[Bug] ESQL Remote Validation Ignoring Rule Min-Stack

detection_rules/rule_validators.py

@@ -46,7 +46,12 @@
     parse_datasets,
 )
 from .rule import EQLRuleData, QueryRuleData, QueryValidator, RuleMeta, TOMLRuleContents, set_eql_config
-from .schemas import get_latest_stack_version, get_stack_schemas, get_stack_versions
+from .schemas import (
+    get_latest_stack_version,
+    get_min_supported_stack_version,
+    get_stack_schemas,
+    get_stack_versions,
+)
 from .schemas.definitions import ESQL_DYNAMIC_FIELD_PREFIXES, FROM_SOURCES_REGEX
 
 EQL_ERROR_TYPES = (
@@ -924,10 +929,21 @@ def remote_validate_rule(  # noqa: PLR0913
         # mismatch error, as the EsqlSchemaError and EsqlSyntaxError errors from the stack
         # will not be impacted by the difference in schema type mapping.
         mappings_lookup: dict[str, dict[str, Any]] = {stack_version: combined_mappings}
-        versions = get_stack_versions()
-        for version in versions:
+        # Only validate against stack versions the rule actually targets. A rule floored at
+        # min_stack_version is never backported below it, so building mappings for older stacks
+        # resolves integration packages that predate the rule's data sources (e.g. a new data
+        # stream) and raises spurious EsqlUnknownIndexError. Fall back to the minimum supported
+        # stack when the rule does not pin a min_stack_version.
+        min_stack = Version.parse(
+            str(metadata.min_stack_version or get_min_supported_stack_version()),
+            optional_minor_and_patch=True,
+        )
+        for version in get_stack_versions():
             if version in mappings_lookup:
                 continue
+            if Version.parse(version) < min_stack:
+                self.log(f"Skipping {version} stack: below rule min_stack_version {min_stack}")
+                continue
             _, _, combined_mappings = prepare_mappings(
                 elastic_client, indices, event_dataset_integrations, metadata, version, self.log
             )