[Feature] Add support for prebuilt rules #750
Description
Is your feature request related to a problem? Please describe.
I would like to manage all rules using terraform to include prebuilt ones from Elastic.
Describe the resource you would like to have implemented.
Add another resource like elasticstack_kibana_prebuilt_rule that installs or updates all prebuilt rules from elastic. Optionally enable or disable rules based on alert.attribute.tags using POST api/detection_engine/rules/_bulk_action
Describe the solution you'd like
Enable rules by alert.attribute.tags
resource "elasticstack_kibana_prebuilt_rule" "example" {
tags = [
"OS: Linux",
"OS: Windows",
"Data Source: GCP"
]
}This would enable all rules
resource "elasticstack_kibana_prebuilt_rule" "example" {
tags = ["all"]
}This would install the rules but not enable them
resource "elasticstack_kibana_prebuilt_rule" "example" {
tags = []
}Only run if tags is updated or if GET api/detection_engine/rules/prepackaged/_status returns rules_not_installed or rules_not_updated is greater than or equal to 1.
Describe alternatives you've considered
Using ansible.builtin.uri or curl as an alternative
Additional context
Add any other context or screenshots about the feature request here.