[Bug] exclude_export_details export flag also excludes exceptions and exception lists

[Vexil-Derivative]

Describe the Bug

When exporting detection rules via the API, setting exclude_export_details to true will only output the rule objects, excluding the exceptions and exception lists. Setting it to false exports the rules, exceptions, exception lists, and a summary line at the end of the file. The documentation states this flag should only exclude the summary line, so this behavior is unexpected.

To Reproduce

1. Create at least 1 custom rule and add an exception
2. Run the following 2 POST requests:
   POST <kibana host>:<port>/api/detection_engine/rules/_export
POST <kibana host>:<port>/api/detection_engine/rules/_export?exclude_export_details
3. Compare the two responses, note the second one does not include the exception logic.

Expected Behavior

The exclude_export_details flag should only exclude the final summary line. All rules and exception objects should be output regardless as to how this flag is set.

Screenshots

No response

Desktop - OS

None

Desktop - Version

No response

Additional Context

Tested on 8.15.1, but we also noticed the issue on 8.13 previously.

[eric-forte-elastic]

👋 This is behavior of https://github.com/elastic/kibana which is the interface for the Elastic Security product where the detection rules from this repo are run. The API interaction that we use is dependent on the behavior from Kibana and as you mention the exclude_export_details flag when false will include rules, exceptions, and exception lists as well as actions and action connectors too. Given this, the detection rules repo needs to match Kibana's functionality and there is little we can do to address your issue in this repo.

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)