From f2fac1bc480dac922a2c33886562ddcf19c0d700 Mon Sep 17 00:00:00 2001
From: "Mika Ayenson, PhD" <Mikaayenson@users.noreply.github.com>
Date: Thu, 31 Jul 2025 09:44:09 -0500
Subject: [PATCH] [FR] [DAC] Add existing mitre threat information on import
 (#4948)

---
 detection_rules/cli_utils.py | 4 ++--
 pyproject.toml               | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/detection_rules/cli_utils.py b/detection_rules/cli_utils.py
index 2b7f1b652..49fd98e34 100644
--- a/detection_rules/cli_utils.py
+++ b/detection_rules/cli_utils.py
@@ -189,8 +189,8 @@ def rule_prompt(  # noqa: PLR0912, PLR0913, PLR0915
 
         # build this from technique ID
         if name == "threat":
-            threat_map: list[dict[str, Any]] = []
-            if not skip_errors:
+            threat_map: list[dict[str, Any]] = kwargs.get("threat", [])
+            if not skip_errors and not required_only:
                 while click.confirm("add mitre tactic?"):
                     tactic = schema_prompt("mitre tactic name", type="string", enum=tactics, is_required=True)
                     technique_ids = (  # type: ignore[reportUnknownVariableType]
diff --git a/pyproject.toml b/pyproject.toml
index 124ee2684..eaba322bf 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.3.14"
+version = "1.3.15"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"