Expected Behavior
The command limacharlie replay --validate --rule-content T1196.rule should work correctly, as documented: https://doc.limacharlie.io/docs/documentation/ZG9jOjE5MzEwOTc-writing-and-testing-rules
Actual Behavior
Returns: limacharlie.utils.LcApiException: Api failure (400): {'error': 'no event_source specified'}
Running replay by removing --validate and adding a test rule works correctly, e.g. limacharlie replay --rule-content ~/test.yml --events ~/target_event.json
Steps to Reproduce the Problem
- Follow the docs to create a test rule
limacharlie replay --validate --rule-content T1196.rule
Specifications
Expected Behavior
The command
limacharlie replay --validate --rule-content T1196.ruleshould work correctly, as documented: https://doc.limacharlie.io/docs/documentation/ZG9jOjE5MzEwOTc-writing-and-testing-rulesActual Behavior
Returns:
limacharlie.utils.LcApiException: Api failure (400): {'error': 'no event_source specified'}Running replay by removing --validate and adding a test rule works correctly, e.g.
limacharlie replay --rule-content ~/test.yml --events ~/target_event.jsonSteps to Reproduce the Problem
limacharlie replay --validate --rule-content T1196.ruleSpecifications