You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When exporting detection rules via the API, setting exclude_export_details to true will only output the rule objects, excluding the exceptions and exception lists. Setting it to false exports the rules, exceptions, exception lists, and a summary line at the end of the file. The documentation states this flag should only exclude the summary line, so this behavior is unexpected.
To Reproduce
Create at least 1 custom rule and add an exception
Run the following 2 POST requests: POST <kibana host>:<port>/api/detection_engine/rules/_export POST <kibana host>:<port>/api/detection_engine/rules/_export?exclude_export_details
Compare the two responses, note the second one does not include the exception logic.
Expected Behavior
The exclude_export_details flag should only exclude the final summary line. All rules and exception objects should be output regardless as to how this flag is set.
Screenshots
No response
Desktop - OS
None
Desktop - Version
No response
Additional Context
Tested on 8.15.1, but we also noticed the issue on 8.13 previously.
The text was updated successfully, but these errors were encountered:
👋 This is behavior of https://github.com/elastic/kibana which is the interface for the Elastic Security product where the detection rules from this repo are run. The API interaction that we use is dependent on the behavior from Kibana and as you mention the exclude_export_details flag when false will include rules, exceptions, and exception lists as well as actions and action connectors too. Given this, the detection rules repo needs to match Kibana's functionality and there is little we can do to address your issue in this repo.
Describe the Bug
When exporting detection rules via the API, setting
exclude_export_details
totrue
will only output the rule objects, excluding the exceptions and exception lists. Setting it tofalse
exports the rules, exceptions, exception lists, and a summary line at the end of the file. The documentation states this flag should only exclude the summary line, so this behavior is unexpected.To Reproduce
POST <kibana host>:<port>/api/detection_engine/rules/_export
POST <kibana host>:<port>/api/detection_engine/rules/_export?exclude_export_details
Expected Behavior
The
exclude_export_details
flag should only exclude the final summary line. All rules and exception objects should be output regardless as to how this flag is set.Screenshots
No response
Desktop - OS
None
Desktop - Version
No response
Additional Context
Tested on 8.15.1, but we also noticed the issue on 8.13 previously.
The text was updated successfully, but these errors were encountered: