Enhance Readability of validation check failures (#4299)

Author: shashank-elastic

detection_rules/rule_validators.py

@@ -17,6 +17,7 @@
 from semver import Version
 
 import kql
+import click
 
 from . import ecs, endgame
 from .config import CUSTOM_RULES_DIR, load_current_package_version, parse_rules_config
@@ -371,7 +372,9 @@ def validate(self, data: "QueryRuleData", meta: RuleMeta, max_attempts: int = 10
                         # auto add the field and re-validate
                         self.auto_add_field(validation_checks["stack"], data.index_or_dataview[0])
                     else:
-                        raise ValueError(f"Error in both stack and integrations checks: {validation_checks}")
+                        click.echo(f"Stack Error Trace: {validation_checks["stack"]}")
+                        click.echo(f"Integrations Error Trace: {validation_checks["integrations"]}")
+                        raise ValueError("Error in both stack and integrations checks")
 
                 else:
                     break

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "0.3.5"
+version = "0.3.6"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"

tests/test_python_library.py

@@ -55,7 +55,7 @@ def test_eql_in_set(self):
                 """,
             },
         }
-        expected_error_message = r"Error in both stack and integrations checks:.*Unable to compare ip to string.*"
+        expected_error_message = r"Error in both stack and integrations checks"
         with self.assertRaisesRegex(ValueError, expected_error_message):
             rc.load_dict(eql_rule)
         # Change to appropriate destination.address field