From b6a7e7ebda1c3403f66c6c9d8dd50bb4080d1d02 Mon Sep 17 00:00:00 2001 From: Mika Ayenson Date: Thu, 28 Mar 2024 18:29:47 -0500 Subject: [PATCH] [FR] Add required-fields option to import-rules (#3546) --- CLI.md | 3 ++- detection_rules/main.py | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/CLI.md b/CLI.md index 6e84e3f45..858abae03 100644 --- a/CLI.md +++ b/CLI.md @@ -81,9 +81,10 @@ and will accept any valid rule in the following formats: ```console Usage: detection_rules import-rules [OPTIONS] [INPUT_FILE]... - Import rules from json, toml, or Kibana exported rule file(s). + Import rules from json, toml, yaml, or Kibana exported rule file(s). Options: + --required-only Only prompt for required fields -d, --directory DIRECTORY Load files from a directory -h, --help Show this message and exit. ``` diff --git a/detection_rules/main.py b/detection_rules/main.py index 980a80739..09758fa91 100644 --- a/detection_rules/main.py +++ b/detection_rules/main.py @@ -94,8 +94,9 @@ def generate_rules_index(ctx: click.Context, query, overwrite, save_files=True): @root.command('import-rules') @click.argument('input-file', type=click.Path(dir_okay=False, exists=True), nargs=-1, required=False) +@click.option('--required-only', is_flag=True, help='Only prompt for required fields') @click.option('--directory', '-d', type=click.Path(file_okay=False, exists=True), help='Load files from a directory') -def import_rules(input_file, directory): +def import_rules(input_file, required_only, directory): """Import rules from json, toml, yaml, or Kibana exported rule file(s).""" rule_files = glob.glob(os.path.join(directory, '**', '*.*'), recursive=True) if directory else [] rule_files = sorted(set(rule_files + list(input_file))) @@ -115,7 +116,8 @@ def import_rules(input_file, directory): base_path = name_to_filename(base_path) if base_path else base_path rule_path = os.path.join(RULES_DIR, base_path) if base_path else None additional = ['index'] if not contents.get('data_view_id') else ['data_view_id'] - rule_prompt(rule_path, required_only=True, save=True, verbose=True, additional_required=additional, **contents) + rule_prompt(rule_path, required_only=required_only, save=True, verbose=True, + additional_required=additional, **contents) @root.command('build-limited-rules')