contentctl 4.2.5__py3-none-any.whl → 4.3.0__py3-none-any.whl

contentctl/actions/build.py

@@ -8,7 +8,6 @@ from contentctl.objects.enums import SecurityContentProduct, SecurityContentType
 from contentctl.input.director import Director, DirectorOutputDto
 from contentctl.output.conf_output import ConfOutput
 from contentctl.output.conf_writer import ConfWriter
-from contentctl.output.ba_yml_output import BAYmlOutput
 from contentctl.output.api_json_output import ApiJsonOutput
 from contentctl.output.data_source_writer import DataSourceWriter
 from contentctl.objects.lookup import Lookup
@@ -86,17 +85,4 @@ class Build:
             
             print(f"Build of '{input_dto.config.app.title}' API successful to {input_dto.config.getAPIPath()}")
 
-        if input_dto.config.build_ssa:
-            
-            srs_path = input_dto.config.getSSAPath() / 'srs'
-            complex_path = input_dto.config.getSSAPath() / 'complex'
-            shutil.rmtree(srs_path, ignore_errors=True)
-            shutil.rmtree(complex_path, ignore_errors=True)
-            srs_path.mkdir(parents=True)
-            complex_path.mkdir(parents=True)
-            ba_yml_output = BAYmlOutput()
-            ba_yml_output.writeObjects(input_dto.director_output_dto.ssa_detections, str(input_dto.config.getSSAPath()))
-
-            print(f"Build of 'SSA' successful to {input_dto.config.getSSAPath()}")
-                
         return input_dto.director_output_dto

contentctl/actions/validate.py

@@ -30,7 +30,6 @@ class Validate:
             [],
             [],
             [],
-            [],
         )
 
         director = Director(director_output_dto)

contentctl/input/director.py

@@ -28,13 +28,11 @@ from contentctl.enrichments.attack_enrichment import AttackEnrichment
 from contentctl.enrichments.cve_enrichment import CveEnrichment
 
 from contentctl.objects.config import validate
-from contentctl.input.ssa_detection_builder import SSADetectionBuilder
 from contentctl.objects.enums import SecurityContentType
 
 from contentctl.objects.enums import DetectionStatus
 from contentctl.helper.utils import Utils
 
-from contentctl.input.ssa_detection_builder import SSADetectionBuilder
 from contentctl.objects.enums import SecurityContentType
 
 from contentctl.objects.enums import DetectionStatus 
@@ -56,7 +54,6 @@ class DirectorOutputDto:
     macros: list[Macro]
     lookups: list[Lookup]
     deployments: list[Deployment]
-    ssa_detections: list[SSADetection]
     data_sources: list[DataSource]
     name_to_content_map: dict[str, SecurityContentObject] = field(default_factory=dict)
     uuid_to_content_map: dict[UUID, SecurityContentObject] = field(default_factory=dict)
@@ -98,8 +95,6 @@ class DirectorOutputDto:
             self.stories.append(content)
         elif isinstance(content, Detection):
             self.detections.append(content)
-        elif isinstance(content, SSADetection):
-            self.ssa_detections.append(content)
         elif isinstance(content, DataSource):
             self.data_sources.append(content)
         else:
@@ -112,11 +107,9 @@ class DirectorOutputDto:
 class Director():
     input_dto: validate
     output_dto: DirectorOutputDto
-    ssa_detection_builder: SSADetectionBuilder
 
     def __init__(self, output_dto: DirectorOutputDto) -> None:
         self.output_dto = output_dto
-        self.ssa_detection_builder = SSADetectionBuilder()
 
     def execute(self, input_dto: validate) -> None:
         self.input_dto = input_dto
@@ -129,7 +122,6 @@ class Director():
         self.createSecurityContent(SecurityContentType.data_sources)
         self.createSecurityContent(SecurityContentType.playbooks)
         self.createSecurityContent(SecurityContentType.detections)
-        self.createSecurityContent(SecurityContentType.ssa_detections)
 
         
         from contentctl.objects.abstract_security_content_objects.detection_abstract import MISSING_SOURCES
@@ -142,12 +134,7 @@ class Director():
             print("No missing data_sources!")
 
     def createSecurityContent(self, contentType: SecurityContentType) -> None:
-        if contentType == SecurityContentType.ssa_detections:
-            files = Utils.get_all_yml_files_from_directory(
-                os.path.join(self.input_dto.path, "ssa_detections")
-            )
-            security_content_files = [f for f in files if f.name.startswith("ssa___")]
-        elif contentType in [
+        if contentType in [
             SecurityContentType.deployments,
             SecurityContentType.lookups,
             SecurityContentType.macros,
@@ -179,43 +166,37 @@ class Director():
                 modelDict = YmlReader.load_file(file)
 
                 if contentType == SecurityContentType.lookups:
-                    lookup = Lookup.model_validate(modelDict,context={"output_dto":self.output_dto, "config":self.input_dto})
+                    lookup = Lookup.model_validate(modelDict, context={"output_dto":self.output_dto, "config":self.input_dto})
                     self.output_dto.addContentToDictMappings(lookup)
                 
                 elif contentType == SecurityContentType.macros:
-                    macro = Macro.model_validate(modelDict,context={"output_dto":self.output_dto})
+                    macro = Macro.model_validate(modelDict, context={"output_dto":self.output_dto})
                     self.output_dto.addContentToDictMappings(macro)
                 
                 elif contentType == SecurityContentType.deployments:
-                    deployment = Deployment.model_validate(modelDict,context={"output_dto":self.output_dto})
+                    deployment = Deployment.model_validate(modelDict, context={"output_dto":self.output_dto})
                     self.output_dto.addContentToDictMappings(deployment)
 
                 elif contentType == SecurityContentType.playbooks:
-                    playbook = Playbook.model_validate(modelDict,context={"output_dto":self.output_dto})
+                    playbook = Playbook.model_validate(modelDict, context={"output_dto":self.output_dto})
                     self.output_dto.addContentToDictMappings(playbook)                  
                 
                 elif contentType == SecurityContentType.baselines:
-                    baseline = Baseline.model_validate(modelDict,context={"output_dto":self.output_dto})
+                    baseline = Baseline.model_validate(modelDict, context={"output_dto":self.output_dto})
                     self.output_dto.addContentToDictMappings(baseline)
                 
                 elif contentType == SecurityContentType.investigations:
-                    investigation = Investigation.model_validate(modelDict,context={"output_dto":self.output_dto})
+                    investigation = Investigation.model_validate(modelDict, context={"output_dto":self.output_dto})
                     self.output_dto.addContentToDictMappings(investigation)
 
                 elif contentType == SecurityContentType.stories:
-                    story = Story.model_validate(modelDict,context={"output_dto":self.output_dto})
+                    story = Story.model_validate(modelDict, context={"output_dto":self.output_dto})
                     self.output_dto.addContentToDictMappings(story)
             
                 elif contentType == SecurityContentType.detections:
-                    detection = Detection.model_validate(modelDict,context={"output_dto":self.output_dto, "app":self.input_dto.app})
+                    detection = Detection.model_validate(modelDict, context={"output_dto":self.output_dto, "app":self.input_dto.app})
                     self.output_dto.addContentToDictMappings(detection)
 
-                elif contentType == SecurityContentType.ssa_detections:
-                    self.constructSSADetection(self.ssa_detection_builder, self.output_dto,str(file))
-                    ssa_detection = self.ssa_detection_builder.getObject()
-                    if ssa_detection.status in [DetectionStatus.production.value, DetectionStatus.validation.value]:
-                        self.output_dto.addContentToDictMappings(ssa_detection)
-                
                 elif contentType == SecurityContentType.data_sources:
                     data_source = DataSource.model_validate(
                         modelDict, context={"output_dto": self.output_dto}
@@ -262,19 +243,3 @@ class Director():
                 f"The following {len(validation_errors)} error(s) were found during validation:\n\n{errors_string}\n\nVALIDATION FAILED"
             )
 
-    def constructSSADetection(
-        self,
-        builder: SSADetectionBuilder,
-        directorOutput: DirectorOutputDto,
-        file_path: str,
-    ) -> None:
-        builder.reset()
-        builder.setObject(file_path)
-        builder.addMitreAttackEnrichmentNew(directorOutput.attack_enrichment)
-        builder.addKillChainPhase()
-        builder.addCIS()
-        builder.addNist()
-        builder.addAnnotations()
-        builder.addMappings()
-        builder.addUnitTest()
-        builder.addRBA()

contentctl/objects/abstract_security_content_objects/detection_abstract.py

@@ -46,7 +46,7 @@ class Detection_Abstract(SecurityContentObject):
     status: DetectionStatus = Field(...)
     data_source: list[str] = []
     tags: DetectionTags = Field(...)
-    search: Union[str, dict[str, Any]] = Field(...)
+    search: str = Field(...)
     how_to_implement: str = Field(..., min_length=4)
     known_false_positives: str = Field(..., min_length=4)
 
@@ -65,11 +65,7 @@ class Detection_Abstract(SecurityContentObject):
 
     @field_validator("search", mode="before")
     @classmethod
-    def validate_presence_of_filter_macro(
-        cls,
-        value: Union[str, dict[str, Any]],
-        info: ValidationInfo
-    ) -> Union[str, dict[str, Any]]:
+    def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str:
         """
         Validates that, if required to be present, the filter macro is present with the proper name.
         The filter macro MUST be derived from the name of the detection
@@ -83,12 +79,9 @@ class Detection_Abstract(SecurityContentObject):
 
         Returns:
             Union[str, dict[str,Any]]: The search, either in sigma or SPL format.
-        """
-
-        if isinstance(value, dict):
-            # If the search is a dict, then it is in Sigma format so return it
-            return value
-
+        """        
+        
+        
         # Otherwise, the search is SPL.
 
         # In the future, we will may add support that makes the inclusion of the
@@ -155,15 +148,16 @@ class Detection_Abstract(SecurityContentObject):
     @computed_field
     @property
     def datamodel(self) -> List[DataModel]:
-        if isinstance(self.search, str):
-            return [dm for dm in DataModel if dm.value in self.search]
-        else:
-            return []
+        return [dm for dm in DataModel if dm.value in self.search]
+        
+            
+    
 
     @computed_field
     @property
     def source(self) -> str:
         return self.file_path.absolute().parent.name
+        
 
     deployment: Deployment = Field({})
 
@@ -249,12 +243,9 @@ class Detection_Abstract(SecurityContentObject):
     @computed_field
     @property
     def providing_technologies(self) -> List[ProvidingTechnology]:
-        if isinstance(self.search, str):
-            return ProvidingTechnology.getProvidingTechFromSearch(self.search)
-        else:
-            # Dict-formatted searches (sigma) will not have providing technologies
-            return []
-
+        return ProvidingTechnology.getProvidingTechFromSearch(self.search)
+        
+    
     @computed_field
     @property
     def risk(self) -> list[dict[str, Any]]:
@@ -445,18 +436,13 @@ class Detection_Abstract(SecurityContentObject):
 
     @field_validator('lookups', mode="before")
     @classmethod
-    def getDetectionLookups(cls, v: list[str], info: ValidationInfo) -> list[Lookup]:
-        if info.context is None:
-            raise ValueError("ValidationInfo.context unexpectedly null")
-
-        director: DirectorOutputDto = info.context.get("output_dto", None)
-
-        search: Union[str, dict[str, Any], None] = info.data.get("search", None)
-        if not isinstance(search, str):
-            # The search was sigma formatted (or failed other validation and was None), so we will
-            # not validate macros in it
-            return []
-
+    def getDetectionLookups(cls, v:list[str], info:ValidationInfo) -> list[Lookup]:
+        director:DirectorOutputDto = info.context.get("output_dto",None)
+        
+        search:Union[str,None] = info.data.get("search",None)
+        if search is None:
+            raise ValueError("Search was None - is this file missing the search field?")
+        
         lookups = Lookup.get_lookups(search, director)
         return lookups
 
@@ -496,11 +482,9 @@ class Detection_Abstract(SecurityContentObject):
 
         director: DirectorOutputDto = info.context.get("output_dto", None)
 
-        search: str | dict[str, Any] | None = info.data.get("search", None)
-        if not isinstance(search, str):
-            # The search was sigma formatted (or failed other validation and was None), so we will
-            # not validate macros in it
-            return []
+        search: str | None = info.data.get("search", None)
+        if search is None:
+            raise ValueError("Search was None - is this file missing the search field?")
 
         search_name: Union[str, Any] = info.data.get("name", None)
         message = f"Expected 'search_name' to be a string, instead it was [{type(search_name)}]"
@@ -614,45 +598,43 @@ class Detection_Abstract(SecurityContentObject):
 
     @model_validator(mode="after")
     def search_observables_exist_validate(self):
-        if isinstance(self.search, str):
-
-            observable_fields = [ob.name.lower() for ob in self.tags.observable]
+        observable_fields = [ob.name.lower() for ob in self.tags.observable]
 
-            # All $field$ fields from the message must appear in the search
-            field_match_regex = r"\$([^\s.]*)\$"
+        # All $field$ fields from the message must appear in the search
+        field_match_regex = r"\$([^\s.]*)\$"
 
-            missing_fields: set[str]
-            if self.tags.message:
-                matches = re.findall(field_match_regex, self.tags.message.lower())
-                message_fields = [match.replace("$", "").lower() for match in matches]
-                missing_fields = set([field for field in observable_fields if field not in self.search.lower()])
-            else:
-                message_fields = []
-                missing_fields = set()
-
-            error_messages: list[str] = []
-            if len(missing_fields) > 0:
-                error_messages.append(
-                    "The following fields are declared as observables, but do not exist in the "
-                    f"search: {missing_fields}"
-                )
+        missing_fields: set[str]
+        if self.tags.message:
+            matches = re.findall(field_match_regex, self.tags.message.lower())
+            message_fields = [match.replace("$", "").lower() for match in matches]
+            missing_fields = set([field for field in observable_fields if field not in self.search.lower()])
+        else:
+            message_fields = []
+            missing_fields = set()
+
+        error_messages: list[str] = []
+        if len(missing_fields) > 0:
+            error_messages.append(
+                "The following fields are declared as observables, but do not exist in the "
+                f"search: {missing_fields}"
+            )
 
-            missing_fields = set([field for field in message_fields if field not in self.search.lower()])
-            if len(missing_fields) > 0:
-                error_messages.append(
-                    "The following fields are used as fields in the message, but do not exist in "
-                    f"the search: {missing_fields}"
-                )
+        missing_fields = set([field for field in message_fields if field not in self.search.lower()])
+        if len(missing_fields) > 0:
+            error_messages.append(
+                "The following fields are used as fields in the message, but do not exist in "
+                f"the search: {missing_fields}"
+            )
 
-            # NOTE: we ignore the type error around self.status because we are using Pydantic's
-            # use_enum_values configuration
-            # https://docs.pydantic.dev/latest/api/config/#pydantic.config.ConfigDict.populate_by_name
-            if len(error_messages) > 0 and self.status == DetectionStatus.production.value:         # type: ignore
-                msg = (
-                    "Use of fields in observables/messages that do not appear in search:\n\t- "
-                    "\n\t- ".join(error_messages)
-                )
-                raise ValueError(msg)
+        # NOTE: we ignore the type error around self.status because we are using Pydantic's
+        # use_enum_values configuration
+        # https://docs.pydantic.dev/latest/api/config/#pydantic.config.ConfigDict.populate_by_name
+        if len(error_messages) > 0 and self.status == DetectionStatus.production.value:         # type: ignore
+            msg = (
+                "Use of fields in observables/messages that do not appear in search:\n\t- "
+                "\n\t- ".join(error_messages)
+            )
+            raise ValueError(msg)
 
         # Found everything
         return self

contentctl/objects/config.py

@@ -175,7 +175,6 @@ class validate(Config_Base):
                                                          "be avoided for performance reasons.")
     build_app: bool = Field(default=True, description="Should an app be built and output in the build_path?")
     build_api: bool = Field(default=False, description="Should api objects be built and output in the build_path?")
-    build_ssa: bool = Field(default=False, description="Should ssa objects be built and output in the build_path?")
     data_source_TA_validation: bool = Field(default=False, description="Validate latest TA information from Splunkbase")
 
     def getAtomicRedTeamRepoPath(self, atomic_red_team_repo_name:str = "atomic-red-team"):
@@ -577,7 +576,6 @@ class test_common(build):
         # output to dist. We have already built it!
         self.build_app = False
         self.build_api = False
-        self.build_ssa = False
         self.enrichments = False
         
         self.enable_integration_testing = True

{contentctl-4.2.5.dist-info → contentctl-4.3.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: contentctl
-Version: 4.2.5
+Version: 4.3.0
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT
@@ -19,8 +19,6 @@ Requires-Dist: gitpython (>=3.1.43,<4.0.0)
 Requires-Dist: pycvesearch (>=1.2,<2.0)
 Requires-Dist: pydantic (>=2.7.1,<3.0.0)
 Requires-Dist: pygit2 (>=1.14.1,<2.0.0)
-Requires-Dist: pysigma (>=0.11.5,<0.12.0)
-Requires-Dist: pysigma-backend-splunk (>=1.1.0,<2.0.0)
 Requires-Dist: questionary (>=2.0.1,<3.0.0)
 Requires-Dist: requests (>=2.32.2,<2.33.0)
 Requires-Dist: semantic-version (>=2.10.0,<3.0.0)
@@ -36,8 +34,20 @@ Description-Content-Type: text/markdown
 <p align="center">
 <img src="docs/contentctl_logo_white.png" title="In case you're wondering, it's a capybara" alt="contentctl logo" width="250" height="250"></p>
 
-
-
+# contentctl Quick Start Guide
+If you are already familiar with contentctl, the following common commands may be very useful for basic operations
+
+| Operation | Command |
+|-----------|---------|
+| Create a repository | `contentctl init` |
+| Validate Your Content | `contentctl validate` |
+| Validate Your Content, performing MITRE Enrichments | `contentctl validate –-enrichments`|
+| Build Your App | `contentctl build` |
+| Test All the content in your app, pausing so that you can debug a search if it fails | `contentctl test –-post-test-behavior pause_on_failure mode:all` |
+| Test All the content in your app, pausing after every detection to allow debugging | `contentctl test –-post-test-behavior always_pause mode:all` |
+| Test 1 or more specified detections. If you are testing more than one detection, the paths are space-separated. You may also use shell-expanded regexes | `contentctl test –-post-test-behavior always_pause mode:selected --mode.files detections/endpoint/7zip_commandline_to_smb_share_path.yml detections/cloud/aws_multi_factor_authentication_disabled.yml detections/application/okta*` |
+| Diff your current branch with a target_branch and test detections that have been updated. Your current branch **must be DIFFERENT** than the target_branch | `contentctl test –-post-test-behavior always_pause mode:changes –-mode.target_branch develop` |
+| Perform Integration Testing of all content. Note that Enterprise Security MUST be listed as an app in your contentctl.yml folder, otherwise all tests will subsequently fail | `contentctl test –-enable-integration-testing --post-test-behavior never_pause mode:all` |
 
 # Introduction
 #### Security Is Hard 

{contentctl-4.2.5.dist-info → contentctl-4.3.0.dist-info}/RECORD

@@ -1,6 +1,5 @@
 contentctl/__init__.py,sha256=IMjkMO3twhQzluVTo8Z6rE7Eg-9U79_LGKMcsWLKBkY,22
-contentctl/actions/build.py,sha256=mGm1F8jWdj547uJVSEWZBZcEyjoO4QpPKWhJOpRwR94,5739
-contentctl/actions/convert.py,sha256=0KBWLxvP1hSPXpExePqpOQPRvlQLamvPLyQqeTIWNbk,704
+contentctl/actions/build.py,sha256=FXMub_CAVN4kTks3RLHBm8O9qtFV2EkSSNld7FzCPd0,5035
 contentctl/actions/deploy_acs.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
 contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zg8JasDjCpSC-yhseEyUwO8qbDJIUJbhlus9Li9ZAnA,8818
 contentctl/actions/detection_testing/GitService.py,sha256=W1vnDDt8JvIL7Z1Lve3D3RS7h8qwMxrW0BMXVGuDZDM,9007
@@ -21,7 +20,7 @@ contentctl/actions/new_content.py,sha256=o5ZYBQ216RN6TnW_wRxVGJybx2SsJ7ht4PAi1dw
 contentctl/actions/release_notes.py,sha256=akkFfLhsJuaPUyjsb6dLlKt9cUM-JApAjTFQMbYoXeM,13115
 contentctl/actions/reporting.py,sha256=MJEmvmoA1WnSFZEU9QM6daL_W94oOX0WXAcX1qAM2As,1583
 contentctl/actions/test.py,sha256=dx7f750_MrlvysxOmOdIro1bH0iVKF4K54TSwhvU2MU,5146
-contentctl/actions/validate.py,sha256=2iFhyhh_LXyMAXtkxnYai7CONSVx4Hb8RftEs_Z_7mI,5649
+contentctl/actions/validate.py,sha256=2MQ8yumCKj7zD8iUuA5gfFEMcE-GPRzYqkvuOexn0JA,5633
 contentctl/api.py,sha256=FBOpRhbBCBdjORmwe_8MPQ3PRZ6T0KrrFcfKovVFkug,6343
 contentctl/contentctl.py,sha256=SxWFMYquSYQAATrTBpvfj4j5DRedsOF2xO96ASs74wA,10505
 contentctl/enrichments/attack_enrichment.py,sha256=dVwXcULSeZJuQbeTlPpKDyEB9Y6uCy0UGWI83gPLTI0,6735
@@ -31,13 +30,10 @@ contentctl/helper/link_validator.py,sha256=-XorhxfGtjLynEL1X4hcpRMiyemogf2JEnvLw
 contentctl/helper/logger.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 contentctl/helper/splunk_app.py,sha256=PZf60Z3ALQLJQ6I--cbWTCzvOMPGsjZSns1BFrZu4S4,9549
 contentctl/helper/utils.py,sha256=8ICRvE7DUiNL9BK4Hw71hCLFbd3R2u86OwKeDOdaBTY,19454
-contentctl/input/backend_splunk_ba.py,sha256=Y70tJqgaUM0nzfm2SiGMof4HkhY84feqf-xnRx1xPb4,5861
-contentctl/input/director.py,sha256=w-3aMrFGmfLb8vRzI-rP6K-JlmqYOwZS7OLjU_cOlck,12598
+contentctl/input/director.py,sha256=kTqdN_rCzRMn4dR32hPaVyx2llhAxyhJgoGjowhsHzs,10887
 contentctl/input/new_content_questions.py,sha256=o4prlBoUhEMxqpZukquI9WKbzfFJfYhEF7a8m2q_BEE,5565
-contentctl/input/sigma_converter.py,sha256=ATFNW7boNngp5dmWM7Gr4rMZrUKjvKW2_qu28--FdiU,19391
-contentctl/input/ssa_detection_builder.py,sha256=4wjgV-WQaJltPHxqd455lNU_8Dn-OlEaqYO8dvIsZ6c,8279
 contentctl/input/yml_reader.py,sha256=hyVUYhx4Ka8C618kP2D_E3sDUKEQGC6ty_QZQArHKd4,1489
-contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=TP2FAbcJ3B1xTTKSRh8-p2FfNgnTVIruprp_WMNyJGw,35388
+contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=gra5kZkLFATBQJ-ZR4SNzkZ86MBX3pnOz2RdIl5oOVs,34502
 contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=7tv-WEiUUOvZkao272J9l1IvL0y12kJ6SWLsMeWv9VE,9820
 contentctl/objects/alert_action.py,sha256=E9gjCn5C31h0sN7k90KNe4agRxFFSnMW_Z-Ri_3YQss,1335
 contentctl/objects/atomic.py,sha256=BP27gP8KHeODp6UazhVFxwDQ64wuJCARGsLfIH34h7U,8768
@@ -45,7 +41,7 @@ contentctl/objects/base_test.py,sha256=7kAV0njoXaasA-Mt3Zxeq-NFwFF5Z9U85k5cEYW1i
 contentctl/objects/base_test_result.py,sha256=ZEAC2IUwUrW_-zHoaS7zp-uBBKIVTS8TcMXjkMByjF4,5006
 contentctl/objects/baseline.py,sha256=Lb1vJKtDdlDrzWgrdkC9oQao_TnRrOxSwOWHf4trtaU,2150
 contentctl/objects/baseline_tags.py,sha256=fVhLF-NmisavybB_idu3N0Con0Ymj8clKfRMkWzBB-k,1762
-contentctl/objects/config.py,sha256=ha18aqKmkYqAvM8YI124q6JYxesYRon9rc0NMWFzCS4,43762
+contentctl/objects/config.py,sha256=XpCjYIoU4XTM6RL4Nt-YjMX342FJz4R-ATDXJWexHNs,43615
 contentctl/objects/constants.py,sha256=1LjiK9A7t0aHHkJz2mrW-DImdW1P98GPssTwmwNNI_M,3468
 contentctl/objects/correlation_search.py,sha256=QZp1u-dwTZl9hkUOlJdHQ9h4Hp2bDHWWCKtrp3mvIUY,48310
 contentctl/objects/data_source.py,sha256=aRr6lHu-EtGmi6J2nXKD7i2ozUPtp7X-vDkQiutvD3I,1545
@@ -92,13 +88,11 @@ contentctl/objects/unit_test_ssa.py,sha256=RURqXb3e0CuI5nNX8PvFucxatAvMmGSUDngVb
 contentctl/output/api_json_output.py,sha256=n3OTd5z-Vkmsn7ny6QCAar_jSMNuuJfzAQa7xq_9if4,9085
 contentctl/output/attack_nav_output.py,sha256=95iKV8U9BMMgqh6cCOw1S89Ln73xmJGgJPHTYR0L7hA,2304
 contentctl/output/attack_nav_writer.py,sha256=64ILZLmNbh2XLmbopgENkeo6t-4SRRG8xZXBmtpNd4g,2219
-contentctl/output/ba_yml_output.py,sha256=Lrk13Q9-f71i3c0oNrT50G94PxdogG4k4-MI-rTMOAo,5950
 contentctl/output/conf_output.py,sha256=7HcHM9pJLNnan1Kq_7ozvs5iOgfzqdKbO6gwxUZJVnc,9994
 contentctl/output/conf_writer.py,sha256=2TaCAPEtU-bMa7A2m7xOxh93PMpzIdhwiHiPLUCeCB4,8281
 contentctl/output/data_source_writer.py,sha256=ubFjm6XJ4T2d3oqfKwDFasITHeDj3HFmegqVN--5_ME,1635
 contentctl/output/detection_writer.py,sha256=AzxbssNLmsNIOaYKotew5-ONoyq1cQpKSGy3pe191B0,960
 contentctl/output/doc_md_output.py,sha256=gf7osH1uSrC6js3D_I72g4uDe9TaB3tsvtqCHi5znp0,3238
-contentctl/output/finding_report_writer.py,sha256=bjJR7NAxLE8vt8uU3zSDhazQzqzOdtCsUu95lVdzU_w,3939
 contentctl/output/jinja_writer.py,sha256=bdiqr9FaXYxth4wZ1A52zTMAS5stHNGpezTkaS5pres,1119
 contentctl/output/json_writer.py,sha256=Z-iVLnZb8tzYATxbQtXax0dz572lVPFMNVTx-vWbnog,1007
 contentctl/output/new_content_yml_output.py,sha256=ktZ9miHluqkw8jD-pn-62bjVp1sQqqQ7B53xy18DHU8,2321
@@ -169,8 +163,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
 contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
 contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
 contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
-contentctl-4.2.5.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
-contentctl-4.2.5.dist-info/METADATA,sha256=AKuXizf44e0rPSDHXX6viX88kBtY4M8RMh01jOEucqU,19386
-contentctl-4.2.5.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-contentctl-4.2.5.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
-contentctl-4.2.5.dist-info/RECORD,,
+contentctl-4.3.0.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-4.3.0.dist-info/METADATA,sha256=YpQM8untSb4LvHmv0IHCjgJP7qM5X_c13n17lJGK_kg,20939
+contentctl-4.3.0.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+contentctl-4.3.0.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-4.3.0.dist-info/RECORD,,

contentctl/actions/convert.py

@@ -1,25 +0,0 @@
-
-import sys
-import shutil
-import os
-
-from dataclasses import dataclass
-
-from contentctl.input.sigma_converter import *
-from contentctl.output.yml_output import YmlOutput
-
-@dataclass(frozen=True)
-class ConvertInputDto:
-    sigma_converter_input_dto: SigmaConverterInputDto
-    output_path : str
-
-
-class Convert:
-
-    def execute(self, input_dto: ConvertInputDto) -> None:
-        sigma_converter_output_dto = SigmaConverterOutputDto([])
-        sigma_converter = SigmaConverter(sigma_converter_output_dto)
-        sigma_converter.execute(input_dto.sigma_converter_input_dto)
-
-        yml_output = YmlOutput()
-        yml_output.writeDetections(sigma_converter_output_dto.detections, input_dto.output_path)