elastic
diff --git a/‎detection_rules/cli_utils.py‎
Lines changed: 3 additions & 3 deletions b/‎detection_rules/cli_utils.py‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.base.json‎
Lines changed: 21 additions & 42 deletions b/‎detection_rules/etc/api_schemas/master/master.base.json‎
Lines changed: 21 additions & 42 deletions
@@ -92,11 +92,11 @@ def _convert_type(_val: Any) -> Any:
     )
 
     while True:
-        result = value or input(prompt) or default
+        result = value if value is not None else input(prompt) or default
         if result == "n/a":
             result = None
 
-        if not result:
+        if result is None:
             if is_required:
                 value = None
                 continue
@@ -318,7 +318,7 @@ def rule_prompt(  # noqa: PLR0912, PLR0913, PLR0915
                 contents[name] = threat_map
             continue
 
-        if kwargs.get(name):
+        if name in kwargs:
             contents[name] = schema_prompt(name, value=kwargs.pop(name))
             continue
 
 
@@ -83,15 +83,15 @@
       ]
     },
     "interval": {
-      "type": [
-        "string"
-      ]
+      "pattern": "^\\d+[mshd]$",
+      "type": "string"
     },
     "investigation_fields": {
       "additionalProperties": false,
       "properties": {
         "field_names": {
           "items": {
+            "minLength": 1,
             "type": "string"
           },
           "type": "array"
@@ -108,9 +108,8 @@
       ]
     },
     "max_signals": {
-      "type": [
-        "integer"
-      ]
+      "minimum": 1,
+      "type": "integer"
     },
     "meta": {
       "additionalProperties": {
@@ -147,22 +146,11 @@
       "items": {
         "additionalProperties": false,
         "properties": {
-          "integration": {
-            "type": [
-              "string"
-            ]
-          },
           "package": {
-            "type": "string"
-          },
-          "version": {
+            "minLength": 1,
             "type": "string"
           }
         },
-        "required": [
-          "package",
-          "version"
-        ],
         "type": "object"
       },
       "min_compat": "8.3",
@@ -178,16 +166,12 @@
             "type": "boolean"
           },
           "name": {
-            "type": "string"
-          },
-          "type": {
+            "minLength": 1,
             "type": "string"
           }
         },
         "required": [
-          "ecs",
-          "name",
-          "type"
+          "ecs"
         ],
         "type": "object"
       },
@@ -203,6 +187,8 @@
       ]
     },
     "risk_score": {
+      "maximum": 100,
+      "minimum": 1,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -236,6 +222,7 @@
       ]
     },
     "rule_id": {
+      "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$|^7eb54028-ca72-4eb7-8185-b6864572347db$",
       "type": "string"
     },
     "rule_name_override": {
@@ -323,13 +310,13 @@
                 "type": "string"
               },
               "reference": {
+                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
                 "type": "string"
               }
             },
             "required": [
               "id",
-              "name",
-              "reference"
+              "name"
             ],
             "type": "object"
           },
@@ -344,6 +331,7 @@
                   "type": "string"
                 },
                 "reference": {
+                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -357,13 +345,13 @@
                         "type": "string"
                       },
                       "reference": {
+                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
                         "type": "string"
                       }
                     },
                     "required": [
                       "id",
-                      "name",
-                      "reference"
+                      "name"
                     ],
                     "type": "object"
                   },
@@ -374,8 +362,7 @@
               },
               "required": [
                 "id",
-                "name",
-                "reference"
+                "name"
               ],
               "type": "object"
             },
@@ -400,14 +387,10 @@
       ]
     },
     "timeline_id": {
-      "type": [
-        "string"
-      ]
+      "type": "string"
     },
     "timeline_title": {
-      "type": [
-        "string"
-      ]
+      "type": "string"
     },
     "timestamp_override": {
       "type": [
@@ -434,17 +417,13 @@
       "type": "string"
     },
     "version": {
-      "type": [
-        "integer"
-      ]
+      "minimum": 1,
+      "type": "integer"
     }
   },
   "required": [
     "author",
     "description",
-    "name",
-    "risk_score",
-    "rule_id",
     "severity",
     "type"
   ],