[Bug] Creating New Terms via CLI #4566

eric-forte-elastic · 2025-03-26T13:02:14Z

Describe the Bug

Summary

Creating a new terms rule via the CLI will currently not prompt the user to supply the new_terms field(s) preventing the user from being able to create the rule.

(See gif for details)

To Reproduce

Run python -m detection_rules create-rule
Choose new-terms
Attempt to complete rule
See error

Expected Behavior

Rule should be created successfully.

Screenshots

Desktop - OS

None

Desktop - Version

No response

Additional Context

At a minimum changing line 188 of detection_rules/cli_utils.py result["value"] = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields")) to result["value"] = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields", None)) will resolve the initial issue of the lack of prompt for new_terms fields, but I expect more changes will be needed to fix the issue.

The text was updated successfully, but these errors were encountered:

eric-forte-elastic added bug Something isn't working Team: TRADE labels Mar 26, 2025

eric-forte-elastic linked a pull request Mar 26, 2025 that will close this issue

[Bug] Update Schema Prompt to include new_terms_fields #4567

Open

5 tasks

eric-forte-elastic self-assigned this Mar 30, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] Creating New Terms via CLI #4566

[Bug] Creating New Terms via CLI #4566

eric-forte-elastic commented Mar 26, 2025

[Bug] Creating New Terms via CLI #4566

[Bug] Creating New Terms via CLI #4566

Comments

eric-forte-elastic commented Mar 26, 2025

Describe the Bug

Summary

To Reproduce

Expected Behavior

Screenshots

Desktop - OS

Desktop - Version

Additional Context