detection-rules icon indicating copy to clipboard operation
detection-rules copied to clipboard

Published 20 hours ago verified publisher icon elastic

[FR] Include Timeline Templates export/import in the CLI such that they can be imported and exported together with rules like exceptions and action connectors

Open frederikb96 opened this issue 8 months ago • 7 comments

Repository Feature

None

Problem Description

Currently, timeline templates are referenced by id and name in the exported rule files. However, the tempalte itself is not exported/cannot be imported via the CLI.

This limitations is also mentioned in the DaC Documentation.

Desired Solution

The Kibana API exists.

Best would be to implement this analog to the exception lists and action connectors. I hope its possible to use the same concepts and just adapt the code to the Timeline Template API.

Considered Alternatives

No response

Additional Context

This feature is essential for our DaC workflows for customer projects, so we are thinking about taking a look at the code base and checking if we can contribute to this, in case there are currently no plans of implementing this by elastic.

Thus, I wanted to ask if there are already some plans for this or if there has already been progress in the background or anything 🙂

frederikb96 avatar Apr 01 '25 10:04 frederikb96

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

botelastic[bot] avatar May 31 '25 11:05 botelastic[bot]

Since this is an important topic for us and our customers, we are currently working on implementing this.

frederikb96 avatar May 31 '25 13:05 frederikb96

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

botelastic[bot] avatar Jul 30 '25 14:07 botelastic[bot]

I am still working on this feature

frederikb96 avatar Aug 03 '25 14:08 frederikb96

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

botelastic[bot] avatar Oct 02 '25 14:10 botelastic[bot]

#5042

frederikb96 avatar Oct 02 '25 21:10 frederikb96

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

botelastic[bot] avatar Dec 01 '25 21:12 botelastic[bot]

This has been closed due to inactivity. If you feel this is an error, please re-open and include a justifying comment.

botelastic[bot] avatar Dec 08 '25 22:12 botelastic[bot]