Skip to content

[Bug] Threshold Rule Conversion to TOML not working as expected #3442

New issue
New issue
Closed
Closed
[Bug] Threshold Rule Conversion to TOML not working as expected#3442
Assignees
eric-forte-elastic
Labels
bugSomething isn't workingcommunity
@Lexinga

Description

@Lexinga
Lexinga
opened on Feb 13, 2024

Describe the bug
python.exe -m detection_rules import-rules anytresholdrule_with_groupby_and_cardinalityfield.ndjson
Does not convert the rule to TOML, but it rather prompts for additional input (like cardinality, field name and field value). Furthermore, it does not seem possible to use both a group_by and a count field with corresponding values.

To Reproduce
Steps to reproduce the behavior:

  1. Create a Threshold Rule with group by field and count field, fill values
  2. export to ndjson
  3. try to convert using the python module -> python.exe -m detection_rules import-rules rule.ndjson
  4. See behaviour

Expected behavior
It should not prompt for anything. And it should be clear how to fill the prompts as in the UI.

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingcommunity

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions