[Bug] [DAC] Kibana Export Rules Rule Name Filter Exports All Rules (#4917)

eric-forte-elastic · tradebot-elastic · commit 44c9984d56df · 2025-07-22T15:34:35.000Z
* Add check for not rule_id (cherry picked from commit 0cb1e59)
diff --git a/detection_rules/kbwrap.py b/detection_rules/kbwrap.py
@@ -282,6 +282,12 @@ def kibana_export_rules(  # noqa: PLR0912, PLR0913, PLR0915
         if rule_name:
             found = RuleResource.find(filter=f"alert.attributes.name:{rule_name}")  # type: ignore[reportUnknownMemberType]
             rule_id = [r["rule_id"] for r in found]  # type: ignore[reportUnknownVariableType]
+            if not rule_id:
+                click.echo(
+                    f"No rules found to export matching the provided name '{rule_name}' "
+                    f"using filter 'alert.attributes.name:{rule_name}'"
+                )
+                return []
         query = (
             export_query
             if not custom_rules_only
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.3.12"
+version = "1.3.13"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"
