_rules" -version = "1.5.38" +version = "1.5.39" description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine." readme = "README.md" requires-python = ">=3.12" diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py index a2b9c6c94..131128266 100644 --- a/tests/test_all_rules.py +++ b/tests/test_all_rules.py @@ -1074,7 +1074,7 @@ class TestRuleMetadata(BaseRuleTest): stack_map = load_etc_dump(["stack-schema-map.yaml"]) # Get the minimum supported stack version as version object - min_supported = min(stack_map.keys(), key=lambda v: Version.parse(v)) + min_supported = min(stack_map.keys(), key=Version.parse) # Load all production rules for rule in self.all_rules: min_stack_version = rule.contents.metadata.get("min_stack_version")