[FR] Add Kibana Action Connector Error to Exception List Workaround (#4583)

* Add error catch for workaround

* Switch to set for efficiency

* Patch version bump

---------

Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>

detection_rules/kbwrap.py

@@ -108,27 +108,44 @@ def kibana_import_rules(ctx: click.Context, rules: RuleCollection, overwrite: Op
 
         # Re-try to address known Kibana issue: https://github.com/elastic/kibana/issues/143864
         workaround_errors = []
+        workaround_error_types = set()
 
         flattened_exceptions = [e for sublist in exception_dicts for e in sublist]
         all_exception_list_ids = {exception["list_id"] for exception in flattened_exceptions}
 
         click.echo(f'{len(response["errors"])} rule(s) failed to import!')
 
+        action_connector_validation_error = "Error validating create data"
+        action_connector_type_error = "expected value of type [string] but got [undefined]"
         for error in response['errors']:
-            click.echo(f' - {error["rule_id"]}: ({error["error"]["status_code"]}) {error["error"]["message"]}')
+            error_message = error["error"]["message"]
+            click.echo(f' - {error["rule_id"]}: ({error["error"]["status_code"]}) {error_message}')
 
-            if "references a non existent exception list" in error["error"]["message"]:
-                list_id = _parse_list_id(error["error"]["message"])
+            if "references a non existent exception list" in error_message:
+                list_id = _parse_list_id(error_message)
                 if list_id in all_exception_list_ids:
                     workaround_errors.append(error["rule_id"])
+                    workaround_error_types.add("non existent exception list")
+
+            if action_connector_validation_error in error_message and action_connector_type_error in error_message:
+                workaround_error_types.add("connector still being built")
 
         if workaround_errors:
             workaround_errors = list(set(workaround_errors))
-            click.echo(f'Missing exception list errors detected for {len(workaround_errors)} rules. '
-                       'Try re-importing using the following command and rule IDs:\n')
-            click.echo('python -m detection_rules kibana import-rules -o ', nl=False)
-            click.echo(' '.join(f'-id {rule_id}' for rule_id in workaround_errors))
-            click.echo()
+            if "non existent exception list" in workaround_error_types:
+                click.echo(
+                    f"Missing exception list errors detected for {len(workaround_errors)} rules. "
+                    "Try re-importing using the following command and rule IDs:\n"
+                )
+                click.echo("python -m detection_rules kibana import-rules -o ", nl=False)
+                click.echo(" ".join(f"-id {rule_id}" for rule_id in workaround_errors))
+                click.echo()
+            if "connector still being built" in workaround_error_types:
+                click.echo(
+                    f"Connector still being built errors detected for {len(workaround_errors)} rules. "
+                    "Please try re-importing the rules again."
+                )
+                click.echo()
 
     def _process_imported_items(imported_items_list, item_type_description, item_key):
         """Displays appropriately formatted success message that all items imported successfully."""

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.0.6"
+version = "1.0.7"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"