contentctl 4.2.1__py3-none-any.whl → 4.2.2__py3-none-any.whl

contentctl/objects/lookup.py

@@ -8,13 +8,14 @@ if TYPE_CHECKING:
     from contentctl.objects.config import validate
 from contentctl.objects.security_content_object import SecurityContentObject
 
-
+# This section is used to ignore lookups that are NOT  shipped with ESCU app but are used in the detections. Adding exclusions here will so that contentctl builds will not fail.
 LOOKUPS_TO_IGNORE = set(["outputlookup"])
 LOOKUPS_TO_IGNORE.add("ut_shannon_lookup") #In the URL toolbox app which is recommended for ESCU
 LOOKUPS_TO_IGNORE.add("identity_lookup_expanded") #Shipped with the Asset and Identity Framework
 LOOKUPS_TO_IGNORE.add("cim_corporate_web_domain_lookup") #Shipped with the Asset and Identity Framework
 LOOKUPS_TO_IGNORE.add("alexa_lookup_by_str") #Shipped with the Asset and Identity Framework
 LOOKUPS_TO_IGNORE.add("interesting_ports_lookup") #Shipped with the Asset and Identity Framework
+LOOKUPS_TO_IGNORE.add("admon_groups_def") #Shipped with the SA-admon addon
 
 #Special case for the Detection "Exploit Public Facing Application via Apache Commons Text"
 LOOKUPS_TO_IGNORE.add("=") 

contentctl/output/templates/savedsearches_detections.j2

@@ -57,15 +57,7 @@ cron_schedule = {{ detection.deployment.scheduling.cron_schedule }}
 dispatch.earliest_time = {{ detection.deployment.scheduling.earliest_time }}
 dispatch.latest_time = {{ detection.deployment.scheduling.latest_time }}
 action.correlationsearch.enabled = 1
-{% if detection.status == "deprecated" %}
-action.correlationsearch.label = {{APP_NAME}} - Deprecated - {{ detection.name }} - Rule
-{% elif detection.status == "experimental" %}
-action.correlationsearch.label = {{APP_NAME}} - Experimental - {{ detection.name }} - Rule
-{% elif detection.type | lower == "correlation" %}
-action.correlationsearch.label = {{APP_NAME}} - RIR - {{ detection.name }} - Rule
-{% else %}
 action.correlationsearch.label = {{APP_NAME}} - {{ detection.name }} - Rule
-{% endif %}
 action.correlationsearch.annotations = {{ detection.annotations | tojson }}
 action.correlationsearch.metadata = {{ detection.getMetadata() | tojson }}
 {% if detection.deployment.scheduling.schedule_window is defined %}

{contentctl-4.2.1.dist-info → contentctl-4.2.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: contentctl
-Version: 4.2.1
+Version: 4.2.2
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT

{contentctl-4.2.1.dist-info → contentctl-4.2.2.dist-info}/RECORD

@@ -63,7 +63,7 @@ contentctl/objects/integration_test.py,sha256=W_VksBN_cRo7DTXdr1aLujjS9mgkEp0uvo
 contentctl/objects/integration_test_result.py,sha256=DrIZRRlILSHGcsK_Rlm3KJLnbKPtIen8uEPFi4ZdJ8s,370
 contentctl/objects/investigation.py,sha256=JRoZxc_qi1fu_VFTRaxOc3B7zzSzCfEURsNzWPUCrtY,2620
 contentctl/objects/investigation_tags.py,sha256=nFpMRKBVBsW21YW_vy2G1lXaSARX-kfFyrPoCyE77Q8,1280
-contentctl/objects/lookup.py,sha256=TwNQqeMPeE8sfAjChxS2yDnejI2Xf3ils3_Xdgthr5c,6924
+contentctl/objects/lookup.py,sha256=YQiQKhWC07IUQti6l9nh3jhsQUD9vDD11JnoqkCtuho,7176
 contentctl/objects/macro.py,sha256=9nE-bxkFhtaltHOUCr0luU8jCCthmglHjhKs6Q2YzLU,2684
 contentctl/objects/mitre_attack_enrichment.py,sha256=bWrMG-Xj3knmULR5q2YZk7mloJBdQUzU1moZfEw9lQM,1073
 contentctl/objects/notable_action.py,sha256=ValkblBaG-60TF19y_vSnNzoNZ3eg48wIfr0qZxyKTA,1605
@@ -123,7 +123,7 @@ contentctl/output/templates/header.j2,sha256=3usV7jm1q6J-QNnQrZzII9cN0XEGQjg_eVK
 contentctl/output/templates/macros.j2,sha256=SLcQQ5X7TZS8j-2qP06BTXqdIcnwoYqTAaBLX2Dge7Y,390
 contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
 contentctl/output/templates/savedsearches_baselines.j2,sha256=xr05J9WJSVdwpiBoPWEejZ1hmeqInyDKyDH4kjzHP6U,1743
-contentctl/output/templates/savedsearches_detections.j2,sha256=NpQNRF6GutVpcpt7BaPOFesvZhBsAoI3CHrtYnRnbo4,6805
+contentctl/output/templates/savedsearches_detections.j2,sha256=ZEY2oxn1NXrx28OR46azAs9coX_PhK7UGfyiLZh8g2c,6381
 contentctl/output/templates/savedsearches_investigations.j2,sha256=aFIDK4NqtsZr3fb4F_tv9UQTQ2Z-n9pkP5rIocPA65Q,1259
 contentctl/output/templates/transforms.j2,sha256=-cSoie0LgJwibtW-GMhc9BQlmS6h1s1Vykm9O2M0f9Y,1456
 contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
@@ -165,8 +165,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
 contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
 contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
 contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
-contentctl-4.2.1.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
-contentctl-4.2.1.dist-info/METADATA,sha256=3S_M3w5I3jpYqd6NtoqTdkxWXWh5HaJ4ut9QLmNtO7k,19706
-contentctl-4.2.1.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-contentctl-4.2.1.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
-contentctl-4.2.1.dist-info/RECORD,,
+contentctl-4.2.2.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-4.2.2.dist-info/METADATA,sha256=3C5Himg-l9Kz95K6QwOCfjsScGQrds2dgGTMD6PGkIQ,19706
+contentctl-4.2.2.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+contentctl-4.2.2.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-4.2.2.dist-info/RECORD,,