contentctl 4.0.4__py3-none-any.whl → 4.1.0__py3-none-any.whl

{contentctl-4.0.4.dist-info → contentctl-4.1.0.dist-info}/RECORD

@@ -1,9 +1,7 @@
 contentctl/__init__.py,sha256=IMjkMO3twhQzluVTo8Z6rE7Eg-9U79_LGKMcsWLKBkY,22
-contentctl/actions/acs_deploy.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
-contentctl/actions/apav_deploy.py,sha256=vjq-24zCLRvNyS0FSLyE4L2b4etG-qo4OM6Z9P0NYK4,2999
-contentctl/actions/api_deploy.py,sha256=h8r_CjsQo4RXzBN4Q8DqoPh6e7JfNDoXdcxT1nrsaRQ,6965
 contentctl/actions/build.py,sha256=BVc-1E63zeUQ9wWAHTC_fLNvfEK5YT3Z6_QLiE72TQs,4765
 contentctl/actions/convert.py,sha256=0KBWLxvP1hSPXpExePqpOQPRvlQLamvPLyQqeTIWNbk,704
+contentctl/actions/deploy_acs.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
 contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zg8JasDjCpSC-yhseEyUwO8qbDJIUJbhlus9Li9ZAnA,8818
 contentctl/actions/detection_testing/GitService.py,sha256=Rm5Usc0EZk87rk1W8eKyED6b5CdD0YUQZMjkPfk3ztU,8666
 contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=N5mznaeErVak3mOBwsd0RDBFJO3bku0EZvpayCyU-uk,2259
@@ -18,34 +16,35 @@ contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py,sha256=6me
 contentctl/actions/doc_gen.py,sha256=YNc1VYA0ikL1hWDHYjfEOmUkfhy8PEIdvTyC4ZLxQRY,863
 contentctl/actions/initialize.py,sha256=2h3_A68mNWcyZjbrKF-OeQXBi5p4Zu3z74K7QxEtII4,1749
 contentctl/actions/initialize_old.py,sha256=0qXbW_fNDvkcnEeL6Zpte8d-hpTu1REyzHsXOCY-YB8,9333
-contentctl/actions/inspect.py,sha256=31v7hISc8B8w5tyMnBPSDb3AHRpm-K9rn-WqJRegzBQ,12628
-contentctl/actions/new_content.py,sha256=s2ovk-F-T_Z1O_bi0DgLHrkersD9AsDNW2Y66lY4jbg,5792
+contentctl/actions/inspect.py,sha256=6gVVKmV5CUUYOkNNVTMPKj9bM1uXVthgGCoFKZGDeS8,12628
+contentctl/actions/new_content.py,sha256=4gTlxV0fmdsSETPX4T9uQPpIAm--Jf2vc6Vm3w-RkfI,6128
 contentctl/actions/release_notes.py,sha256=akkFfLhsJuaPUyjsb6dLlKt9cUM-JApAjTFQMbYoXeM,13115
 contentctl/actions/reporting.py,sha256=MJEmvmoA1WnSFZEU9QM6daL_W94oOX0WXAcX1qAM2As,1583
 contentctl/actions/test.py,sha256=JXW1CR-tTM2kJ-U5NRG8quY3JlnOb4OmCBgX24XYWJ0,4896
-contentctl/actions/validate.py,sha256=-yZuhFBzqZvtT5FOFO4o4-U72tv6urrAG9QCFwqX4os,2363
-contentctl/contentctl.py,sha256=qiowJPiIdMkh8KkbiYhDyVBc1sKJTBKEXhZDwMC-mAk,10083
+contentctl/actions/validate.py,sha256=6_M5IMi68Pv4CNw69balQTkfRdjMTurUUv7z8BpGh3Y,2454
+contentctl/api.py,sha256=FBOpRhbBCBdjORmwe_8MPQ3PRZ6T0KrrFcfKovVFkug,6343
+contentctl/contentctl.py,sha256=Vr2cuvaPjpJpYvD9kVoYq7iD6rhLQEpTKmcGoq4emhA,10470
 contentctl/enrichments/attack_enrichment.py,sha256=EkEloG3hMmPTloPyYiVkhq3iT_BieXaJmprJ5stfyRw,6732
-contentctl/enrichments/cve_enrichment.py,sha256=r5a2DVpbz7wBW8iU4-OhXmSmJQ28JnFDQJt8XZ96MVo,3934
+contentctl/enrichments/cve_enrichment.py,sha256=IzkKSdnQi3JrAUUyLpcGA_Y2g_B7latq9bOIMlaMpGg,2315
 contentctl/enrichments/splunk_app_enrichment.py,sha256=zDNHFLZTi2dJ1gdnh0sHkD6F1VtkblqFnhacFcCMBfc,3418
 contentctl/helper/link_validator.py,sha256=-XorhxfGtjLynEL1X4hcpRMiyemogf2JEnvLwhHq80c,7139
 contentctl/helper/logger.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 contentctl/helper/utils.py,sha256=iZ6keMdTCs1XySiDVoGIGkMSxD_eDUphwEW-VUYA6vM,15659
 contentctl/input/backend_splunk_ba.py,sha256=Y70tJqgaUM0nzfm2SiGMof4HkhY84feqf-xnRx1xPb4,5861
-contentctl/input/director.py,sha256=CNAzSpO2fjjnhyezOGn9u5QiKq3Xqq7rHI-X9LrpyCo,10716
-contentctl/input/new_content_questions.py,sha256=eV6iHQ9-xCdlDJ0PgUEb0Zfokfmu62sYQnIGjShsf6k,5718
+contentctl/input/director.py,sha256=JsmN35xamnMNl3Wug7KGVLFbVfa5F7jf0ToHEwXFcqM,10965
+contentctl/input/new_content_questions.py,sha256=o4prlBoUhEMxqpZukquI9WKbzfFJfYhEF7a8m2q_BEE,5565
 contentctl/input/sigma_converter.py,sha256=ATFNW7boNngp5dmWM7Gr4rMZrUKjvKW2_qu28--FdiU,19391
 contentctl/input/ssa_detection_builder.py,sha256=43B7q4A8MEMjUU-FR7UapO80deW6BooV9WYzZWxcvgI,8377
 contentctl/input/yml_reader.py,sha256=oaal24UP8rDXkCmN5I3GnIheZrsgkhbKOlzXtyhB474,1475
-contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=YRbDXBFk_To77jyCkUqhswLV4n9IwJGTSDaiAnI7sFU,30167
-contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=cdBb7Yb3vYkD8xRKMWPG8Aq7oAKfw9fRIBGvjYw8zT0,8065
+contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=BPY0D_evVu4n3xGE7uGJRP5RKOtPbNKNPnZqvo0qC1A,33311
+contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=IVr26xFrIlTvsqQoqwYl4cmcfaP9BeYt9I0QTriKmwE,8451
 contentctl/objects/alert_action.py,sha256=E9gjCn5C31h0sN7k90KNe4agRxFFSnMW_Z-Ri_3YQss,1335
 contentctl/objects/atomic.py,sha256=a_G_iliAm86BunpAAG86aAL3LAEGpd9Crp7t7-PxYvI,8979
 contentctl/objects/base_test.py,sha256=6hCL9K-N_jJx1zLbuZQCsB93_XWj6JcGGs2PbbjzJWo,1028
 contentctl/objects/base_test_result.py,sha256=dPupudgeXW64Emk9YJfS5JhUXbZwpEZrrx_DiqbRgvU,4752
-contentctl/objects/baseline.py,sha256=x9vXa45kT2Qu7xQ0icPLvVJLFF6Hrj9svqdbuKtHzDc,2248
+contentctl/objects/baseline.py,sha256=Lb1vJKtDdlDrzWgrdkC9oQao_TnRrOxSwOWHf4trtaU,2150
 contentctl/objects/baseline_tags.py,sha256=JLdlCUc_DEccMQD6f-sa2qD8pcxYiwMUT_sRZEhW7ZA,2978
-contentctl/objects/config.py,sha256=lwiEJu9M3KVP8krH3ieI-4Yke-nI1dRYbStouLmHIWo,43708
+contentctl/objects/config.py,sha256=tK0BY4A9Go5jp8tpOSwgczuOAyu9dMPvC0nyOHeO-74,43642
 contentctl/objects/constants.py,sha256=1LjiK9A7t0aHHkJz2mrW-DImdW1P98GPssTwmwNNI_M,3468
 contentctl/objects/correlation_search.py,sha256=B97vCt2Ew7PGgqd5Y9l6RD3DJdy51Eh7Gzkxxs2xqZ0,36891
 contentctl/objects/data_source.py,sha256=ELNsNsarVHJgytPTcaGZOoWgub2v_-Q0xtc_-xUM8yg,405
@@ -57,14 +56,14 @@ contentctl/objects/deployment_rba.py,sha256=YFLSKzLU7s8Bt1cJkSBWlfCsc_2MfgiwyaDi
 contentctl/objects/deployment_scheduling.py,sha256=bQjbJHNaUGdU1VAGV8-nFOHzHutbIlt7FZpUvR1CV4Y,198
 contentctl/objects/deployment_slack.py,sha256=P6z8OLHDKcDWx7nbKWasqBc3dFRatGcpO2GtmxzVV8I,135
 contentctl/objects/detection.py,sha256=3W41cXf3ECjWuPqWrseqSLC3PAA7O5_nENWWM6MPK0Y,620
-contentctl/objects/detection_tags.py,sha256=dYCa4SfoqRiSOwYpbWo93vLGPxy6V9pArCZMWb5fxZs,10238
+contentctl/objects/detection_tags.py,sha256=QR906JN8cf5et5aPf-AluEEyP3IvdUQ_KzxKffMSjrc,10261
 contentctl/objects/enums.py,sha256=2gLRtJ-dHW_xMFdbjOp0LaX_fEV0V-YAZn2JY9gUzJ8,14030
 contentctl/objects/integration_test.py,sha256=W_VksBN_cRo7DTXdr1aLujjS9mgkEp0uvoNpmL0dVnQ,1273
 contentctl/objects/integration_test_result.py,sha256=DrIZRRlILSHGcsK_Rlm3KJLnbKPtIen8uEPFi4ZdJ8s,370
 contentctl/objects/investigation.py,sha256=JRoZxc_qi1fu_VFTRaxOc3B7zzSzCfEURsNzWPUCrtY,2620
 contentctl/objects/investigation_tags.py,sha256=nFpMRKBVBsW21YW_vy2G1lXaSARX-kfFyrPoCyE77Q8,1280
 contentctl/objects/lookup.py,sha256=P8YbzdDAj_MsTBJTEsym35zhQjiN9Eq0MlfON-qvuTM,4556
-contentctl/objects/macro.py,sha256=qUnS1UuGrq2nXj49N2qmwzZDJwyfTCqu3KSZMB6CfWk,2451
+contentctl/objects/macro.py,sha256=9nE-bxkFhtaltHOUCr0luU8jCCthmglHjhKs6Q2YzLU,2684
 contentctl/objects/mitre_attack_enrichment.py,sha256=bWrMG-Xj3knmULR5q2YZk7mloJBdQUzU1moZfEw9lQM,1073
 contentctl/objects/notable_action.py,sha256=ValkblBaG-60TF19y_vSnNzoNZ3eg48wIfr0qZxyKTA,1605
 contentctl/objects/observable.py,sha256=-nbVASkwyLpstWQk9Za1Hyjg0etGHiZArg7doEOS02k,1156
@@ -76,7 +75,7 @@ contentctl/objects/security_content_object.py,sha256=j8KNDwSMfZsSIzJucC3NuZo0SlF
 contentctl/objects/ssa_detection.py,sha256=-G6tXfVVlZgPWS64hIIy3M-aMePANAuQvdpXPlgUyUs,5873
 contentctl/objects/ssa_detection_tags.py,sha256=u8annjzo3MYZ-16wyFnuR8qJJzRa4LEhdprMIrQ47G0,5224
 contentctl/objects/story.py,sha256=LQLCCK_3DkP2x8fQOzcnV0d18_gsVFeS06DEK-qaBUE,4526
-contentctl/objects/story_tags.py,sha256=_OSUQ-uC3wCQMO2w6mqdqe-Wd_PhcpEANf-_xg_jyS0,2169
+contentctl/objects/story_tags.py,sha256=0oF1OePLBxa-RQPb438tXrrfosa939CP8UbNV0_S8XY,2225
 contentctl/objects/test_group.py,sha256=Yb1sqGom6SkVL8B3czPndz8w3CK8WdwZ39V_cn0_JZQ,2600
 contentctl/objects/threat_object.py,sha256=S8B7RQFfLxN_g7yKPrDTuYhIy9JvQH3YwJ_T5LUZIa4,711
 contentctl/objects/unit_test.py,sha256=5EDsPNUct1UY5OtfX-VwFzhET83OmLA6XcaQiZWL1Uo,1655
@@ -127,7 +126,7 @@ contentctl/output/templates/savedsearches_investigations.j2,sha256=aFIDK4NqtsZr3
 contentctl/output/templates/transforms.j2,sha256=-cSoie0LgJwibtW-GMhc9BQlmS6h1s1Vykm9O2M0f9Y,1456
 contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
 contentctl/output/yml_output.py,sha256=xtTD3f_WWy8O6Joi4S8gG9paot8JpQFRlwt17_ek5B4,2682
-contentctl/output/yml_writer.py,sha256=UsVhIJ-QmDB3B3GKiapMZ_ZBCJt_mefBzVmUwD9WfNw,271
+contentctl/output/yml_writer.py,sha256=zZJ3aK-l0YQXbDweS-XZKejHblyhy2eliSthZZEogUs,1668
 contentctl/templates/README,sha256=Hg4LI9g_ss8o3u060woDkhunLXHMtKOhuFK2i-xJpuM,133
 contentctl/templates/app_default.yml,sha256=kDeYdJbfMADQPcho8iH1nqgTFrHNt4EXnIJjPHc2unI,6390
 contentctl/templates/app_template/README/essoc_story_detail.txt,sha256=7hFPBfPpRH28TFl7QchKceZLewQqgFjRWDlmxZzwpmo,897
@@ -141,7 +140,6 @@ contentctl/templates/app_template/default/content-version.conf,sha256=TGzX6qLdzR
 contentctl/templates/app_template/default/data/ui/nav/default.xml,sha256=fKN53HZCtNJbQqq_5pP8e5-5m30DRrJittr6q5s6V_0,236
 contentctl/templates/app_template/default/data/ui/views/escu_summary.xml,sha256=jQhkIthPgEEptCJ2wUCj2lWGHBvUl6JGsKkDfONloxI,8635
 contentctl/templates/app_template/default/data/ui/views/feedback.xml,sha256=uM71EMK2uFz8h68nOTNKGnYxob3HhE_caSL6yA-3H-k,696
-contentctl/templates/app_template/default/distsearch.conf,sha256=5fa9bNr9WuVI2_8tTIftvrRwk27Oz3rUoKh6_xlASFw,156
 contentctl/templates/app_template/default/usage_searches.conf,sha256=mFnhAHGhFHIzl8xxA626thnAjyxs5ZQQfur1PP_Xmbg,4257
 contentctl/templates/app_template/default/use_case_library.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
 contentctl/templates/app_template/lookups/mitre_enrichment.csv,sha256=tifPQjFoQHtvpb78hxSP2fKHnHeehNbZDwUjdvc0aEM,66072
@@ -157,12 +155,16 @@ contentctl/templates/deployments/escu_default_configuration_baseline.yml,sha256=
 contentctl/templates/deployments/escu_default_configuration_correlation.yml,sha256=iWLqvJnUKVhpKaLBc_w_W65d9HVZgOZfGA-RIpxsH6M,519
 contentctl/templates/deployments/escu_default_configuration_hunting.yml,sha256=hHmM8u7zncpb-32Qv74UoNs0HKwZwCMoKAq2ygDJZbo,329
 contentctl/templates/deployments/escu_default_configuration_ttp.yml,sha256=1D-pvzaH1v3_yCZXaY6njmdvV4S2_Ak8uzzCOsnj9XY,548
-contentctl/templates/detections/anomalous_usage_of_7zip.yml,sha256=hkN214ZOqbQPWyYrqgbOrYb4iA0DroG1AnFRhSC_m0M,3323
+contentctl/templates/detections/application/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/detections/cloud/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml,sha256=hkN214ZOqbQPWyYrqgbOrYb4iA0DroG1AnFRhSC_m0M,3323
+contentctl/templates/detections/network/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
 contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
 contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
-contentctl-4.0.4.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
-contentctl-4.0.4.dist-info/METADATA,sha256=quZj1WvlwYP3QddPZkNrHE8i3AlLaD-oa_nQqNZakmE,19751
-contentctl-4.0.4.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-contentctl-4.0.4.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
-contentctl-4.0.4.dist-info/RECORD,,
+contentctl-4.1.0.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-4.1.0.dist-info/METADATA,sha256=AXM-iaprX65-e2JRJCjSFS4yr315R3uAbh80e5KJp20,19706
+contentctl-4.1.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+contentctl-4.1.0.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-4.1.0.dist-info/RECORD,,

contentctl/actions/apav_deploy.py

@@ -1,98 +0,0 @@
-import splunklib.client as client
-import multiprocessing
-import http.server
-import time
-import sys
-import subprocess
-import os
-class Deploy:
-    def __init__(self, args):
-
-        
-        
-        #First, check to ensure that the legal ack is correct. If not, quit
-        if args.acs_legal_ack != "Y":
-            raise(Exception(f"Error - must supply 'acs-legal-ack=Y', not 'acs-legal-ack={args.acs_legal_ack}'"))
-        
-        self.acs_legal_ack = args.acs_legal_ack
-        self.app_package = args.app_package
-        if not os.path.exists(self.app_package):
-            raise(Exception(f"Error - app_package file {self.app_package} does not exist"))
-        self.username = args.username
-        self.password = args.password
-        self.server = args.server
-
-        
-       
-        self.deploy_to_splunk_cloud()
-        #self.http_process = self.start_http_server()
-
-        #self.install_app()
-
-    
-    def deploy_to_splunk_cloud(self):
-        
-        commandline = f"acs apps install private --acs-legal-ack={self.acs_legal_ack} "\
-                f"--app-package {self.app_package} --server {self.server} --username "\
-                f"{self.username} --password {self.password}"
-        
-        
-        try:
-            res = subprocess.run(args = commandline.split(' '), )    
-        except Exception as e:
-            raise(Exception(f"Error deploying to Splunk Cloud Instance: {str(e)}"))
-        print(res.returncode)
-        if res.returncode != 0:
-            raise(Exception("Error deploying to Splunk Cloud Instance. Review output to diagnose error."))
-
-    '''
-    def install_app_local(self) -> bool:
-        #Connect to the service
-        time.sleep(1)
-        #self.http_process.start()
-        #time.sleep(2)
-        
-
-        print(f"Connecting to server {self.host}")
-        try:
-            service = client.connect(host=self.host, port=self.api_port, username=self.username, password=self.password)
-            assert isinstance(service, client.Service)
-            
-        except Exception as e:
-            raise(Exception(f"Failure connecting the Splunk Search Head: {str(e)}"))
-            
-        
-        #Install the app
-        try:
-            params = {'name': self.server_app_path}
-            res = service.post('apps/appinstall', **params)
-            #Check the result?
-
-            print(f"Successfully installed {self.server_app_path}!")
-
-
-
-        except Exception as e:
-            raise(Exception(f"Failure installing the app {self.server_app_path}: {str(e)}"))
-
-        
-        #Query and list all of the installed apps
-        try:
-            all_apps = service.apps
-        except Exception as e:
-            print(f"Failed listing all apps: {str(e)}")
-            return False
-
-        print("Installed apps:")
-        for count, app in enumerate(all_apps):
-            print("\t{count}.  {app.name}")   
-
-
-        print(f"Installing app {self.path}")
-
-        self.http_process.terminate()
-
-        return True
-    '''
-    
-    

contentctl/actions/api_deploy.py

@@ -1,151 +0,0 @@
-import os
-import sys
-import json
-import requests
-from requests.auth import HTTPBasicAuth
-
-from dataclasses import dataclass
-from configparser import RawConfigParser
-import splunklib.client as client
-
-from contentctl.objects.config import Config
-import pathlib
-
-@dataclass(frozen=True)
-class API_DeployInputDto:
-    path: pathlib.Path
-    config: Config
-
-
-class API_Deploy:
-    def fix_newlines_in_conf_files(self, conf_path: pathlib.Path) -> RawConfigParser:
-        parser = RawConfigParser()
-        with open(conf_path, "r") as conf_data_file:
-            conf_data = conf_data_file.read()
-
-        # ConfigParser cannot read multipleline strings that simply escape the newline character with \
-        # To include a newline, you need to include a space at the beginning of the newline.
-        # We will simply replace all \NEWLINE with NEWLINESPACE (removing the leading literal \).
-        # We will discuss whether we intend to make these changes to the underlying conf files
-        # or just apply the changes here
-        conf_data = conf_data.replace("\\\n", "\n ")
-
-        parser.read_string(conf_data)
-        return parser
-
-    def execute(self, input_dto: API_DeployInputDto) -> None:
-        if len(input_dto.config.deployments.rest_api_deployments) == 0:
-            raise Exception("No rest_api_deployments defined in 'contentctl.yml'")
-        app_path =  pathlib.Path(input_dto.config.build.path_root)/input_dto.config.build.title
-        if not app_path.is_dir():
-            raise Exception(f"The unpackaged app does not exist at the path {app_path}. Please run 'contentctl build' to generate the app.")
-        for target in input_dto.config.deployments.rest_api_deployments:
-            print(f"Deploying '{input_dto.config.build.title}' to target '{target.server}' [{target.description}]")
-            splunk_args = {
-                "host": target.server,
-                "port": target.port,
-                "username": target.username,
-                "password": target.password,
-                "owner": "nobody",
-                "app": "search",
-            }
-            print("Warning - we are currently deploying all content into the 'search' app. "
-                  "At this time, this means the user does not have to install the app "
-                  "manually, but this will change")
-            service = client.connect(**splunk_args)
-
-                
-            macros_parser = self.fix_newlines_in_conf_files(
-                app_path/"default"/"macros.conf"
-            )
-            import tqdm
-
-            bar_format_macros = (
-                f"Deploying macros        "
-                + "{percentage:3.0f}%[{bar:20}]"
-                + "[{n_fmt}/{total_fmt} | ETA: {remaining}]"
-            )
-            bar_format_detections = (
-                f"Deploying saved searches"
-                + "{percentage:3.0f}%[{bar:20}]"
-                + "[{n_fmt}/{total_fmt} | ETA: {remaining}]"
-            )
-            for section in tqdm.tqdm(
-                macros_parser.sections(), bar_format=bar_format_macros
-            ):
-                try:
-                    service.post("properties/macros", __stanza=section)
-                    service.post("properties/macros/" + section, **macros_parser[section])
-                    tqdm.tqdm.write(f"Deployed macro [{section}]")
-                except Exception as e:
-                    tqdm.tqdm.write(f"Error deploying macro {section}: {str(e)}")
-
-            detection_parser = RawConfigParser()
-            detection_parser = self.fix_newlines_in_conf_files(
-                app_path/"default"/"savedsearches.conf",
-            )
-            
-
-            for section in tqdm.tqdm(
-                detection_parser.sections(), bar_format=bar_format_detections
-            ):
-                try:
-                    if section.startswith(input_dto.config.build.prefix):
-                        params = detection_parser[section]
-                        params["name"] = section
-                        response_actions = []
-                        if (
-                            input_dto.config.detection_configuration.notable
-                            and input_dto.config.detection_configuration.notable.rule_description
-                        ):
-                            response_actions.append("notable")
-                        if (
-                            input_dto.config.detection_configuration.rba
-                            and input_dto.config.detection_configuration.rba.enabled
-                        ):
-                            response_actions.append("risk")
-                        params["actions"] = ",".join(response_actions)
-                        params["request.ui_dispatch_app"] = "ES Content Updates"
-                        params["request.ui_dispatch_view"] = "ES Content Updates"
-                        params["alert_type"] = params.pop("counttype")
-                        params["alert_comparator"] = params.pop("relation")
-                        params["alert_threshold"] = params.pop("quantity")
-                        params.pop("enablesched")
-                        
-                        try:
-                            service.saved_searches.delete(section)
-                            #tqdm.tqdm.write(f"Deleted old saved search: {section}")
-                        except Exception as e:
-                            #tqdm.tqdm.write(f"Error deleting savedsearch '{section}' :[{str(e)}]")
-                            pass
-                        
-                        service.post("saved/searches", **params)
-                        tqdm.tqdm.write(f"Deployed savedsearch [{section}]")
-                
-                except Exception as e:
-                    tqdm.tqdm.write(f"Error deploying saved search {section}: {str(e)}")
-
-        # story_parser = RawConfigParser()
-        # story_parser.read(os.path.join(input_dto.path, input_dto.config.build.splunk_app.path, "default", "analyticstories.conf"))
-
-        # for section in story_parser.sections():
-        #     if section.startswith("analytic_story"):
-        #         params = story_parser[section]
-        #         params = dict(params.items())
-        #         params["spec_version"] = 1
-        #         params["version"] = 1
-        #         name = section[17:]
-        #         #service.post('services/analyticstories/configs/analytic_story', name=name, content=json.dumps(params))
-
-        #         url = "https://3.72.220.157:8089/services/analyticstories/configs/analytic_story"
-        #         data = dict()
-        #         data["name"] = name
-        #         data["content"] = params
-        #         print(json.dumps(data))
-        #         response = requests.post(
-        #             url,
-        #             auth=HTTPBasicAuth('admin', 'fgWFshd0mm7eErMj9qX'),
-        #             data=json.dumps(data),
-        #             verify=False
-        #         )
-        #         print(response.text)

contentctl/templates/app_template/default/distsearch.conf

@@ -1,5 +0,0 @@
-[replicationSettings:refineConf]
-replicate.analytic_stories = false
-
-[replicationBlacklist]
-excludeESCU = apps[/\\]DA-ESS-ContentUpdate[/\\]lookups[/\\]...