[FR] Only supporting known compatible rule file types (#3167)

* Only supporting known compatible file types

* Add --ignore-invalid-files flag

* Added support to ignore invalid rule files

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/utils.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* Update detection_rules/main.py

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>

* reverting main

* add punctuation

---------

Co-authored-by: Justin Ibarra <16747370+brokensound77@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

detection_rules/main.py

@@ -93,7 +93,7 @@ def generate_rules_index(ctx: click.Context, query, overwrite, save_files=True):
 @click.argument('input-file', type=click.Path(dir_okay=False, exists=True), nargs=-1, required=False)
 @click.option('--directory', '-d', type=click.Path(file_okay=False, exists=True), help='Load files from a directory')
 def import_rules(input_file, directory):
-    """Import rules from json, toml, or Kibana exported rule file(s)."""
+    """Import rules from json, toml, yaml, or Kibana exported rule file(s)."""
     rule_files = glob.glob(os.path.join(directory, '**', '*.*'), recursive=True) if directory else []
     rule_files = sorted(set(rule_files + list(input_file)))
 

detection_rules/utils.py

@@ -326,8 +326,10 @@ def load_rule_contents(rule_file: Path, single_only=False) -> list:
         return contents or [{}]
     elif extension == '.toml':
         rule = pytoml.loads(raw_text)
+    elif extension.lower() in ('yaml', 'yml'):
+        rule = load_dump(str(rule_file))
     else:
-        rule = load_dump(rule_file)
+        return []
 
     if isinstance(rule, dict):
         return [rule]