Deprecate Experimental ML command

[shashank-elastic]

DO NOT MERGE THE PR UNTILL May 1 2025

Pull Request

Issue link(s): #4023

Summary - What I changed

• We had provided deprecate warnings for the experimental ml command as part of PR Provide Deprecate Warnings for Experimental ML commands #4365
• The commands are scheduled to remove on May 1 2025.
• This PR has removed the code

How To Test

• Unit test to pass
• Commands are no longer part of es cli

❯ python -m detection_rules es -h  Loaded config file: /Users/shashankks/elastic_workspace/detection-rules/.detection-rules-cfg.json █▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄ ▄ █▀▀▄ ▄ ▄ ▄ ▄▄▄ ▄▄▄ █ █ █▄▄ █ █▄▄ █ █ █ █ █ █▀▄ █ █▄▄▀ █ █ █ █▄▄ █▄▄ █▄▄▀ █▄▄ █ █▄▄ █▄▄ █ ▄█▄ █▄█ █ ▀▄█ █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█ Usage: detection_rules es [OPTIONS] COMMAND [ARGS]...  Commands for integrating with Elasticsearch. Options:  --ignore-ssl-errors TEXT  -et, --timeout INTEGER Timeout for elasticsearch client  -ep, --es-password TEXT  -eu, --es-user TEXT  --elasticsearch-url TEXT  --api-key TEXT  --cloud-id TEXT  -h, --help Show this message and exit. Commands:  collect-events Collect events from Elasticsearch.  index-rules Index rules based on KQL search results to an elasticsearch instance. (.venv)  detection-rules on  issue-4023_1 [$?] is 📦 v1.1.2 via 🐍 v3.12.8 (.venv) on ☁️ shashank.suryanarayana@elastic.co  ❯ python -m detection_rules es experimental -h Loaded config file: /Users/shashankks/elastic_workspace/detection-rules/.detection-rules-cfg.json █▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄ ▄ █▀▀▄ ▄ ▄ ▄ ▄▄▄ ▄▄▄ █ █ █▄▄ █ █▄▄ █ █ █ █ █ █▀▄ █ █▄▄▀ █ █ █ █▄▄ █▄▄ █▄▄▀ █▄▄ █ █▄▄ █▄▄ █ ▄█▄ █▄█ █ ▀▄█ █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█ Usage: detection_rules es [OPTIONS] COMMAND [ARGS]... Try 'detection_rules es -h' for help. Error: No such command 'experimental'. (.venv)  detection-rules on  issue-4023_1 [$?] is 📦 v1.1.2 via 🐍 v3.12.8 (.venv) on ☁️ shashank.suryanarayana@elastic.co  ❯ python -m detection_rules es experimental ml -h Loaded config file: /Users/shashankks/elastic_workspace/detection-rules/.detection-rules-cfg.json █▀▀▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄▄▄ ▄ ▄ █▀▀▄ ▄ ▄ ▄ ▄▄▄ ▄▄▄ █ █ █▄▄ █ █▄▄ █ █ █ █ █ █▀▄ █ █▄▄▀ █ █ █ █▄▄ █▄▄ █▄▄▀ █▄▄ █ █▄▄ █▄▄ █ ▄█▄ █▄█ █ ▀▄█ █ ▀▄ █▄▄█ █▄▄ █▄▄ ▄▄█ Usage: detection_rules es [OPTIONS] COMMAND [ARGS]... Try 'detection_rules es -h' for help. Error: No such command 'experimental'. (.venv)  detection-rules on  issue-4023_1 [$?] is 📦 v1.1.2 via 🐍 v3.12.8 (.venv) on ☁️ shashank.suryanarayana@elastic.co  ❯ 

Checklist

• Added a label for the type of pr: bug, enhancement, schema, maintenance, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
• Added the meta:rapid-merge label if planning to merge within 24 hours
• Secret and sensitive material has been managed correctly
• Automated testing was updated or added to match the most common scenarios
• Documentation and comments were added for features that require explanation

Contributor checklist

• Have you signed the contributor license agreement?
• Have you followed the contributor guidelines?

[github-actions]

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

• Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
• Include additional context or screenshots.
• Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

• Code follows established design patterns within the repo and avoids duplication.
• Code changes do not introduce new warnings or errors.
• Variables and functions are well-named and descriptive.
• Any unnecessary / commented-out code is removed.
• Ensure that the code is modular and reusable where applicable.
• Check for proper exception handling and messaging.

Testing

• New unit tests have been added to cover the enhancement.
• Existing unit tests have been updated to reflect the changes.
• Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
• Validate that any rules affected by the enhancement are correctly updated.
• Ensure that performance is not negatively impacted by the changes.
• Verify that any release artifacts are properly generated and tested.

Additional Checks

• Ensure that the enhancement does not break existing functionality.
• Review the enhancement with a peer or team member for additional insights.
• Verify that the enhancement works across all relevant environments (e.g., different OS versions).
• Confirm that all dependencies are up-to-date and compatible with the changes.
• Confirm that the proper version label is applied to the PR patch, minor, major.

[Mikaayenson]

can you resolve the failing ci

[shashank-elastic]

can you resolve the failing ci

Done

[eric-forte-elastic]

Can you update the docs (e.g. https://github.com/elastic/detection-rules/tree/main/docs-dev/experimental-machine-learning) to reflect the removal of these commands?

[eric-forte-elastic]

🟢 Manual review, looks good to me! 👍