contentctl 4.2.0__py3-none-any.whl → 4.2.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. contentctl/actions/detection_testing/GitService.py +10 -9
  2. contentctl/objects/lookup.py +2 -1
  3. contentctl/output/templates/savedsearches_detections.j2 +0 -8
  4. {contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/METADATA +1 -1
  5. {contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/RECORD +8 -8
  6. {contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/LICENSE.md +0 -0
  7. {contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/WHEEL +0 -0
  8. {contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/entry_points.txt +0 -0
contentctl/actions/detection_testing/GitService.py CHANGED
@@ -155,21 +155,22 @@ class GitService(BaseModel):
155
155
  print(f"[{len(updated_detections)}] Pieces of modifed and new content (this may include experimental/deprecated/manual_test content):\n - {modifiedAndNewContentString}")
156
156
  return updated_detections
157
157
 
158
- def getSelected(self, detectionFilenames:List[FilePath])->List[Detection]:
159
- filepath_to_content_map:dict[FilePath, SecurityContentObject] = { obj.file_path:obj for (_,obj) in self.director.name_to_content_map.items() if obj.file_path is not None}
158
+ def getSelected(self, detectionFilenames: List[FilePath]) -> List[Detection]:
159
+ filepath_to_content_map: dict[FilePath, SecurityContentObject] = {
160
+ obj.file_path: obj for (_, obj) in self.director.name_to_content_map.items() if obj.file_path is not None
161
+ }
160
162
  errors = []
161
- detections:List[Detection] = []
163
+ detections: List[Detection] = []
162
164
  for name in detectionFilenames:
163
- obj = filepath_to_content_map.get(name,None)
164
- if obj == None:
165
+ obj = filepath_to_content_map.get(name, None)
166
+ if obj is None:
165
167
  errors.append(f"There is no detection file or security_content_object at '{name}'")
166
168
  elif not isinstance(obj, Detection):
167
169
  errors.append(f"The security_content_object at '{name}' is of type '{type(obj).__name__}', NOT '{Detection.__name__}'")
168
170
  else:
169
171
  detections.append(obj)
170
172
 
171
- if len(errors) > 0:
173
+ if errors:
172
174
  errorsString = "\n - ".join(errors)
173
- raise Exception(f"There following errors were encountered while getting selected detections to test:\n - {errorsString}")
174
- return detections
175
-
175
+ raise Exception(f"The following errors were encountered while getting selected detections to test:\n - {errorsString}")
176
+ return detections
contentctl/objects/lookup.py CHANGED
@@ -8,13 +8,14 @@ if TYPE_CHECKING:
8
8
  from contentctl.objects.config import validate
9
9
  from contentctl.objects.security_content_object import SecurityContentObject
10
10
 
11
-
11
+ # This section is used to ignore lookups that are NOT shipped with ESCU app but are used in the detections. Adding exclusions here will so that contentctl builds will not fail.
12
12
  LOOKUPS_TO_IGNORE = set(["outputlookup"])
13
13
  LOOKUPS_TO_IGNORE.add("ut_shannon_lookup") #In the URL toolbox app which is recommended for ESCU
14
14
  LOOKUPS_TO_IGNORE.add("identity_lookup_expanded") #Shipped with the Asset and Identity Framework
15
15
  LOOKUPS_TO_IGNORE.add("cim_corporate_web_domain_lookup") #Shipped with the Asset and Identity Framework
16
16
  LOOKUPS_TO_IGNORE.add("alexa_lookup_by_str") #Shipped with the Asset and Identity Framework
17
17
  LOOKUPS_TO_IGNORE.add("interesting_ports_lookup") #Shipped with the Asset and Identity Framework
18
+ LOOKUPS_TO_IGNORE.add("admon_groups_def") #Shipped with the SA-admon addon
18
19
 
19
20
  #Special case for the Detection "Exploit Public Facing Application via Apache Commons Text"
20
21
  LOOKUPS_TO_IGNORE.add("=")
contentctl/output/templates/savedsearches_detections.j2 CHANGED
@@ -57,15 +57,7 @@ cron_schedule = {{ detection.deployment.scheduling.cron_schedule }}
57
57
  dispatch.earliest_time = {{ detection.deployment.scheduling.earliest_time }}
58
58
  dispatch.latest_time = {{ detection.deployment.scheduling.latest_time }}
59
59
  action.correlationsearch.enabled = 1
60
- {% if detection.status == "deprecated" %}
61
- action.correlationsearch.label = {{APP_NAME}} - Deprecated - {{ detection.name }} - Rule
62
- {% elif detection.status == "experimental" %}
63
- action.correlationsearch.label = {{APP_NAME}} - Experimental - {{ detection.name }} - Rule
64
- {% elif detection.type | lower == "correlation" %}
65
- action.correlationsearch.label = {{APP_NAME}} - RIR - {{ detection.name }} - Rule
66
- {% else %}
67
60
  action.correlationsearch.label = {{APP_NAME}} - {{ detection.name }} - Rule
68
- {% endif %}
69
61
  action.correlationsearch.annotations = {{ detection.annotations | tojson }}
70
62
  action.correlationsearch.metadata = {{ detection.getMetadata() | tojson }}
71
63
  {% if detection.deployment.scheduling.schedule_window is defined %}
{contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: contentctl
3
- Version: 4.2.0
3
+ Version: 4.2.2
4
4
  Summary: Splunk Content Control Tool
5
5
  License: Apache 2.0
6
6
  Author: STRT
{contentctl-4.2.0.dist-info → contentctl-4.2.2.dist-info}/RECORD RENAMED
@@ -3,7 +3,7 @@ contentctl/actions/build.py,sha256=mGm1F8jWdj547uJVSEWZBZcEyjoO4QpPKWhJOpRwR94,5
3
3
  contentctl/actions/convert.py,sha256=0KBWLxvP1hSPXpExePqpOQPRvlQLamvPLyQqeTIWNbk,704
4
4
  contentctl/actions/deploy_acs.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
5
5
  contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zg8JasDjCpSC-yhseEyUwO8qbDJIUJbhlus9Li9ZAnA,8818
6
- contentctl/actions/detection_testing/GitService.py,sha256=xNhuvK8oUoTxFlC0XBhlew9V0DO7l2hqaBMffEk5ohM,9000
6
+ contentctl/actions/detection_testing/GitService.py,sha256=W1vnDDt8JvIL7Z1Lve3D3RS7h8qwMxrW0BMXVGuDZDM,9007
7
7
  contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=N5mznaeErVak3mOBwsd0RDBFJO3bku0EZvpayCyU-uk,2259
8
8
  contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py,sha256=VFhSHdw_0N6ol668hDkaj7yFjPsZqBoFNC8FKzWKICc,53141
9
9
  contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py,sha256=HVGWCXy0GQeBqu2cVJn5H-I8GY8rwgkkc53ilO1TfZA,6846
@@ -63,7 +63,7 @@ contentctl/objects/integration_test.py,sha256=W_VksBN_cRo7DTXdr1aLujjS9mgkEp0uvo
63
63
  contentctl/objects/integration_test_result.py,sha256=DrIZRRlILSHGcsK_Rlm3KJLnbKPtIen8uEPFi4ZdJ8s,370
64
64
  contentctl/objects/investigation.py,sha256=JRoZxc_qi1fu_VFTRaxOc3B7zzSzCfEURsNzWPUCrtY,2620
65
65
  contentctl/objects/investigation_tags.py,sha256=nFpMRKBVBsW21YW_vy2G1lXaSARX-kfFyrPoCyE77Q8,1280
66
- contentctl/objects/lookup.py,sha256=TwNQqeMPeE8sfAjChxS2yDnejI2Xf3ils3_Xdgthr5c,6924
66
+ contentctl/objects/lookup.py,sha256=YQiQKhWC07IUQti6l9nh3jhsQUD9vDD11JnoqkCtuho,7176
67
67
  contentctl/objects/macro.py,sha256=9nE-bxkFhtaltHOUCr0luU8jCCthmglHjhKs6Q2YzLU,2684
68
68
  contentctl/objects/mitre_attack_enrichment.py,sha256=bWrMG-Xj3knmULR5q2YZk7mloJBdQUzU1moZfEw9lQM,1073
69
69
  contentctl/objects/notable_action.py,sha256=ValkblBaG-60TF19y_vSnNzoNZ3eg48wIfr0qZxyKTA,1605
@@ -123,7 +123,7 @@ contentctl/output/templates/header.j2,sha256=3usV7jm1q6J-QNnQrZzII9cN0XEGQjg_eVK
123
123
  contentctl/output/templates/macros.j2,sha256=SLcQQ5X7TZS8j-2qP06BTXqdIcnwoYqTAaBLX2Dge7Y,390
124
124
  contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
125
125
  contentctl/output/templates/savedsearches_baselines.j2,sha256=xr05J9WJSVdwpiBoPWEejZ1hmeqInyDKyDH4kjzHP6U,1743
126
- contentctl/output/templates/savedsearches_detections.j2,sha256=NpQNRF6GutVpcpt7BaPOFesvZhBsAoI3CHrtYnRnbo4,6805
126
+ contentctl/output/templates/savedsearches_detections.j2,sha256=ZEY2oxn1NXrx28OR46azAs9coX_PhK7UGfyiLZh8g2c,6381
127
127
  contentctl/output/templates/savedsearches_investigations.j2,sha256=aFIDK4NqtsZr3fb4F_tv9UQTQ2Z-n9pkP5rIocPA65Q,1259
128
128
  contentctl/output/templates/transforms.j2,sha256=-cSoie0LgJwibtW-GMhc9BQlmS6h1s1Vykm9O2M0f9Y,1456
129
129
  contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
@@ -165,8 +165,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
165
165
  contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
166
166
  contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
167
167
  contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
168
- contentctl-4.2.0.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
169
- contentctl-4.2.0.dist-info/METADATA,sha256=Mwn05R0o74IKd0Z0KdayxzX3E7wJGJQSTfu4fzQxjQA,19706
170
- contentctl-4.2.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
171
- contentctl-4.2.0.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
172
- contentctl-4.2.0.dist-info/RECORD,,
168
+ contentctl-4.2.2.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
169
+ contentctl-4.2.2.dist-info/METADATA,sha256=3C5Himg-l9Kz95K6QwOCfjsScGQrds2dgGTMD6PGkIQ,19706
170
+ contentctl-4.2.2.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
171
+ contentctl-4.2.2.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
172
+ contentctl-4.2.2.dist-info/RECORD,,