You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello @maof97, thanks for opening the issue and sorry for the frustrations. There are a few things going on here.
The current release process merges all these rules to main, which will then be merged into Kibana by the next stack release (7.13 in this case). There is an ongoing issue (#362) for better incorporating a sync model using git for users who want to integrate rules into their workflow. Additionally, we will begin releasing rules separate from Kibana releases very soon, which would allow them to be incorporated much quicker.
The error for export-rules looks like it was introduced in a commit this week, and so I will take a look at that.
The error for upload-rule is a known error (#634) resulting from logging into a non-cloud instance. I will get that addressed too.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hello,
I just want to update all the rules in Kibana to the rules I see here.
What would be the easiest way to do that?
I tried using the CLI python method but it fails to export the rules to the .ndjson file
Example:
CLI Error: Unknown rules for rule IDs: rules/macos/credential_access_access_to_browser_credentials_procargs.toml
using the -d option results in a strange error:
As you can see I already tried the -s -r options.
I also tried to upload the rules directly to Kibana but that resulted in another error:
python3 -m detection_rules kibana -ku elastic -kp verygoodpw --kibana-url http://192.168.178.83:5601 upload-rule rule/macos/*.toml
[...]
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: http://192.168.178.83:5601/internal/security/login
Why is this so hard? Am I overseeing something?
Btw. I have the standalone version (non cloud) if this is important.
The text was updated successfully, but these errors were encountered: