security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[doc fix] Adjust wording in the docs for Kibana import/export commands (#5600)

Browse Source 
* Wording fix

* Version bump

* Style fixes

* Style fix for tests
This commit is contained in:
Sergey Polzunov
2026-02-04 11:17:58 +01:00
committed by GitHub
parent c455d3d98a
commit 59e394f36b
7 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CLI.md
+4 -4
View File
@@ -161,8 +161,8 @@ Options:
-h, --help Show this message and exit.
Commands:
export-rules Export custom rules from Kibana.
import-rules Import custom rules into Kibana.
export-rules Export rules from Kibana.
import-rules Import rules into Kibana.
search-alerts Search detection engine alerts with KQL.
upload-rule [Deprecated] Upload a list of rule .toml files to Kibana.
```
@@ -249,7 +249,7 @@ Options:
Usage: detection_rules kibana import-rules [OPTIONS]
Import custom rules into Kibana.
Import rules into Kibana.
Options:
-f, --rule-file FILE
@@ -491,7 +491,7 @@ Options:
Usage: detection_rules kibana export-rules [OPTIONS]
Export custom rules from Kibana.
Export rules from Kibana.
Options:
-d, --directory PATH Directory to export rules to [required]
detection_rules/custom_rules.py
+1 -1
View File
@@ -125,7 +125,7 @@ def setup_config(directory: Path, kibana_version: str, overwrite: bool, enable_p
# Create the stack-schema-map.yaml file
stack_schema_map_content = load_etc_dump(["stack-schema-map.yaml"])
latest_version = max(stack_schema_map_content.keys(), key=lambda v: Version.parse(v))
latest_version = max(stack_schema_map_content.keys(), key=Version.parse)
latest_entry = {latest_version: stack_schema_map_content[latest_version]}
_ = stack_schema_map_config.write_text(yaml.safe_dump(latest_entry, default_flow_style=False))
detection_rules/integrations.py
+1 -1
View File
@@ -249,7 +249,7 @@ def find_latest_compatible_version(
if not compatible_versions:
raise ValueError(f"Manifest for {package}:{integration} version {version} is missing compatible versions")
highest_compatible_version = Version.parse(max(compatible_versions, key=lambda x: Version.parse(x)))
highest_compatible_version = Version.parse(max(compatible_versions, key=Version.parse))
if highest_compatible_version > rule_stack_version:
# generate notice message that a later integration version is available
detection_rules/kbwrap.py
+2 -2
View File
@@ -109,7 +109,7 @@ def kibana_import_rules( # noqa: PLR0915
overwrite_exceptions: bool = False,
overwrite_action_connectors: bool = False,
) -> tuple[dict[str, Any], list[RuleResource]]:
"""Import custom rules into Kibana."""
"""Import rules into Kibana."""
def _handle_response_errors(response: dict[str, Any]) -> None:
"""Handle errors from the import response."""
@@ -277,7 +277,7 @@ def kibana_export_rules( # noqa: PLR0912, PLR0913, PLR0915
export_query: str | None = None,
load_rule_loading: bool = False,
) -> list[TOMLRule]:
"""Export custom rules from Kibana."""
"""Export rules from Kibana."""
kibana = ctx.obj["kibana"]
kibana_include_details = export_exceptions or export_action_connectors or custom_rules_only or export_query
detection_rules/rule_formatter.py
+1 -1
View File
@@ -213,7 +213,7 @@ def toml_write(rule_contents: dict[str, Any], out_file_path: Path | None = None)
for i, v in enumerate(obj): # type: ignore[reportUnknownMemberType]
if isinstance(v, dict | list):
obj[i] = order_rule(v)
obj = sorted(obj, key=lambda x: json.dumps(x)) # type: ignore[reportUnknownArgumentType, reportUnknownVariableType]
obj = sorted(obj, key=json.dumps) # type: ignore[reportUnknownArgumentType, reportUnknownVariableType]
return obj
pyproject.toml
+1 -1
View File
@@ -1,6 +1,6 @@
[project]
name = "detection_rules"
version = "1.5.38"
version = "1.5.39"
description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Securitys Detection Engine."
readme = "README.md"
requires-python = ">=3.12"
tests/test_all_rules.py
+1 -1
View File
@@ -1074,7 +1074,7 @@ class TestRuleMetadata(BaseRuleTest):
stack_map = load_etc_dump(["stack-schema-map.yaml"])
# Get the minimum supported stack version as version object
min_supported = min(stack_map.keys(), key=lambda v: Version.parse(v))
min_supported = min(stack_map.keys(), key=Version.parse)
# Load all production rules
for rule in self.all_rules:
min_stack_version = rule.contents.metadata.get("min_stack_version")