From 7a87486a8fe5b3ada0fe66ac4d6db0fd84a49f31 Mon Sep 17 00:00:00 2001
From: eric-forte-elastic <eric.forte@elastic.co>
Date: Mon, 15 Sep 2025 14:37:25 -0400
Subject: [PATCH 1/3] Added handling for unauth error

---
 detection_rules/devtools.py | 4 ++++
 pyproject.toml              | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py
index a9d8f2b4c13..3ca35b7382d 100644
--- a/detection_rules/devtools.py
+++ b/detection_rules/devtools.py
@@ -1050,6 +1050,10 @@ def raw_permalink(raw_link: str) -> str:
             raise raise_client_error(
                 "Gist not found: verify the gist_id exists and the token has access to it", exc=exc
             ) from exc
+        if exc.response.status_code == requests.status_codes.codes.unauthorized:
+            raise raise_client_error(
+                "Unauthorized: verify the token is valid and has the necessary permissions", exc=exc
+            ) from exc
         raise
 
     response_data = response.json()
diff --git a/pyproject.toml b/pyproject.toml
index 4e6a06c166d..fba7e4f9549 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.4.1"
+version = "1.4.2"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"

From 7c975b01dc3c735e96e0be2263c363b1f50e6b21 Mon Sep 17 00:00:00 2001
From: eric-forte-elastic <eric.forte@elastic.co>
Date: Tue, 16 Sep 2025 01:55:41 -0400
Subject: [PATCH 2/3] Update to include response text

---
 detection_rules/devtools.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/detection_rules/devtools.py b/detection_rules/devtools.py
index 3ca35b7382d..19d059eafe9 100644
--- a/detection_rules/devtools.py
+++ b/detection_rules/devtools.py
@@ -1051,8 +1051,13 @@ def raw_permalink(raw_link: str) -> str:
                 "Gist not found: verify the gist_id exists and the token has access to it", exc=exc
             ) from exc
         if exc.response.status_code == requests.status_codes.codes.unauthorized:
+            text = json.loads(exc.response.text).get(
+                "message", "verify the token is valid and has the necessary permissions"
+            )
+            error_message = f"Unauthorized: {text}"
             raise raise_client_error(
-                "Unauthorized: verify the token is valid and has the necessary permissions", exc=exc
+                error_message,
+                exc=exc,
             ) from exc
         raise
 

From ab4d7ac6a16bc3dd1eb154fe53c941c31720dceb Mon Sep 17 00:00:00 2001
From: eric-forte-elastic <eric.forte@elastic.co>
Date: Tue, 16 Sep 2025 08:43:54 -0400
Subject: [PATCH 3/3] patch bump

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index fba7e4f9549..64929db2cfe 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.4.2"
+version = "1.4.3"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"