contentctl 3.6.0__py3-none-any.whl → 4.0.2__py3-none-any.whl

contentctl/output/conf_writer.py

@@ -1,67 +1,205 @@
+from typing import Any
 import datetime
+import re
 import os
+import json
+import configparser
 from xmlrpc.client import APPLICATION_ERROR
 from jinja2 import Environment, FileSystemLoader, StrictUndefined
 import pathlib
 from contentctl.objects.security_content_object import SecurityContentObject
-from contentctl.objects.config import Config
+from contentctl.objects.config import build
+import xml.etree.ElementTree as ET
 
 class ConfWriter():
 
     @staticmethod
-    def writeConfFileHeader(output_path:pathlib.Path, config: Config) -> None:
-        utc_time = datetime.datetime.utcnow().replace(microsecond=0).isoformat()
+    def custom_jinja2_enrichment_filter(string:str, object:SecurityContentObject):    
+        substitutions = re.findall(r"%[^%]*%", string)
+        updated_string = string
+        for sub in substitutions:
+            sub_without_percents = sub.replace("%","")
+            if hasattr(object, sub_without_percents):
+                updated_string = updated_string.replace(sub, str(getattr(object, sub_without_percents)))
+            elif hasattr(object,'tags') and hasattr(object.tags, sub_without_percents):
+                    updated_string = updated_string.replace(sub, str(getattr(object.tags, sub_without_percents)))
+            else:
+                raise Exception(f"Unable to find field {sub} in object {object.name}")
+        
+        return updated_string
+    
+    @staticmethod
+    def escapeNewlines(obj:Any):
+        # Ensure that any newlines that occur in a string are escaped with a \.
+        # Failing to do so will result in an improperly formatted conf files that
+        # cannot be parsed
+        if isinstance(obj,str):
+            return obj.replace(f"\n"," \\\n")
+        else:
+            return obj
+
+
+    @staticmethod
+    def writeConfFileHeader(app_output_path:pathlib.Path, config: build) -> pathlib.Path:
+        output = ConfWriter.writeFileHeader(app_output_path, config)    
+        
+        output_path = config.getPackageDirectoryPath()/app_output_path
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        with open(output_path, 'w') as f:
+            output = output.encode('utf-8', 'ignore').decode('utf-8')
+            f.write(output)
+
+        #Ensure that the conf file we just generated/update is syntactically valid
+        ConfWriter.validateConfFile(output_path)        
+        return output_path
+
+    @staticmethod
+    def writeManifestFile(app_output_path:pathlib.Path, template_name : str, config: build, objects : list) -> pathlib.Path:
+        j2_env = ConfWriter.getJ2Environment()
+        template = j2_env.get_template(template_name)
+        
+        output = template.render(objects=objects, APP_NAME=config.app.label, currentDate=datetime.datetime.now(datetime.UTC).date().isoformat())
+        
+        output_path = config.getPackageDirectoryPath()/app_output_path
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        with open(output_path, 'w') as f:
+            output = output.encode('utf-8', 'ignore').decode('utf-8')
+            f.write(output)
+        return output_path
+
+
+    @staticmethod
+    def writeFileHeader(app_output_path:pathlib.Path, config: build) -> str:
+        #Do not output microseconds or +00:000 at the end of the datetime string
+        utc_time = datetime.datetime.now(datetime.UTC).replace(microsecond=0,tzinfo=None).isoformat()
+    
         j2_env = Environment(
             loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 
             trim_blocks=True)
 
         template = j2_env.get_template('header.j2')
-        output = template.render(time=utc_time, author=' - '.join([config.build.author_name,config.build.author_company]), author_email=config.build.author_email)
+        output = template.render(time=utc_time, author=' - '.join([config.app.author_name,config.app.author_company]), author_email=config.app.author_email)
+        
+        return output
+
+
+
+    @staticmethod
+    def writeXmlFile(app_output_path:pathlib.Path, template_name : str, config: build, objects : list) -> None:
+        
+        
+        j2_env = ConfWriter.getJ2Environment()
+        template = j2_env.get_template(template_name)
+        
+        output = template.render(objects=objects, APP_NAME=config.app.label)
+        
+        output_path = config.getPackageDirectoryPath()/app_output_path
         output_path.parent.mkdir(parents=True, exist_ok=True)
-        with open(output_path, 'w') as f:
-            output = output.encode('ascii', 'ignore').decode('ascii')
+        with open(output_path, 'a') as f:
+            output = output.encode('utf-8', 'ignore').decode('utf-8')
             f.write(output)
+        
+        #Ensure that the conf file we just generated/update is syntactically valid
+        ConfWriter.validateXmlFile(output_path) 
+
+    
 
 
     @staticmethod
-    def writeConfFileHeaderEmpty(output_path:pathlib.Path, config: Config) -> None:
+    def writeXmlFileHeader(app_output_path:pathlib.Path, config: build) -> None:
+        output = ConfWriter.writeFileHeader(app_output_path, config)    
+        output_with_xml_comment = f"<!--\n{output}-->\n"
+
+        output_path = config.getPackageDirectoryPath()/app_output_path
         output_path.parent.mkdir(parents=True, exist_ok=True)
         with open(output_path, 'w') as f:
-            f.write('')
+            output_with_xml_comment = output_with_xml_comment.encode('utf-8', 'ignore').decode('utf-8')
+            f.write(output_with_xml_comment)
+        
+        # We INTENTIONALLY do not validate the comment we wrote to the header.  This is because right now,
+        # the file is an empty XML document (besides the commented header). This means that it will FAIL validation 
 
 
     @staticmethod
-    def writeConfFile(output_path:pathlib.Path, template_name : str, config: Config, objects : list) -> None:
-        def custom_jinja2_enrichment_filter(string, object):
-            customized_string = string
-
-            for key in dir(object):
-                if type(key) is not str:
-                    key = key.decode()
-                if not key.startswith('__') and not key == "_abc_impl" and not callable(getattr(object, key)):
-                    if hasattr(object, key):
-                        customized_string = customized_string.replace("%" + key + "%", str(getattr(object, key)))
-
-            for key in dir(object.tags):
-                if type(key) is not str:
-                    key = key.decode()
-                if not key.startswith('__') and not key == "_abc_impl" and not callable(getattr(object.tags, key)):
-                    if hasattr(object.tags, key):
-                        customized_string = customized_string.replace("%" + key + "%", str(getattr(object.tags, key)))
-
-            return customized_string
-
+    def getJ2Environment()->Environment:
         j2_env = Environment(
             loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 
             trim_blocks=True,
             undefined=StrictUndefined)
+        j2_env.globals.update(objectListToNameList=SecurityContentObject.objectListToNameList)
+
 
+        j2_env.filters['custom_jinja2_enrichment_filter'] = ConfWriter.custom_jinja2_enrichment_filter
+        j2_env.filters['escapeNewlines'] = ConfWriter.escapeNewlines
+        return j2_env
 
-        j2_env.filters['custom_jinja2_enrichment_filter'] = custom_jinja2_enrichment_filter
+    @staticmethod
+    def writeConfFile(app_output_path:pathlib.Path, template_name : str, config: build, objects : list) -> pathlib.Path:
+        output_path = config.getPackageDirectoryPath()/app_output_path
+        j2_env = ConfWriter.getJ2Environment()
+        
         template = j2_env.get_template(template_name)
-        output = template.render(objects=objects, APP_NAME=config.build.prefix)
+        output = template.render(objects=objects, APP_NAME=config.app.label)
+        
         output_path.parent.mkdir(parents=True, exist_ok=True)
         with open(output_path, 'a') as f:
-            output = output.encode('ascii', 'ignore').decode('ascii')
+            output = output.encode('utf-8', 'ignore').decode('utf-8')
             f.write(output)
+        return output_path
+        
+        
+    @staticmethod
+    def validateConfFile(path:pathlib.Path):
+        """Ensure that the conf file is valid.  We will do this by reading back
+        the conf using RawConfigParser to ensure that it does not throw any parsing errors.
+        This is particularly relevant because newlines contained in string fields may
+        break the formatting of the conf file if they have been incorrectly escaped with
+        the 'ConfWriter.escapeNewlines()' function. 
+
+        If a conf file failes validation, we will throw an exception
+
+        Args:
+            path (pathlib.Path): path to the conf file to validate
+        """
+        return
+        if path.suffix != ".conf":
+            #there may be some other files built, so just ignore them
+            return
+        try:
+            _ = configparser.RawConfigParser().read(path)
+        except Exception as e:
+            raise Exception(f"Failed to validate .conf file {str(path)}: {str(e)}")
+
+    @staticmethod
+    def validateXmlFile(path:pathlib.Path):
+        """Ensure that the XML file is valid XML.
+
+        Args:
+            path (pathlib.Path): path to the xml file to validate
+        """        
+        
+        try:
+            with open(path, 'r') as xmlFile:
+                _ = ET.fromstring(xmlFile.read())
+        except Exception as e:
+            raise Exception(f"Failed to validate .xml file {str(path)}: {str(e)}")
+    
+
+    @staticmethod
+    def validateManifestFile(path:pathlib.Path):
+        """Ensure that the Manifest file is valid JSON.
+
+        Args:
+            path (pathlib.Path): path to the manifest JSON file to validate
+        """        
+        return
+        try:
+            with open(path, 'r') as manifestFile:
+                _ = json.load(manifestFile)
+        except Exception as e:
+            raise Exception(f"Failed to validate .manifest file {str(path)} (Note that .manifest files should contain only valid JSON-formatted data): {str(e)}")
+            
+
+
+
 

contentctl/output/jinja_writer.py

@@ -1,5 +1,5 @@
 import os
-
+from typing import Any
 from jinja2 import Environment, FileSystemLoader
 
 
@@ -20,7 +20,7 @@ class JinjaWriter:
 
 
     @staticmethod
-    def writeObject(template_name : str, output_path : str, object : dict) -> None:
+    def writeObject(template_name : str, output_path : str, object: dict[str,Any]) -> None:
 
         j2_env = Environment(
             loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 

contentctl/output/json_writer.py

@@ -1,9 +1,21 @@
 import json
-
-
+from contentctl.objects.abstract_security_content_objects.security_content_object_abstract import SecurityContentObject_Abstract
+from typing import List
+from io import TextIOWrapper
 class JsonWriter():
 
     @staticmethod
-    def writeJsonObject(file_path : str, obj) -> None:
-        with open(file_path, 'w') as outfile:
-            json.dump(obj, outfile, ensure_ascii=False)
+    def writeJsonObject(file_path : str, object_name: str, objs: List[dict],readable_output=False) -> None:
+        try:
+            with open(file_path, 'w') as outfile:
+                if readable_output:
+                    # At the cost of slightly larger filesize, improve the redability significantly
+                    # by sorting and indenting keys/values
+                    sorted_objs = sorted(objs, key=lambda o: o['name'])
+                    json.dump({object_name:sorted_objs}, outfile, ensure_ascii=False, indent=2)
+                else:
+                    json.dump({object_name:objs}, outfile, ensure_ascii=False)
+
+        except Exception as e:
+             raise Exception(f"Error serializing object to Json File '{file_path}': {str(e)}")
+            

contentctl/output/new_content_yml_output.py

@@ -2,17 +2,18 @@ import os
 import pathlib
 from contentctl.objects.enums import SecurityContentType
 from contentctl.output.yml_writer import YmlWriter
-
-
+import pathlib
+from contentctl.objects.config import NewContentType
 class NewContentYmlOutput():
-    output_path: str
+    output_path: pathlib.Path
     
-    def __init__(self, output_path:str):
+    def __init__(self, output_path:pathlib.Path):
         self.output_path = output_path
     
     
-    def writeObjectNewContent(self, object: dict, subdirectory_name: str, type: SecurityContentType) -> None:
-        if type == SecurityContentType.detections:
+    def writeObjectNewContent(self, object: dict, subdirectory_name: str, type: NewContentType) -> None:
+        if type == NewContentType.detection:
+
             file_path = os.path.join(self.output_path, 'detections', subdirectory_name, self.convertNameToFileName(object['name'], object['tags']['product']))
             output_folder = pathlib.Path(self.output_path)/'detections'/subdirectory_name
             #make sure the output folder exists for this detection
@@ -21,7 +22,7 @@ class NewContentYmlOutput():
             YmlWriter.writeYmlFile(file_path, object)
             print("Successfully created detection " + file_path)
         
-        elif type == SecurityContentType.stories:
+        elif type == NewContentType.story:
             file_path = os.path.join(self.output_path, 'stories', self.convertNameToFileName(object['name'], object['tags']['product']))
             YmlWriter.writeYmlFile(file_path, object)
             print("Successfully created story " + file_path)        

contentctl/output/svg_output.py

@@ -1,15 +1,18 @@
 import os
 import pathlib
+from typing import List, Any
 
 from contentctl.objects.enums import SecurityContentType
 from contentctl.output.jinja_writer import JinjaWriter
-from contentctl.objects.config import Config
 from contentctl.objects.enums import DetectionStatus
+from contentctl.objects.detection import Detection
 class SvgOutput():
 
-    def get_badge_dict(self, name:str, total_detections:list, these_detections:list):
-        obj = dict()
+    
+    def get_badge_dict(self, name:str, total_detections:List[Detection], these_detections:List[Detection])->dict[str,Any]:
+        obj:dict[str,Any] = {}
         obj['name'] = name
+
         if name == "Production":
             obj['color'] = "Green"
         elif name == "Detections":
@@ -26,40 +29,27 @@ class SvgOutput():
             obj['coverage'] = len(these_detections) / obj['count']
             obj['coverage'] = "{:.0%}".format(obj['coverage'])
         return obj
-
-    def writeObjects(self, objects: list, path: str, type: SecurityContentType = None) -> None:
+    
+    def writeObjects(self, detections: List[Detection], output_path: pathlib.Path, type: SecurityContentType = None) -> None:
         
-        detections_tmp = objects    
-
-        output_path = pathlib.Path(path)
-
-        production_detections = []
-        deprecated_detections = []
-        experimental_detections = []
-        obj = dict()
         
-        for detection in detections_tmp:
-            if detection.status == DetectionStatus.production.value:
-                production_detections.append(detection)
-            if detection.status == DetectionStatus.deprecated.value:
-                deprecated_detections.append(detection)
-            elif detection.status == DetectionStatus.experimental.value:
-                experimental_detections.append(detection)
 
+        total_dict:dict[str,Any] = self.get_badge_dict("Detections", detections, detections)
+        production_dict:dict[str,Any] = self.get_badge_dict("% Production", detections, [detection for detection in detections if detection.status == DetectionStatus.production.value])
+        #deprecated_dict = self.get_badge_dict("Deprecated", detections, [detection for detection in detections if detection.status == DetectionStatus.deprecated])
+        #experimental_dict = self.get_badge_dict("Experimental", detections, [detection for detection in detections if detection.status == DetectionStatus.experimental])
         
-        total_detections = production_detections + deprecated_detections + experimental_detections
-        total_dict = self.get_badge_dict("Detections", total_detections, production_detections)
-        production_dict = self.get_badge_dict("Production", total_detections, production_detections)
-        deprecated_dict = self.get_badge_dict("Deprecated", total_detections, deprecated_detections)
-        experimental_dict = self.get_badge_dict("Experimental", total_detections, experimental_detections)
         
 
-        JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'detection_count.svg'), total_dict)
+
+        #Total number of detections
+        JinjaWriter.writeObject('detection_count.j2', output_path /'detection_count.svg', total_dict)
         #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'production_count.svg'), production_dict)
         #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'deprecated_count.svg'), deprecated_dict)
         #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'experimental_count.svg'), experimental_dict)
 
-        JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), total_dict)
+        #Percentage of detections that are production
+        JinjaWriter.writeObject('detection_coverage.j2', output_path/'detection_coverage.svg', production_dict)
         #JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), deprecated_dict)
         #JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), experimental_dict)
 

contentctl/output/templates/analyticstories_detections.j2

@@ -5,17 +5,21 @@
 {% if (detection.type == 'TTP' or detection.type == 'Anomaly' or detection.type == 'Hunting' or detection.type == 'Correlation') %}
 [savedsearch://{{APP_NAME}} - {{ detection.name }} - Rule]
 type = detection
-asset_type = {{ detection.tags.asset_type }}
+asset_type = {{ detection.tags.asset_type.value }}
 confidence = medium
-explanation = {{ detection.description }}
+explanation = {{ detection.description | escapeNewlines() }}
 {% if detection.how_to_implement is defined %}
-how_to_implement = {{ detection.how_to_implement }}
+how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}
 how_to_implement = none
 {% endif %}
 annotations = {{ detection.mappings | tojson }}
-known_false_positives = {{ detection.known_false_positives }}
+known_false_positives = {{ detection.known_false_positives | escapeNewlines() }}
+{% if detection.providing_technologies | length > 0  %}
 providing_technologies = {{ detection.providing_technologies | tojson }}
+{% else %}
+providing_technologies = null
+{% endif %}
 
 {% endif %}
 {% endfor %}

contentctl/output/templates/analyticstories_investigations.j2

@@ -7,7 +7,7 @@
 type = investigation
 explanation = none
 {% if detection.how_to_implement is defined %}
-how_to_implement = {{ detection.how_to_implement }}
+how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}
 how_to_implement = none
 {% endif %}

contentctl/output/templates/analyticstories_stories.j2

@@ -4,16 +4,16 @@
 
 {% for story in objects %}
 [analytic_story://{{ story.name }}]
-category = {{ story.tags.category[0].value }}
+category = {{ story.tags.getCategory_conf() }}
 last_updated = {{ story.date }}
 version = {{ story.version }}
-references = {{ story.references | tojson }}
-maintainers = [{"company": "{{ story.author_company }}", "email": "-", "name": "{{ story.author_name }}"}]
+references = {{ story.getReferencesListForJson() | tojson }}
+maintainers = [{"company": "{{ story.author_company }}", "email": "{{ story.author_email }}", "name": "{{ story.author_name }}"}]
 spec_version = 3
-searches = {{ (story.detection_names + story.investigation_names) | tojson }}
-description = {{ story.description }}
+searches = {{ story.storyAndInvestigationNamesWithApp(APP_NAME) | tojson }}
+description = {{ story.description | escapeNewlines() }}
 {% if story.narrative is defined %}
-narrative = {{ story.narrative }}
+narrative = {{ story.narrative | escapeNewlines() }}
 {% endif %}
 
 {% endfor %}

contentctl/output/templates/app.conf.j2

@@ -21,14 +21,14 @@ reload.es_investigations = simple
 [launcher]
 author = {{ objects[0].author_company }}
 version = {{ objects[0].version }} 
-description = {{ objects[0].description }}
+description = {{ objects[0].description | escapeNewlines() }}
 
 [ui]
 is_visible = true
 label = {{ objects[0].title }}
 
 [package]
-id = {{ objects[0].name }}
+id = {{ objects[0].appid }}
 
 
 

contentctl/output/templates/app.manifest.j2

@@ -4,7 +4,7 @@
     "title": "{{ objects[0].title }}", 
     "id": {
       "group": null, 
-      "name": "{{ objects[0].name }}", 
+      "name": "{{ objects[0].appid }}", 
       "version": "{{ objects[0].version }}"
     }, 
     "author": [
@@ -14,7 +14,7 @@
         "company": "{{ objects[0].author_company }}"
       }
     ], 
-    "releaseDate": null, 
+    "releaseDate": "{{ currentDate }}", 
     "description": "{{ objects[0].description }}", 
     "classification": {
       "intendedAudience": null, 

contentctl/output/templates/detection_coverage.j2

@@ -1,18 +1,16 @@
 <?xml version="1.0"?>
-<svg xmlns="http://www.w3.org/2000/svg" width="100" height="20">
+<svg xmlns="http://www.w3.org/2000/svg" width="130" height="20">
 <linearGradient id="a" x2="0" y2="100%">
   <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
   <stop offset="2" stop-opacity=".1"/>
 </linearGradient>
 
-<rect rx="3" width="60" height="20" fill="#555"/> <!-- Comment -->
-<rect rx="3" x="60" width="40" height="20" fill="#4c1"/>
-
-<path fill="#4c1" d="M58 0h4v20h-4z"/>
+<rect rx="3" width="90" height="20" fill="#555"/> <!-- Comment -->
+<rect rx="3" x="90" width="40" height="20" fill="#4c1"/>
 
 <rect rx="3" width="100" height="20" fill="url(#a)"/>
-<g fill="#fff" text-anchor="middle" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11">
-    <text x="30" y="14">coverage</text>
-    <text x="80" y="14">{{ object.coverage }}</text>
+<g fill="#fff" text-anchor="left" font-family="DejaVu Sans,Verdana,Geneva,sans-serif" font-size="11">
+    <text x="5" y="14">% Production</text>
+    <text x="100" y="14">{{object.coverage}}</text>
 </g>
 </svg>

contentctl/output/templates/doc_detection_page.j2

@@ -12,8 +12,8 @@ sidebar:
 | -------------- | --------------- | --------------- |
 {%- for detection in objects -%}
 {% if detection.tags.mitre_attack_enrichments %}
-| [{{ detection.name }}](/{{ detection.source }}/{{ detection.name | lower | replace(' ', '_') }}/) | {% for attack in detection.tags.mitre_attack_enrichments -%} [{{ attack.mitre_attack_technique }}](/tags/#{{ attack.mitre_attack_technique | lower | replace(" ", "-") }}){% if not loop.last -%}, {% endif -%}{%- endfor %} | [{{ detection.type }}](https://github.com/splunk/security_content/wiki/Detection-Analytic-Types) |
+| [{{ detection.name }}](/{{ detection.getSource() }}/{{ detection.name | lower | replace(' ', '_') }}/) | {% for attack in detection.tags.mitre_attack_enrichments -%} [{{ attack.mitre_attack_technique }}](/tags/#{{ attack.mitre_attack_technique | lower | replace(" ", "-") }}){% if not loop.last -%}, {% endif -%}{%- endfor %} | [{{ detection.type }}](https://github.com/splunk/security_content/wiki/Detection-Analytic-Types) |
 {%- else %}
-| [{{ detection.name }}](/{{ detection.source }}/{{ detection.name | lower | replace(' ', '_') }}/) | None | [{{ detection.type }}](https://github.com/splunk/security_content/wiki/Detection-Analytic-Types) |
+| [{{ detection.name }}](/{{ detection.getSource() }}/{{ detection.name | lower | replace(' ', '_') }}/) | None | [{{ detection.type }}](https://github.com/splunk/security_content/wiki/Detection-Analytic-Types) |
 {%- endif -%}
 {%- endfor -%}

contentctl/output/templates/doc_detections.j2

@@ -5,7 +5,7 @@ excerpt: "{% if object.tags.mitre_attack_enrichments %}{% for attack in object.t
 {% if not loop.last -%}, {% endif -%}
 {% endfor %}{% endif -%}"
 categories:
-  - {{object.source|capitalize}}
+  - {{object.getSource()|capitalize}}
 last_modified_at: {{object.date}}
 toc: true
 toc_label: ""
@@ -207,4 +207,4 @@ Alternatively you can replay a dataset into a [Splunk Attack Range](https://gith
 {% endfor %}
 {% endif %}
 
-[*source*](https://github.com/splunk/security_content/tree/develop/detections/{% if object.experimental is sameas true -%}experimental/{%- endif -%}{{object.source}}/{{ object.name | lower | replace (" ", "_") | replace("-", "_") }}.yml) \| *version*: **{{object.version}}**
+[*source*](https://github.com/splunk/security_content/tree/develop/detections/{% if object.experimental is sameas true -%}experimental/{%- endif -%}{{object.getSource()}}/{{ object.name | lower | replace (" ", "_") | replace("-", "_") }}.yml) \| *version*: **{{object.version}}**

contentctl/output/templates/doc_stories.j2

@@ -37,7 +37,7 @@ tags:
 | ----------- | ----------- |--------------|
 {%- if object.detections %}
 {%- for detection in object.detections %}
-| [{{ detection.name }}](/{{ detection.source }}/{{ detection.name | lower | replace(' ', '_') }}/) | {% if detection.tags.mitre_attack_enrichments %}{% for attack in detection.tags.mitre_attack_enrichments -%}[{{ attack.mitre_attack_technique }}](/tags/#{{ attack.mitre_attack_technique | lower | replace(" ", "-") }}){% if not loop.last %}, {% endif %}{%- endfor %}{% else %}None{%- endif -%} | {{ detection.type }} |
+| [{{ detection.name }}](/{{ detection.getSource() }}/{{ detection.name | lower | replace(' ', '_') }}/) | {% if detection.tags.mitre_attack_enrichments %}{% for attack in detection.tags.mitre_attack_enrichments -%}[{{ attack.mitre_attack_technique }}](/tags/#{{ attack.mitre_attack_technique | lower | replace(" ", "-") }}){% if not loop.last %}, {% endif %}{%- endfor %}{% else %}None{%- endif -%} | {{ detection.type }} |
 {%- endfor %}
 {%- endif %}
 

contentctl/output/templates/es_investigations_investigations.j2

@@ -2,7 +2,7 @@
 {% for response_task in objects %}
 [panel://workbench_panel_{{ response_task.lowercase_name }}___response_task]
 label = {{ response_task.name }}
-description = {{ response_task.description }}
+description = {{ response_task.description | escapeNewlines() }}
 disabled = 0
 tokens = {\
 {% for token in response_task.inputs %}

contentctl/output/templates/es_investigations_stories.j2

@@ -2,7 +2,7 @@
 {% for story in objects %}
 [panel_group://workbench_panel_group_{{ story.lowercase_name}}]
 label = {{ story.name }}
-description = {{ story.description }}
+description = {{ story.description | escapeNewlines() }}
 disabled = 0
 
 {% if story.workbench_panels is defined %}

contentctl/output/templates/header.j2

@@ -1,5 +1,6 @@
 #############
-# Automatically generated by generator.py in splunk/security_content
+# Automatically generated by 'contentctl build' from 
+# https://github.com/splunk/contentctl
 # On Date: {{ time }} UTC
 # Author: {{ author }}
 # Contact: {{ author_email }}

contentctl/output/templates/macros.j2

@@ -1,15 +1,11 @@
 
 {% for macro in objects %}
-[{{ macro.name }}{% if macro.arguments is not none %}({{ macro.arguments|length }}){% endif %}]
-{% if macro.arguments is not none %}
-args = {% for arg in macro.arguments %}{{ arg }}{{ ", " if not loop.last }}
-{% endfor %}
-{% endif %}
-{% if macro.definition is not none %}
-definition = {{ macro.definition }}
-{% else %}
-definition =
+[{{ macro.name }}{% if macro.arguments | length > 0 %}({{ macro.arguments|length }}){% endif %}]
+{% if macro.arguments | length > 0 %}
+args = {% for arg in macro.arguments %}{{ arg }}{{ ", " if not loop.last }}{% endfor %}
+
 {% endif %}
-description = {{ macro.description }}
+definition = {{ macro.definition | escapeNewlines() }}
+description = {{ macro.description | escapeNewlines() }}
 
 {% endfor %}

contentctl/output/templates/savedsearches_baselines.j2

@@ -9,11 +9,11 @@ action.escu = 0
 action.escu.enabled = 1
 action.escu.search_type = support
 action.escu.full_search_name = {{APP_NAME}} - {{ detection.name }}
-description = {{ detection.description }}
+description = {{ detection.description | escapeNewlines() }}
 action.escu.creation_date = {{ detection.date }}
 action.escu.modification_date = {{ detection.date }}
 {% if detection.tags.analytic_story is defined %}
-action.escu.analytic_story = {{ detection.tags.analytic_story | tojson }}
+action.escu.analytic_story = {{ objectListToNameList(detection.tags.analytic_story) | tojson }}
 {% else %}
 action.escu.analytic_story = []
 {% endif %}
@@ -30,9 +30,9 @@ action.escu.providing_technologies = {{ detection.providing_technologies | tojso
 {% else %}
 action.escu.providing_technologies = []
 {% endif %}
-action.escu.eli5 = {{ detection.description }}
+action.escu.eli5 = {{ detection.description | escapeNewlines() }}
 {% if detection.how_to_implement is defined %}
-action.escu.how_to_implement = {{ detection.how_to_implement }}
+action.escu.how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}
 action.escu.how_to_implement = none
 {% endif %}
@@ -42,7 +42,7 @@ disabled = false
 disabled = true
 {% endif %}
 is_visible = false
-search = {{ detection.search }}
+search = {{ detection.search | escapeNewlines() }}
 
 {% endif %}
 {% endfor %}