* Add support for local file contents
* Update Rule Params
* Update CLI docs
* Update to Pathlib
* Format updating
* Delete duplicate
* Update logic to handle just local_contents path
* Update to Glob Based Approach
* Updated to use RawRuleCollection
* Fix Logging Typo
* New utils functions no longer needed
* Update naming for convention
* Added new cli flag to exclude tactic name in rule file name
* added a shortcut for the flag and adjusted CLI readme
* Add no tactic flag also to import to prevent warnings
* Added info about unit test
* version bump
* Added no_tactic_filename as config option + fixed linting
* pyproject version bump
---------
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
Co-authored-by: Eric Forte <119343520+eric-forte-elastic@users.noreply.github.com>
* Add Env Var DR_CLI_MAX_WIDTH
* Version Bump
* Update limit from 120 to 240
* Clean references to reference main
* Update Readme with DaC Info
* Add DaC to Table of Contents
* Bump Patch Version
* Updated naming and add dac md
* Organize Imports
* Deprecate upload-rule
* Update docs/detections-as-code.md
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
* move docs to docs-dev
* Sort custom rules imports
* Remove duplicate
* Fix typo
* Bump Patch Version
---------
Co-authored-by: Mika Ayenson, PhD <Mikaayenson@users.noreply.github.com>
* chore: use `docs-dev` instead of `docs` folder
* patch version bump
* Rollback an incorrect rename
* Use exact docs dir in the helper comment
* Revert some overeager renamings
* Moving `docs` to `docs-dev`
* Update Docs Paths
---------
Co-authored-by: eric-forte-elastic <eric.forte@elastic.co>
* Added asset tag to expected tags
* removed *
* Add regex wildcard tag support
* Updated tag format test location
* Updated to use env variable
* fixed typo
* Convert config header to setup in note field
* Parse note field into separate setup and note field with marko gfm
* only validate and parse note on elastic authored rules and add CLI description for new DR_BYPASS_NOTE_VALIDATION_AND_PARSE environment variable
Co-authored-by: brokensound77 <brokensound77@users.noreply.github.com>
* Add a RuleCollection object instead of a "loader" module
* Remove legacy loader code
* Remove more legacy loader
* Freeze the default collection
* Change RULE_LOADER default
* Rename to _toml_load_cache
* Use rglob magic
* Typo should've been a string
* Remove no longer needed glob import
* Fix pycharm import bad ordering
* Restore the detection_rules/schemas imports
* Put more imports back for a smaller diff
* Check cache in _deserialize_toml
* Add multi collection and single collection decorators
* Reorder RuleCollection methods
* Move filter method up
* Restructure commands under more specific click groups
* standardize CLI error handling
* add global debug options
* move es and kibana clients into their click groups
* move commands and groups to dedicated files
* distinguish variable names for better env/config parsing
Eric Forte