contentctl 3.6.0__py3-none-any.whl → 4.0.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (142) hide show
  1. contentctl/actions/build.py +89 -0
  2. contentctl/actions/detection_testing/DetectionTestingManager.py +48 -49
  3. contentctl/actions/detection_testing/GitService.py +148 -230
  4. contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py +14 -24
  5. contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py +43 -17
  6. contentctl/actions/detection_testing/views/DetectionTestingView.py +3 -2
  7. contentctl/actions/detection_testing/views/DetectionTestingViewFile.py +0 -8
  8. contentctl/actions/doc_gen.py +1 -1
  9. contentctl/actions/initialize.py +28 -65
  10. contentctl/actions/inspect.py +260 -0
  11. contentctl/actions/new_content.py +106 -13
  12. contentctl/actions/release_notes.py +168 -144
  13. contentctl/actions/reporting.py +24 -13
  14. contentctl/actions/test.py +39 -20
  15. contentctl/actions/validate.py +25 -48
  16. contentctl/contentctl.py +196 -754
  17. contentctl/enrichments/attack_enrichment.py +69 -19
  18. contentctl/enrichments/cve_enrichment.py +28 -13
  19. contentctl/helper/link_validator.py +24 -26
  20. contentctl/helper/utils.py +7 -3
  21. contentctl/input/director.py +139 -201
  22. contentctl/input/new_content_questions.py +63 -61
  23. contentctl/input/sigma_converter.py +1 -2
  24. contentctl/input/ssa_detection_builder.py +16 -7
  25. contentctl/input/yml_reader.py +4 -3
  26. contentctl/objects/abstract_security_content_objects/detection_abstract.py +487 -154
  27. contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py +155 -51
  28. contentctl/objects/alert_action.py +40 -0
  29. contentctl/objects/atomic.py +212 -0
  30. contentctl/objects/baseline.py +44 -43
  31. contentctl/objects/baseline_tags.py +69 -20
  32. contentctl/objects/config.py +857 -125
  33. contentctl/objects/constants.py +0 -1
  34. contentctl/objects/correlation_search.py +1 -1
  35. contentctl/objects/data_source.py +2 -4
  36. contentctl/objects/deployment.py +61 -21
  37. contentctl/objects/deployment_email.py +2 -2
  38. contentctl/objects/deployment_notable.py +4 -4
  39. contentctl/objects/deployment_phantom.py +2 -2
  40. contentctl/objects/deployment_rba.py +3 -4
  41. contentctl/objects/deployment_scheduling.py +2 -3
  42. contentctl/objects/deployment_slack.py +2 -2
  43. contentctl/objects/detection.py +1 -5
  44. contentctl/objects/detection_tags.py +210 -119
  45. contentctl/objects/enums.py +312 -24
  46. contentctl/objects/integration_test.py +1 -1
  47. contentctl/objects/integration_test_result.py +0 -2
  48. contentctl/objects/investigation.py +62 -53
  49. contentctl/objects/investigation_tags.py +30 -6
  50. contentctl/objects/lookup.py +80 -31
  51. contentctl/objects/macro.py +29 -45
  52. contentctl/objects/mitre_attack_enrichment.py +29 -5
  53. contentctl/objects/observable.py +3 -7
  54. contentctl/objects/playbook.py +60 -30
  55. contentctl/objects/playbook_tags.py +45 -8
  56. contentctl/objects/security_content_object.py +1 -5
  57. contentctl/objects/ssa_detection.py +8 -4
  58. contentctl/objects/ssa_detection_tags.py +19 -26
  59. contentctl/objects/story.py +142 -44
  60. contentctl/objects/story_tags.py +46 -33
  61. contentctl/objects/unit_test.py +7 -2
  62. contentctl/objects/unit_test_attack_data.py +10 -19
  63. contentctl/objects/unit_test_baseline.py +1 -1
  64. contentctl/objects/unit_test_old.py +4 -3
  65. contentctl/objects/unit_test_result.py +5 -3
  66. contentctl/objects/unit_test_ssa.py +31 -0
  67. contentctl/output/api_json_output.py +202 -130
  68. contentctl/output/attack_nav_output.py +20 -9
  69. contentctl/output/attack_nav_writer.py +3 -3
  70. contentctl/output/ba_yml_output.py +3 -3
  71. contentctl/output/conf_output.py +125 -391
  72. contentctl/output/conf_writer.py +169 -31
  73. contentctl/output/jinja_writer.py +2 -2
  74. contentctl/output/json_writer.py +17 -5
  75. contentctl/output/new_content_yml_output.py +8 -7
  76. contentctl/output/svg_output.py +17 -27
  77. contentctl/output/templates/analyticstories_detections.j2 +8 -4
  78. contentctl/output/templates/analyticstories_investigations.j2 +1 -1
  79. contentctl/output/templates/analyticstories_stories.j2 +6 -6
  80. contentctl/output/templates/app.conf.j2 +2 -2
  81. contentctl/output/templates/app.manifest.j2 +2 -2
  82. contentctl/output/templates/detection_coverage.j2 +6 -8
  83. contentctl/output/templates/doc_detection_page.j2 +2 -2
  84. contentctl/output/templates/doc_detections.j2 +2 -2
  85. contentctl/output/templates/doc_stories.j2 +1 -1
  86. contentctl/output/templates/es_investigations_investigations.j2 +1 -1
  87. contentctl/output/templates/es_investigations_stories.j2 +1 -1
  88. contentctl/output/templates/header.j2 +2 -1
  89. contentctl/output/templates/macros.j2 +6 -10
  90. contentctl/output/templates/savedsearches_baselines.j2 +5 -5
  91. contentctl/output/templates/savedsearches_detections.j2 +36 -33
  92. contentctl/output/templates/savedsearches_investigations.j2 +4 -4
  93. contentctl/output/templates/transforms.j2 +4 -4
  94. contentctl/output/yml_writer.py +2 -2
  95. contentctl/templates/app_template/README.md +7 -0
  96. contentctl/{output/templates/splunk_app → templates/app_template}/default/data/ui/nav/default.xml +1 -0
  97. contentctl/templates/app_template/lookups/mitre_enrichment.csv +638 -0
  98. contentctl/templates/deployments/{00_default_anomaly.yml → escu_default_configuration_anomaly.yml} +1 -2
  99. contentctl/templates/deployments/{00_default_baseline.yml → escu_default_configuration_baseline.yml} +1 -2
  100. contentctl/templates/deployments/{00_default_correlation.yml → escu_default_configuration_correlation.yml} +2 -2
  101. contentctl/templates/deployments/{00_default_hunting.yml → escu_default_configuration_hunting.yml} +2 -2
  102. contentctl/templates/deployments/{00_default_ttp.yml → escu_default_configuration_ttp.yml} +1 -2
  103. contentctl/templates/detections/anomalous_usage_of_7zip.yml +0 -1
  104. contentctl/templates/stories/cobalt_strike.yml +0 -1
  105. {contentctl-3.6.0.dist-info → contentctl-4.0.2.dist-info}/METADATA +36 -15
  106. contentctl-4.0.2.dist-info/RECORD +168 -0
  107. contentctl/actions/detection_testing/DataManipulation.py +0 -149
  108. contentctl/actions/generate.py +0 -91
  109. contentctl/helper/config_handler.py +0 -75
  110. contentctl/input/baseline_builder.py +0 -66
  111. contentctl/input/basic_builder.py +0 -58
  112. contentctl/input/detection_builder.py +0 -370
  113. contentctl/input/investigation_builder.py +0 -42
  114. contentctl/input/new_content_generator.py +0 -95
  115. contentctl/input/playbook_builder.py +0 -68
  116. contentctl/input/story_builder.py +0 -106
  117. contentctl/objects/app.py +0 -214
  118. contentctl/objects/repo_config.py +0 -163
  119. contentctl/objects/test_config.py +0 -630
  120. contentctl/output/templates/macros_detections.j2 +0 -7
  121. contentctl/output/templates/splunk_app/README.md +0 -7
  122. contentctl-3.6.0.dist-info/RECORD +0 -176
  123. /contentctl/{output/templates/splunk_app → templates/app_template}/README/essoc_story_detail.txt +0 -0
  124. /contentctl/{output/templates/splunk_app → templates/app_template}/README/essoc_summary.txt +0 -0
  125. /contentctl/{output/templates/splunk_app → templates/app_template}/README/essoc_usage_dashboard.txt +0 -0
  126. /contentctl/{output/templates/splunk_app → templates/app_template}/default/analytic_stories.conf +0 -0
  127. /contentctl/{output/templates/splunk_app → templates/app_template}/default/app.conf +0 -0
  128. /contentctl/{output/templates/splunk_app → templates/app_template}/default/commands.conf +0 -0
  129. /contentctl/{output/templates/splunk_app → templates/app_template}/default/content-version.conf +0 -0
  130. /contentctl/{output/templates/splunk_app → templates/app_template}/default/data/ui/views/escu_summary.xml +0 -0
  131. /contentctl/{output/templates/splunk_app → templates/app_template}/default/data/ui/views/feedback.xml +0 -0
  132. /contentctl/{output/templates/splunk_app → templates/app_template}/default/distsearch.conf +0 -0
  133. /contentctl/{output/templates/splunk_app → templates/app_template}/default/usage_searches.conf +0 -0
  134. /contentctl/{output/templates/splunk_app → templates/app_template}/default/use_case_library.conf +0 -0
  135. /contentctl/{output/templates/splunk_app → templates/app_template}/metadata/default.meta +0 -0
  136. /contentctl/{output/templates/splunk_app → templates/app_template}/static/appIcon.png +0 -0
  137. /contentctl/{output/templates/splunk_app → templates/app_template}/static/appIconAlt.png +0 -0
  138. /contentctl/{output/templates/splunk_app → templates/app_template}/static/appIconAlt_2x.png +0 -0
  139. /contentctl/{output/templates/splunk_app → templates/app_template}/static/appIcon_2x.png +0 -0
  140. {contentctl-3.6.0.dist-info → contentctl-4.0.2.dist-info}/LICENSE.md +0 -0
  141. {contentctl-3.6.0.dist-info → contentctl-4.0.2.dist-info}/WHEEL +0 -0
  142. {contentctl-3.6.0.dist-info → contentctl-4.0.2.dist-info}/entry_points.txt +0 -0
contentctl-3.6.0.dist-info/RECORD DELETED
@@ -1,176 +0,0 @@
1
- contentctl/__init__.py,sha256=IMjkMO3twhQzluVTo8Z6rE7Eg-9U79_LGKMcsWLKBkY,22
2
- contentctl/actions/acs_deploy.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
3
- contentctl/actions/apav_deploy.py,sha256=vjq-24zCLRvNyS0FSLyE4L2b4etG-qo4OM6Z9P0NYK4,2999
4
- contentctl/actions/api_deploy.py,sha256=h8r_CjsQo4RXzBN4Q8DqoPh6e7JfNDoXdcxT1nrsaRQ,6965
5
- contentctl/actions/convert.py,sha256=0KBWLxvP1hSPXpExePqpOQPRvlQLamvPLyQqeTIWNbk,704
6
- contentctl/actions/detection_testing/DataManipulation.py,sha256=k-1OOvoud_T1WbIE7Q2-EQGxVdbYyEn-51YmzGEmSn0,5580
7
- contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=bGcbnH8dVACexhzJJrIlLjkMnrtSEhXgYOtzX9q2dXM,7257
8
- contentctl/actions/detection_testing/GitService.py,sha256=Ii5lj0WCk6z6Kurj0AONu_iYcdkLveHG83lSWIpAA3U,11155
9
- contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=N5mznaeErVak3mOBwsd0RDBFJO3bku0EZvpayCyU-uk,2259
10
- contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py,sha256=eeVsPz07FHa79tDbaH-uwX_7xVG-yQHxLkIg6O43csk,53389
11
- contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py,sha256=lwjYWFZKIYt6yx2G3wPhtlyAfWOMZ8fuMz3jYLm-gJ4,5327
12
- contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureServer.py,sha256=Q1ZfCYOp54O39bgTScZMInkmZiU-bGAM9Hiwr2mq5ms,370
13
- contentctl/actions/detection_testing/progress_bar.py,sha256=OK9oRnPlzPAswt9KZNYID-YLHxqaYPY821kIE4-rCeA,3244
14
- contentctl/actions/detection_testing/views/DetectionTestingView.py,sha256=4yJLnkzKLF36c0-fjRAU2kRjMmPTQgR6itPZjdN4azQ,7015
15
- contentctl/actions/detection_testing/views/DetectionTestingViewCLI.py,sha256=Mos0VV2CTSHtIqMPLwtEJlMEU7LE7TXFjM6GUA1G6hM,2050
16
- contentctl/actions/detection_testing/views/DetectionTestingViewFile.py,sha256=X1U_CYXMtwZFSHRrUwUMCo9L3m9YCcNbc1Dt46Xwunc,1386
17
- contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py,sha256=6mecacXFoTJxcHiRZSnlHos5Hca1jdedEEZfiIAhaJg,4706
18
- contentctl/actions/doc_gen.py,sha256=CpZkPOd-9JVTBxbW_rfNY4Ql7kr1eoMuljlxNaBlVVw,857
19
- contentctl/actions/generate.py,sha256=uDQL-QbsaakchKD_BAAEYiG2JWQ89b6amISccMGnXng,5273
20
- contentctl/actions/initialize.py,sha256=BTtmFiBmzD7YI95U2HsEqyNm9WWBsap7i2Q6yAu5AaA,3102
21
- contentctl/actions/initialize_old.py,sha256=0qXbW_fNDvkcnEeL6Zpte8d-hpTu1REyzHsXOCY-YB8,9333
22
- contentctl/actions/new_content.py,sha256=VPCviaA9E1GwqxpXApbpsumFaGkD1jZRP22CJ06rnRI,992
23
- contentctl/actions/release_notes.py,sha256=8VbVJlPsTRopWGKgGMGziU5JwsbMs0u8NByGuU16BUc,10193
24
- contentctl/actions/reporting.py,sha256=OQ6FkBO0kExBQYmO9ZPTb_yQa0cjdCLxcj1ET__uOxk,1102
25
- contentctl/actions/test.py,sha256=Z9TxLLi5kJxUBLPalemVQBPyoBpXaT6LD6Uxg7QKAN0,3863
26
- contentctl/actions/validate.py,sha256=Id0SsM-3pY2hPPIjSlct65Ku_kCs3FHsvdtkz6oeixw,2595
27
- contentctl/contentctl.py,sha256=mi8awd5LNc1w1XWihOLx7zA5iD_uZuE2WpnJ4avaNwI,31622
28
- contentctl/enrichments/attack_enrichment.py,sha256=iMgLwr8bP2OD9cDmvsH69h8z7VS0urpebZOuyEuz0qE,4392
29
- contentctl/enrichments/cve_enrichment.py,sha256=hqy5V5TTWYMgsXnmzl9a911BdNe-zovWVl1rZYkyOwY,3242
30
- contentctl/enrichments/splunk_app_enrichment.py,sha256=zDNHFLZTi2dJ1gdnh0sHkD6F1VtkblqFnhacFcCMBfc,3418
31
- contentctl/helper/config_handler.py,sha256=VQjs_u0yRTZ6oei0MP-lSk86a_pZjZxxiaMjexqh_k4,3032
32
- contentctl/helper/link_validator.py,sha256=_qEZ5DljHScbEr_tLWSSviogWEDiDWi35HQtype9EPU,7238
33
- contentctl/helper/logger.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
34
- contentctl/helper/utils.py,sha256=IDFzF7IolPg6bKx3QJWboxy4q-9t1u6e4BFCD7xLtzQ,15577
35
- contentctl/input/backend_splunk_ba.py,sha256=Y70tJqgaUM0nzfm2SiGMof4HkhY84feqf-xnRx1xPb4,5861
36
- contentctl/input/baseline_builder.py,sha256=gzuOJgOCmm_0f5m357pocwWhTaLItr6UgHrNQ06-EaA,2472
37
- contentctl/input/basic_builder.py,sha256=VDQBPtCx3RV1q982KvG5QL-0kzLwvR8hRulWAJB6bHU,2270
38
- contentctl/input/detection_builder.py,sha256=BHPOaYjcAk5fcLA_nnjT14Ft7SXH0XXNXVnWbxA9hbQ,18813
39
- contentctl/input/director.py,sha256=DypT0GLH0iMVosPECe-w4Rg33MwSZh0IBrOovqmqibw,13161
40
- contentctl/input/investigation_builder.py,sha256=qcvwKr0xZf5LMJl2IJ6ZZ5wWcAZrFIAQzUb6bEeTNX8,1244
41
- contentctl/input/new_content_generator.py,sha256=J1s2uJVVgJ1iU-XF2cHlvCkLn4IeewpuO4fGbcvuaLM,4979
42
- contentctl/input/new_content_questions.py,sha256=AJddiYnj0rz9TX2Gm-eQ1xd_mG-Kx7V6eBl9YlwWe6Q,5610
43
- contentctl/input/playbook_builder.py,sha256=B5V5HFuaXP6cyYSL7nCtBWUa5Pnn4wJWjD1VCMj3aQA,2100
44
- contentctl/input/sigma_converter.py,sha256=vq2UmduSlykLK-Wb7rWmuRepwmQZk8ohaTay9OJvnuE,19512
45
- contentctl/input/ssa_detection_builder.py,sha256=CScS6DkvGKstWw8GkFL1hVckDHUDkmmoK5zmBh2S5r8,7584
46
- contentctl/input/story_builder.py,sha256=b-QTyMVxLZUAnFhOs92MKFCLfDb8_ls5b07X1GlDO-I,4755
47
- contentctl/input/yml_reader.py,sha256=xLL9lP5p5zeogJAs36LL73V5tVcO_-G_UpDRwXhb-cA,1385
48
- contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=OxcvnaU8b_LvuEIjlD-T1dAJIucTjmwi-VvS_mbM3yo,15307
49
- contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=bSi93P4GzZNfQFL-RkQ8X-0J0KY6RqwSQJmtXGsJQSA,3015
50
- contentctl/objects/app.py,sha256=nIoWBIFJqNMj0jrIg37XaDi7oTuRAnmzW3otwPNfI2Y,7519
51
- contentctl/objects/base_test.py,sha256=6hCL9K-N_jJx1zLbuZQCsB93_XWj6JcGGs2PbbjzJWo,1028
52
- contentctl/objects/base_test_result.py,sha256=dPupudgeXW64Emk9YJfS5JhUXbZwpEZrrx_DiqbRgvU,4752
53
- contentctl/objects/baseline.py,sha256=tqfhJmWmbP5yWoM7aIstRw1dPq5DR9yIvpfdzl94o-Y,1931
54
- contentctl/objects/baseline_tags.py,sha256=38dz_bQt9CH0803jiKZKk1DO7xnNvQU2ZFGE9fqeVAk,711
55
- contentctl/objects/config.py,sha256=XP6gOV_DAMHakzQrGDOlAIbyHUd7a4R9T0Sc6ebigb8,6069
56
- contentctl/objects/constants.py,sha256=DqO06lslq5qy7FtFtnEl689HwexrrxfwjPtzXMHAUvw,3518
57
- contentctl/objects/correlation_search.py,sha256=ZcjiTHnVFJ6JmwnegerAiDCm0aanjNUGQZM1KSaKMz4,36903
58
- contentctl/objects/data_source.py,sha256=hfAGFsk62MwqqfJ93H5wnZtHV8Fy3S55XegpcKwaD_c,434
59
- contentctl/objects/deployment.py,sha256=-iWvhDt-V5ez47iqBjaNtxZ1h4UaLaH32cUGpOJOp6U,1137
60
- contentctl/objects/deployment_email.py,sha256=Xom4vHGPnybsMZpB54O_l98svxGFt3Q7LKCwGllE7Gw,141
61
- contentctl/objects/deployment_notable.py,sha256=hogM5NkQNF7m0xH8dRruHr2v-b58eLxSgjPciKcbNIk,164
62
- contentctl/objects/deployment_phantom.py,sha256=KU-Iqev-xSh_1S00EXmPMcUSLDzefG4OGJXJtYK3li4,201
63
- contentctl/objects/deployment_rba.py,sha256=FLWlxkTyuTRpzHDPRxIbLB5me0IlWbbUAr0tw1uGN1c,111
64
- contentctl/objects/deployment_scheduling.py,sha256=VQ1m3YEAoQkme5qsXhTJBvWVzguntUNqIJRRjf9qtK4,193
65
- contentctl/objects/deployment_slack.py,sha256=TYDTuwtO0ag9z1Pr7TdAubqXXXMdZA0siQ9wNPShIPI,129
66
- contentctl/objects/detection.py,sha256=uhPMuDfxEvpemjUNQNJmgTk19XUVfWLzf5jy0nPwO3k,644
67
- contentctl/objects/detection_tags.py,sha256=3jQcGo2X8fCHHF_EdnQDuALYcJ4i_fyFgowJZaeAt1U,6338
68
- contentctl/objects/enums.py,sha256=3W_5snP0fYtU6OaqLxCt5i2WOG7IEOp2HO2R7svFA1w,2963
69
- contentctl/objects/integration_test.py,sha256=iepDf39fc1Dr58_Adtgyf4uH1446XvyhEzNKjI8pDuw,1285
70
- contentctl/objects/integration_test_result.py,sha256=Gi7017H0H_9Jns2p-kuYVZqWrO527YpuPxxkTYriX3g,429
71
- contentctl/objects/investigation.py,sha256=PyTDxqUrae5_GFC6hTd1Aubkxyysbl6oiI0Vqd4TrrQ,2151
72
- contentctl/objects/investigation_tags.py,sha256=hpjGxr8DrddnptOKdz4clsZYMmaXl6gr5kcCj8QU748,191
73
- contentctl/objects/lookup.py,sha256=S1lr-9mm60hYbdORHTtlSckAj9w0Xl6wSpGTAjiIrsI,2397
74
- contentctl/objects/macro.py,sha256=AjekxIRoFYym3SpTddBWXYfQ_tlwOQMBjtKz56oCn8M,3255
75
- contentctl/objects/mitre_attack_enrichment.py,sha256=ywuk8VZtPa1U7iDj1AvAN_Oc-oH8r4CNw7HWrNGfXLA,219
76
- contentctl/objects/notable_action.py,sha256=ValkblBaG-60TF19y_vSnNzoNZ3eg48wIfr0qZxyKTA,1605
77
- contentctl/objects/observable.py,sha256=ouMhYKRtxL160Ueh8D527C5Ts8Ji33zs-vyENslZlMg,1288
78
- contentctl/objects/playbook.py,sha256=6e6nBP7AIkgtHxzPjgPXaCPLMnTar_-z8db0QdFwTjg,1081
79
- contentctl/objects/playbook_tags.py,sha256=Z9JOkNe5FpNi1zdR7Yb_22yYMYaLdxNjQBK2c4bETGY,315
80
- contentctl/objects/repo_config.py,sha256=qQ9ZgvvIDQ0lLbIxwBhtRfqn9A99rBk3vE0-wbLy-20,6353
81
- contentctl/objects/risk_analysis_action.py,sha256=bySNQX5SBIR8L7SDnlTQr_Jn29YqrPFZtSc0KxQox4Y,4288
82
- contentctl/objects/risk_object.py,sha256=yY4NmEwEKaRl4sLzCRZb1n8kdpV3HzYbQVQ1ClQWYHw,904
83
- contentctl/objects/security_content_object.py,sha256=63PzluNOF5ZNwqAtzKCciEQzWS_NA37QSkByfX_H_M4,325
84
- contentctl/objects/ssa_detection.py,sha256=g-2YtG3y_ZQ7L2MGOtyogUbNqSJRxXewHLQ1R99mK_A,5806
85
- contentctl/objects/ssa_detection_tags.py,sha256=owTObHBg6t4kr2k584yjBdhDKjOinGYnsOlt2b3qgcg,5668
86
- contentctl/objects/story.py,sha256=SKrDsJh0Rc2Ob5ihlaE5u34tIWs_KlmlFu6P5riQTnA,1532
87
- contentctl/objects/story_tags.py,sha256=BAdXg-WcAPZAhOIqP9r_ikL1h3nEasCsXfFlwo400KQ,1213
88
- contentctl/objects/test_config.py,sha256=YMxduT4dRhnKp6mgH95IWuUXNOOjkCn3xFG6s7W1Q74,25020
89
- contentctl/objects/test_group.py,sha256=Yb1sqGom6SkVL8B3czPndz8w3CK8WdwZ39V_cn0_JZQ,2600
90
- contentctl/objects/threat_object.py,sha256=S8B7RQFfLxN_g7yKPrDTuYhIy9JvQH3YwJ_T5LUZIa4,711
91
- contentctl/objects/unit_test.py,sha256=fd5ijundoALpSioY16U6f9LZ0PBOQOoUolc82b6esEg,1412
92
- contentctl/objects/unit_test_attack_data.py,sha256=tbqMNN5ThAUFr6o1E1Kt40UMf3RrHBoX8fgxBgs3aRg,606
93
- contentctl/objects/unit_test_baseline.py,sha256=MeNJlArRuLWpLdHGLIUNMR-wyw_fAR94PdBuX0Dj1co,255
94
- contentctl/objects/unit_test_old.py,sha256=JMnNtL2H_wGWam2RKfSX9kh1fVsHreyoqzK3xu_-s6E,182
95
- contentctl/objects/unit_test_result.py,sha256=lTSG6LFQGYxERJ4Cg6mB0_uOJeIMVYcN6fiLAHgWMuU,2874
96
- contentctl/output/api_json_output.py,sha256=nnWBJctTaPpl6O-SIs-BR-5GlOGkclue1Bg4ntjixW4,6174
97
- contentctl/output/attack_nav_output.py,sha256=g4qlH0v6NzXc5InG7xNEM6DeRmlCgTzSUybbB9EHaC4,1701
98
- contentctl/output/attack_nav_writer.py,sha256=T3K4rBjXti-1ytPfXO-XoOijMHuoa9B2dKXGipPCjCA,2130
99
- contentctl/output/ba_yml_output.py,sha256=plxtZ39-Gctc9Yw0Uz0smbfHCKedthUaKi8FVT5bdkY,5938
100
- contentctl/output/conf_output.py,sha256=YRUffHFdLjXvI6uTeA5Cs-XAh3J31JAATglCAgpGwKU,24175
101
- contentctl/output/conf_writer.py,sha256=WazoJc3WPIlNenbsE7FzlQ3XuLnAAZBtGSs4l1PjLKE,2960
102
- contentctl/output/detection_writer.py,sha256=AzxbssNLmsNIOaYKotew5-ONoyq1cQpKSGy3pe191B0,960
103
- contentctl/output/doc_md_output.py,sha256=gf7osH1uSrC6js3D_I72g4uDe9TaB3tsvtqCHi5znp0,3238
104
- contentctl/output/finding_report_writer.py,sha256=Me6FtvDbmSSRqYr5rtrtuc5YVze48PyPbrjyAXJ-V4A,3935
105
- contentctl/output/jinja_writer.py,sha256=FzfOvupSsZU-bExxfDfGLussyFYTBCgJNcUmIa6ZvwA,1089
106
- contentctl/output/json_writer.py,sha256=d3mZrjaVl2bmxDF1x6-SHD6LyXZ3iZwNpmSnCjOTk_A,209
107
- contentctl/output/new_content_yml_output.py,sha256=RD0eYGmp3P0gyXm8lOpEulsFVgBPOO5BRL7b9z8B_zc,2254
108
- contentctl/output/svg_output.py,sha256=1RZx2SWXgdhcWsYwo3gXfOUCqxWqgT4cpqV7QqbJQv0,3084
109
- contentctl/output/templates/analyticstories_detections.j2,sha256=W_O8UgthDBn0eYPHocI6cXhzWyaVcL4cnua7MH-PUh0,745
110
- contentctl/output/templates/analyticstories_investigations.j2,sha256=3xmHOgmphObpoEpsyOrzOOat2_oMs9CZ-Jb0n7TJm9g,496
111
- contentctl/output/templates/analyticstories_stories.j2,sha256=hov2h8tWuinEQcL1qROLDTAI3N6M88oEfHasEX9012A,592
112
- contentctl/output/templates/app.conf.j2,sha256=C2yVgrh76BoHZC9t_AdYXKwJt6T-suP7i3cVH-YjSKI,717
113
- contentctl/output/templates/app.manifest.j2,sha256=N1zcYB0Ih1OezSilcOp1GHCkWsrUiValKlXV3Ke34rI,1047
114
- contentctl/output/templates/collections.j2,sha256=rDpAcqM6hRiyCQPgfRh8KcL41Mrqsc97krQ-JPFhSBQ,181
115
- contentctl/output/templates/content-version.j2,sha256=2-it0TF5BvqUcmUXVFB4DEh0I01igQGDxZNJpdtDFIA,54
116
- contentctl/output/templates/detection_count.j2,sha256=9U3o-P_ECkMknsooj_L3B9GZqjnsbaEzr59s3-DOK0I,670
117
- contentctl/output/templates/detection_coverage.j2,sha256=jOSBzYrLEToqzieihQlle7sYFPv1GtRWtYLq_bAOufc,671
118
- contentctl/output/templates/doc_detection_page.j2,sha256=OidLmuDtzP59HZUkn7dEpwZWrflvA4EWEsyGsHT3x6c,1002
119
- contentctl/output/templates/doc_detections.j2,sha256=IStV-dtsjgE8XncrApNjaeuInx6wNXN9kLkAZLWjyZ8,6586
120
- contentctl/output/templates/doc_navigation.j2,sha256=h25ITC3xcAM17uZGIyyDFURmEdYtQSPvNeWN3RH7j4Q,1471
121
- contentctl/output/templates/doc_navigation_pages.j2,sha256=ptfjbD4F0Ob7dze9at2q5gqOslcbL3eteUO1zsblDJo,203
122
- contentctl/output/templates/doc_playbooks.j2,sha256=CWsnm8F097oYT8anW3CE7JaX1haAJTfylThP1ic0UIw,1681
123
- contentctl/output/templates/doc_playbooks_page.j2,sha256=2d5UNDSOxyMtxKGxGHzJ2Ny_UrqTq267NO1h-lmNduc,679
124
- contentctl/output/templates/doc_stories.j2,sha256=2UksQt2psSD2G_ITGSjSYTncezxDhOdbbz8RvsyAE7Q,1822
125
- contentctl/output/templates/doc_story_page.j2,sha256=jrf-As8GbqLarRoiDipfM9ZUVRl_bhdNsy-XaCrBaXE,874
126
- contentctl/output/templates/es_investigations_investigations.j2,sha256=7vZBLaqvStzV6UcDbHQ74zdQyRSuglaZACh_tP39wDY,994
127
- contentctl/output/templates/es_investigations_stories.j2,sha256=jvQm6d6GHngR4-ypX2s35VIyXvEPrVEtM94hdduSICk,369
128
- contentctl/output/templates/finding_report.j2,sha256=DS9ElRGeyz7UFPiTXiqbhUzOrT4eN8oetdBheQJRFck,1753
129
- contentctl/output/templates/header.j2,sha256=mIXpnkuUxnb_7wX0iLNqB3aM3rZfvW1WH0gZzG9GKMY,177
130
- contentctl/output/templates/macros.j2,sha256=s_cFfdXzksAzrQp5cgalZZOLqinN9o5c-1I07x4EDEU,424
131
- contentctl/output/templates/macros_detections.j2,sha256=c-BsFcCFSrYX6F5Rwbfe_q6fmXQa4XywIlxTVhnQXag,282
132
- contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
133
- contentctl/output/templates/savedsearches_baselines.j2,sha256=PtQNhroklFyAxa9fFqq7TlvrREaGaU5qwo7-r4ogsI0,1645
134
- contentctl/output/templates/savedsearches_detections.j2,sha256=-dHASTntre-gb8UO-t9bNkL66inmJT8ty1_T1MJWH0g,6288
135
- contentctl/output/templates/savedsearches_investigations.j2,sha256=ZVvAxBaqPSA89Zlf54QSjUHrZU-0OOI08PL_HToAW4Y,1180
136
- contentctl/output/templates/splunk_app/README/essoc_story_detail.txt,sha256=7hFPBfPpRH28TFl7QchKceZLewQqgFjRWDlmxZzwpmo,897
137
- contentctl/output/templates/splunk_app/README/essoc_summary.txt,sha256=u6wYNYBqmmm7Kn_g_Uex8rRzMQ995MUXCavla95Y1dw,2538
138
- contentctl/output/templates/splunk_app/README/essoc_usage_dashboard.txt,sha256=xYUKKVtdgzPyT3mqdTccaBZuwWnC63lbc9zyYpmHN4o,2432
139
- contentctl/output/templates/splunk_app/README.md,sha256=56-FYygrv-A5bXEaeqr5vwP70Z1MBDTlOw5vHOmG5-k,467
140
- contentctl/output/templates/splunk_app/default/analytic_stories.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
141
- contentctl/output/templates/splunk_app/default/app.conf,sha256=eTSq1QI4-BgylZJgnNVg5jQCZFXJVNyEJA33lQAgYoc,685
142
- contentctl/output/templates/splunk_app/default/commands.conf,sha256=U2ccwUeGXKKKt5jo14QY5swi-p9_TSJtaNquOkeF3Yk,319
143
- contentctl/output/templates/splunk_app/default/content-version.conf,sha256=TGzX6qLdzRK7x6b0y5AE8ZF59PLU-DrRfS43fVWITqo,34
144
- contentctl/output/templates/splunk_app/default/data/ui/nav/default.xml,sha256=e6pZOhO4jz7C-LyVqhgZR6iAR51JTLG7oXFzMZNM93E,208
145
- contentctl/output/templates/splunk_app/default/data/ui/views/escu_summary.xml,sha256=jQhkIthPgEEptCJ2wUCj2lWGHBvUl6JGsKkDfONloxI,8635
146
- contentctl/output/templates/splunk_app/default/data/ui/views/feedback.xml,sha256=uM71EMK2uFz8h68nOTNKGnYxob3HhE_caSL6yA-3H-k,696
147
- contentctl/output/templates/splunk_app/default/distsearch.conf,sha256=5fa9bNr9WuVI2_8tTIftvrRwk27Oz3rUoKh6_xlASFw,156
148
- contentctl/output/templates/splunk_app/default/usage_searches.conf,sha256=mFnhAHGhFHIzl8xxA626thnAjyxs5ZQQfur1PP_Xmbg,4257
149
- contentctl/output/templates/splunk_app/default/use_case_library.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
150
- contentctl/output/templates/splunk_app/metadata/default.meta,sha256=tcYHZkDF44ApDoDQ_rp8MCA8cuT3DVd5atHgulR1Tvc,423
151
- contentctl/output/templates/splunk_app/static/appIcon.png,sha256=jcJ1PNdkBX7Kl_y9Tf0SZ55OJYA2PpwjvkVvBt9_OoE,3658
152
- contentctl/output/templates/splunk_app/static/appIconAlt.png,sha256=uRXjoHQQjs0-BxcK-3KNBEdck1adDNTHMvV14xR4W0g,2656
153
- contentctl/output/templates/splunk_app/static/appIconAlt_2x.png,sha256=I0m-CPRqq7ak9NJQZGGmz6Ac4pmzFV_SonOUxOEDOFs,7442
154
- contentctl/output/templates/splunk_app/static/appIcon_2x.png,sha256=XEpqQzDvzuEV5StzD05XRgxwySqHHLes1hMPy2v5Vdk,3657
155
- contentctl/output/templates/transforms.j2,sha256=sEpVMOpcSLL-nK-aZEVbGjGzLZ9D1P9nVYQh39YAAwQ,1416
156
- contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
157
- contentctl/output/yml_output.py,sha256=xtTD3f_WWy8O6Joi4S8gG9paot8JpQFRlwt17_ek5B4,2682
158
- contentctl/output/yml_writer.py,sha256=izq1DMP_QPlY5srKoOTIZTNGRAGTCKMI-4YN4mf4CiU,240
159
- contentctl/templates/README,sha256=Hg4LI9g_ss8o3u060woDkhunLXHMtKOhuFK2i-xJpuM,133
160
- contentctl/templates/app_default.yml,sha256=kDeYdJbfMADQPcho8iH1nqgTFrHNt4EXnIJjPHc2unI,6390
161
- contentctl/templates/datamodels_cim.conf,sha256=RB_SCtpQG_KaC_0lKTCKexVOlEq_ShGwpGlg95aqOfs,9381
162
- contentctl/templates/datamodels_custom.conf,sha256=6BANthXdqg3fYpYmEqiGZnv4cWheNfXz1uQ_I1JePXc,480
163
- contentctl/templates/deployments/00_default_anomaly.yml,sha256=z5vCSfuDJtY2oxvOK_PBjlByCys26vjaEs_oCBUr3t8,426
164
- contentctl/templates/deployments/00_default_baseline.yml,sha256=dEiwlr2sYMUPNUK7HiB32vwBFXVPFdxRY-9LoD6bKAA,342
165
- contentctl/templates/deployments/00_default_correlation.yml,sha256=FjRP4Niw-p5MsksJ9LWrbmkfp1dduQtHW2GIqULpMdQ,528
166
- contentctl/templates/deployments/00_default_hunting.yml,sha256=w58y8AWbvHo4WrCH_3v5rW2anUCU2w6GsS3A_Iv8pMQ,336
167
- contentctl/templates/deployments/00_default_ttp.yml,sha256=x33u30no3zBloJBvIC7XbgWQ9Cuyi7Ev47AsBs6azi0,556
168
- contentctl/templates/detections/anomalous_usage_of_7zip.yml,sha256=KeSofQJ_YvLYTKcgxsRdbmi00xc6eb3ZeRDpr2MvFHw,3342
169
- contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
170
- contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
171
- contentctl/templates/stories/cobalt_strike.yml,sha256=b2WW3uj-4w6GTUzOVaqQZAoLZ1lQGGPK8M3bBwnSq-4,3095
172
- contentctl-3.6.0.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
173
- contentctl-3.6.0.dist-info/METADATA,sha256=kF6QpFAZ4Lv8_PMvn79htiN2hSP6w0YeA6NNO1YLjMY,18805
174
- contentctl-3.6.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
175
- contentctl-3.6.0.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
176
- contentctl-3.6.0.dist-info/RECORD,,