in core/kibana.py [0:0]
def find_detection_engine_rules(self, count_max, enabled=None):
count_max += 1
url = f"{self.url}/api/detection_engine/rules/_find?per_page={count_max}"
if enabled is not None:
url += f"&filter=alert.attributes.enabled:{str(enabled).lower()}"
res = self.session.get(url)
res.raise_for_status()
rules = res.json()["data"]
if len(rules) == count_max:
raise ValueError(f"The number of returned rules is suspiciously equal to count_max ({count_max})")
return rules