[FR] Add Env Var DR_CLI_MAX_WIDTH and DaC Docs Updates

[eric-forte-elastic]

Pull Request

Issue link(s):
Resolves #4517

Summary - What I changed

The current help text gets cut off in the Click CLI as a byproduct of Click's default settings. I have added an env variable DR_CLI_MAX_WIDTH that can be used to change the default value to a larger number to prevent the text from being cutoff. Additionally I have increased the value from the default value in order to prevent the text from being cutoff

How To Test

Run the following commands and see that the text is no longer cutoff

python3 -m detection_rules --help

python3 -m detection_rules dev --help

Expected Output:

Checklist

• Added a label for the type of pr: bug, enhancement, schema, maintenance, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
• Added the meta:rapid-merge label if planning to merge within 24 hours
• Secret and sensitive material has been managed correctly
• Automated testing was updated or added to match the most common scenarios
• Documentation and comments were added for features that require explanation

Contributor checklist

• Have you signed the contributor license agreement?
• Have you followed the contributor guidelines?

[github-actions]

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

• Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
• Include additional context or screenshots.
• Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

• Code follows established design patterns within the repo and avoids duplication.
• Code changes do not introduce new warnings or errors.
• Variables and functions are well-named and descriptive.
• Any unnecessary / commented-out code is removed.
• Ensure that the code is modular and reusable where applicable.
• Check for proper exception handling and messaging.

Testing

• New unit tests have been added to cover the enhancement.
• Existing unit tests have been updated to reflect the changes.
• Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
• Validate that any rules affected by the enhancement are correctly updated.
• Ensure that performance is not negatively impacted by the changes.
• Verify that any release artifacts are properly generated and tested.

Additional Checks

• Ensure that the enhancement does not break existing functionality.
• Review the enhancement with a peer or team member for additional insights.
• Verify that the enhancement works across all relevant environments (e.g., different OS versions).
• Confirm that all dependencies are up-to-date and compatible with the changes.
• Confirm that the proper version label is applied to the PR patch, minor, major.

[shashank-elastic]

Locally tested the command with the variable. Works as expected

[Mikaayenson]

Can you add it to the table like in @traut Cortado PR

[eric-forte-elastic]

Good call! Updated

[approksiu]

Could we change "custom rules.md" to something more related to dac rule management?

[approksiu]

Did you want to change the custom-rules page name to more related to dac?

[eric-forte-elastic]

Would renaming it to dac-custom-rules.md alleviate your concern? My fear is that there may be customers looking for just setting up custom rules rather than a full dac pipeline, and those users may not know where to go for information.

Or perhaps something like detections-as-code-custom-rules?

Alternatively, I we could change the name to dac.md or detections-as-code.md and we retain a header in that file called Custom Rules so folks would have something find for this.

Thanks!

[approksiu]

Thanks @eric-forte-elastic for the detailed discussion yesterday, let's call this page custom-rules-management.md, and mention dac on the page itself.

[approksiu]

Please add sub-header to highlight this command.

[approksiu]

Would it make sense to move the upload-rule command below and make it more clear not to use it? Is it removed in 9.0?

[approksiu]

Would it make sense to move the upload-rule command below and make it more clear not to use it? Is it removed in 9.0?