[FR] Update Docs to add references for new DaC Features (#29)

eric-forte-elastic · web-flow · commit 89be5a2b3dfd · 2025-07-31T15:05:52.000-04:00
diff --git a/docs/core_component_syncing_rules_and_data_from_vcs_to_elastic_security.md b/docs/core_component_syncing_rules_and_data_from_vcs_to_elastic_security.md
@@ -113,7 +113,7 @@ Commands:
   ...
 ```
 
-💡 Note: For stacks with a version prior to 9.0, one can use the `kibana upload-rule` command. However, this is not recommended and one should use the `kibana import-rules` in its place.
+💡 Note: For stacks with a version prior to 9.0, one can use the `kibana upload-rule` command. However, this is not recommended and one should use the `kibana import-rules` in its place. See the [CLI.md](https://github.com/elastic/detection-rules/blob/main/CLI.md) for more details.
 
 ```bash
 █▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄   ▄      █▀▀▄ ▄  ▄ ▄   ▄▄▄ ▄▄▄
@@ -126,17 +126,7 @@ Usage: detection_rules kibana [OPTIONS] COMMAND [ARGS]...
 
 Options:
   --ignore-ssl-errors TEXT
-  --space TEXT                 Kibana space
-  --kibana-url TEXT
-  --api-key TEXT               [required]
-  --cloud-id TEXT              ID of the cloud instance.
-  -h, --help                   Show this message and exit.
-
-Commands:
-  export-rules   Export custom rules from Kibana.
-  import-rules   Import custom rules into Kibana.
-  search-alerts  Search detection engine alerts with KQL.
-  upload-rule    [Deprecated] Upload a list of rule .toml files to Kibana.
+...
 ```
 
 ### Testing
diff --git a/docs/internals_of_the_detection_rules_repo.md b/docs/internals_of_the_detection_rules_repo.md
@@ -170,27 +170,28 @@ The repository extensively utilizes schemas sourced from upstream (e.g., Beats,
 1. Explore the [rule dataclasses](https://github.com/elastic/detection-rules/blob/main/detection_rules/rule.py) detailed in the repository to understand the expected format for rule definitions. These are periodically updated to reflect new capabilities within the Kibana features set.
 
 ```python
-@dataclass(frozen=True)
+@dataclass(frozen=True, kw_only=True)
 class RuleMeta(MarshmallowDataclassMixin):
     """Data stored in a rule's [metadata] section of TOML."""
+
     creation_date: definitions.Date
     updated_date: definitions.Date
-    deprecation_date: Optional[definitions.Date]
+    deprecation_date: definitions.Date | None = None
 
     # Optional fields
-    bypass_bbr_timing: Optional[bool]
-    comments: Optional[str]
-    integration: Optional[Union[str, List[str]]]
-    maturity: Optional[definitions.Maturity]
-    min_stack_version: Optional[definitions.SemVer]
-    min_stack_comments: Optional[str]
-    os_type_list: Optional[List[definitions.OSType]]
-    query_schema_validation: Optional[bool]
-    related_endpoint_rules: Optional[List[str]]
-    promotion: Optional[bool]
+    bypass_bbr_timing: bool | None = None
+    comments: str | None = None
+    integration: str | list[str] | None = None
+    maturity: definitions.Maturity | None = None
+    min_stack_version: definitions.SemVer | None = None
+    min_stack_comments: str | None = None
+    os_type_list: list[definitions.OSType] | None = None
+    query_schema_validation: bool | None = None
+    related_endpoint_rules: list[str] | None = None
+    promotion: bool | None = None
 
     # Extended information as an arbitrary dictionary
-    extended: Optional[Dict[str, Any]]
+    extended: dict[str, Any] | None = None
 ```
 
 2. Visit the etc/ directory within the repository to review additional resources, including validation schemas and configuration files required for rule management and development.
diff --git a/docs/known_limitations.md b/docs/known_limitations.md
@@ -15,11 +15,10 @@
 
 ## No Direct Support
 
-- Managing prebuilt rules via DaC workflows is not supported at the moment (this is being addressed).
 - Rule loading
   - Core repo (loading Rule object)
-    - Officially supports from  TOML to Rule object
-    - Support for json yaml will exist but will remain in a dict format
+    - Officially supports loading from TOML to Rule object
+    - Support for json and yaml exists but will remain in a dict format (as opposed to the nested TOML format)
       - This is only a convenience utility and will only be supported across minimal components, since all functionality depends on the validated object (and related pieces)
   - Kibana module does support raw dict's
   - We added a RawDictLoader as a util, but this will only serve to load rules to dicts, bypassing most of the value of the core repo
@@ -32,6 +31,7 @@
 ## Potential Upcoming Enhancements
 
 - Support for customizable folder structure:
-  - There currently is no support for customizing the folder structure which decides how rules are stored on disk when downloaded from kibana (however, this can also be reconciled post download in whatever manner desired).
+  - There currently is not full support for customizing the folder structure which decides how rules are stored on disk.
   - This means that users have to manually move rules to specific organized folders.
-  - This is tracked in: [#3625](https://github.com/elastic/detection-rules/issues/3625)
+  - This is tracked in: [#3625](https://github.com/elastic/detection-rules/issues/3625)
+  - However, there is support for using an existing folder structure when importing rules from a Kibana export. This is done by using the `--load-rule-loading / -lr` option in the `kibana export-rules` and `import-rules-to-repo` commands. See [#4891](https://github.com/elastic/detection-rules/issues/4891) and its associated PR for more details.
