[FR] [DAC] Add existing mitre threat information on import (#4948)

Mikaayenson · web-flow · commit f2fac1bc480d · 2025-07-31T09:44:09.000-05:00
diff --git a/detection_rules/cli_utils.py b/detection_rules/cli_utils.py
@@ -189,8 +189,8 @@ def rule_prompt(  # noqa: PLR0912, PLR0913, PLR0915
 
         # build this from technique ID
         if name == "threat":
-            threat_map: list[dict[str, Any]] = []
-            if not skip_errors:
+            threat_map: list[dict[str, Any]] = kwargs.get("threat", [])
+            if not skip_errors and not required_only:
                 while click.confirm("add mitre tactic?"):
                     tactic = schema_prompt("mitre tactic name", type="string", enum=tactics, is_required=True)
                     technique_ids = (  # type: ignore[reportUnknownVariableType]
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.3.14"
+version = "1.3.15"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"
