elastic
diff --git a/‎CLI.md‎
Lines changed: 1 addition & 0 deletions b/‎CLI.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎detection_rules/cli_utils.py‎
Lines changed: 3 additions & 2 deletions b/‎detection_rules/cli_utils.py‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎detection_rules/devtools.py‎
Lines changed: 1 addition & 1 deletion b/‎detection_rules/devtools.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎detection_rules/eswrap.py‎
Lines changed: 0 additions & 6 deletions b/‎detection_rules/eswrap.py‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎detection_rules/etc/attack-technique-redirects.json‎
Lines changed: 3 additions & 2 deletions b/‎detection_rules/etc/attack-technique-redirects.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎detection_rules/etc/attack-v16.1.0.json.gz‎
-6.32 MB b/‎detection_rules/etc/attack-v16.1.0.json.gz‎
-6.32 MB
diff --git a/‎detection_rules/etc/attack-v17.0.0.json.gz‎
6.76 MB b/‎detection_rules/etc/attack-v17.0.0.json.gz‎
6.76 MB
diff --git a/‎detection_rules/etc/beats_schemas/main.json.gz‎
20 Bytes b/‎detection_rules/etc/beats_schemas/main.json.gz‎
20 Bytes
diff --git a/‎detection_rules/etc/beats_schemas/v8.18.0.json.gz‎
259 KB b/‎detection_rules/etc/beats_schemas/v8.18.0.json.gz‎
259 KB
diff --git a/‎detection_rules/etc/beats_schemas/v9.0.0.json.gz‎
256 KB b/‎detection_rules/etc/beats_schemas/v9.0.0.json.gz‎
256 KB
@@ -22,7 +22,7 @@
                           DEFAULT_PREBUILT_RULES_DIRS, RuleCollection,
                           dict_filter)
 from .schemas import definitions
-from .utils import clear_caches, rulename_to_filename
+from .utils import clear_caches, ensure_list_of_strings, rulename_to_filename
 from .config import parse_rules_config
 
 RULES_CONFIG = parse_rules_config()
@@ -195,7 +195,8 @@ def rule_prompt(path=None, rule_type=None, required_only=True, save=True, verbos
         if name == "new_terms":
             # patch to allow new_term imports
             result = {"field": "new_terms_fields"}
-            result["value"] = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields"))
+            new_terms_fields_value = schema_prompt("new_terms_fields", value=kwargs.pop("new_terms_fields", None))
+            result["value"] = ensure_list_of_strings(new_terms_fields_value)
             history_window_start_value = kwargs.pop("history_window_start", None)
             result["history_window_start"] = [
                 {
 
@@ -416,7 +416,7 @@ def kibana_diff(rule_id, repo, branch, threads):
     else:
         rules = rules.filter(production_filter).id_map
 
-    repo_hashes = {r.id: r.contents.sha256(include_version=True) for r in rules.values()}
+    repo_hashes = {r.id: r.contents.get_hash(include_version=True) for r in rules.values()}
 
     kibana_rules = {r['rule_id']: r for r in get_kibana_rules(repo=repo, branch=branch, threads=threads).values()}
     kibana_hashes = {r['rule_id']: dict_hash(r) for r in kibana_rules.values()}
 
@@ -421,9 +421,3 @@ def index_repo(ctx: click.Context, query, from_file, save_files):
         bulk_upload_docs, importable_rules_docs = ctx.invoke(generate_rules_index, query=query, save_files=save_files)
 
     es_client.bulk(bulk_upload_docs)
-
-
-@es_group.group('experimental')
-def es_experimental():
-    """[Experimental] helper commands for integrating with Elasticsearch."""
-    click.secho('\n* experimental commands are use at your own risk and may change without warning *\n')
@@ -130,7 +130,8 @@
     "T1522": "T1552.005",
     "T1527": "T1550.001",
     "T1536": "T1578.004",
-    "T1547.011": "T1647"
+    "T1547.011": "T1647",
+    "T1574.002": "T1574.001"
   },
-  "saved_date": "Mon Dec  9 14:04:15 2024"
+  "saved_date": "Mon May  5 18:11:43 2025"
 }