contentctl 4.3.5__py3-none-any.whl → 4.4.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (49) hide show
  1. contentctl/actions/build.py +1 -0
  2. contentctl/actions/detection_testing/GitService.py +10 -10
  3. contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py +68 -38
  4. contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py +5 -1
  5. contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py +10 -8
  6. contentctl/actions/inspect.py +6 -4
  7. contentctl/actions/new_content.py +10 -2
  8. contentctl/actions/release_notes.py +5 -3
  9. contentctl/actions/validate.py +2 -1
  10. contentctl/enrichments/cve_enrichment.py +6 -7
  11. contentctl/input/director.py +14 -12
  12. contentctl/input/new_content_questions.py +9 -42
  13. contentctl/objects/abstract_security_content_objects/detection_abstract.py +147 -7
  14. contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py +17 -9
  15. contentctl/objects/base_test_result.py +7 -7
  16. contentctl/objects/baseline.py +12 -18
  17. contentctl/objects/baseline_tags.py +2 -5
  18. contentctl/objects/config.py +15 -9
  19. contentctl/objects/constants.py +30 -0
  20. contentctl/objects/correlation_search.py +79 -114
  21. contentctl/objects/dashboard.py +100 -0
  22. contentctl/objects/deployment.py +20 -5
  23. contentctl/objects/detection_tags.py +22 -20
  24. contentctl/objects/drilldown.py +70 -0
  25. contentctl/objects/enums.py +26 -22
  26. contentctl/objects/investigation.py +23 -15
  27. contentctl/objects/investigation_tags.py +4 -3
  28. contentctl/objects/lookup.py +8 -1
  29. contentctl/objects/macro.py +16 -7
  30. contentctl/objects/notable_event.py +6 -5
  31. contentctl/objects/risk_analysis_action.py +4 -4
  32. contentctl/objects/risk_event.py +8 -7
  33. contentctl/objects/story.py +4 -16
  34. contentctl/objects/throttling.py +46 -0
  35. contentctl/output/conf_output.py +4 -0
  36. contentctl/output/conf_writer.py +20 -3
  37. contentctl/output/templates/analyticstories_detections.j2 +2 -2
  38. contentctl/output/templates/analyticstories_investigations.j2 +5 -5
  39. contentctl/output/templates/analyticstories_stories.j2 +1 -1
  40. contentctl/output/templates/savedsearches_baselines.j2 +2 -3
  41. contentctl/output/templates/savedsearches_detections.j2 +12 -7
  42. contentctl/output/templates/savedsearches_investigations.j2 +3 -4
  43. contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml +10 -1
  44. {contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/METADATA +3 -2
  45. {contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/RECORD +48 -46
  46. {contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/WHEEL +1 -1
  47. contentctl/output/templates/finding_report.j2 +0 -30
  48. {contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/LICENSE.md +0 -0
  49. {contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/entry_points.txt +0 -0
{contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: contentctl
3
- Version: 4.3.5
3
+ Version: 4.4.1
4
4
  Summary: Splunk Content Control Tool
5
5
  License: Apache 2.0
6
6
  Author: STRT
@@ -10,6 +10,7 @@ Classifier: License :: Other/Proprietary License
10
10
  Classifier: Programming Language :: Python :: 3
11
11
  Classifier: Programming Language :: Python :: 3.11
12
12
  Classifier: Programming Language :: Python :: 3.12
13
+ Classifier: Programming Language :: Python :: 3.13
13
14
  Requires-Dist: Jinja2 (>=3.1.4,<4.0.0)
14
15
  Requires-Dist: PyYAML (>=6.0.2,<7.0.0)
15
16
  Requires-Dist: attackcti (>=0.4.0,<0.5.0)
@@ -26,7 +27,7 @@ Requires-Dist: setuptools (>=69.5.1,<76.0.0)
26
27
  Requires-Dist: splunk-sdk (>=2.0.2,<3.0.0)
27
28
  Requires-Dist: tqdm (>=4.66.5,<5.0.0)
28
29
  Requires-Dist: tyro (>=0.8.3,<0.9.0)
29
- Requires-Dist: xmltodict (>=0.13.0,<0.14.0)
30
+ Requires-Dist: xmltodict (>=0.13,<0.15)
30
31
  Description-Content-Type: text/markdown
31
32
 
32
33
 
{contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/RECORD RENAMED
@@ -1,52 +1,53 @@
1
1
  contentctl/__init__.py,sha256=IMjkMO3twhQzluVTo8Z6rE7Eg-9U79_LGKMcsWLKBkY,22
2
- contentctl/actions/build.py,sha256=FXMub_CAVN4kTks3RLHBm8O9qtFV2EkSSNld7FzCPd0,5035
2
+ contentctl/actions/build.py,sha256=htuFSKjavKOSUMxcjw7y84teLI6XFkG_U7cnLn5eGnA,5173
3
3
  contentctl/actions/deploy_acs.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
4
4
  contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zg8JasDjCpSC-yhseEyUwO8qbDJIUJbhlus9Li9ZAnA,8818
5
- contentctl/actions/detection_testing/GitService.py,sha256=W1vnDDt8JvIL7Z1Lve3D3RS7h8qwMxrW0BMXVGuDZDM,9007
5
+ contentctl/actions/detection_testing/GitService.py,sha256=cofi7yilcaq_5fugSbRpSmQjFRKFcB8nJmOdUfHVRzc,9045
6
6
  contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=N5mznaeErVak3mOBwsd0RDBFJO3bku0EZvpayCyU-uk,2259
7
- contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py,sha256=00ymK5PyAn_FREi8Cj0HqpUt-U6XMpSHrN0QNqIrbDA,55190
8
- contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py,sha256=REM3WB-DQAczeknGAKMzJhnvHgnt-u9yDG2UKGVj2vM,6854
7
+ contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py,sha256=mcdLt3tZr-xF5xaYnD0q7JQx9qrbRIzPNl6D9MeeB5k,56999
8
+ contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py,sha256=WCtyyMKTA17JzPIb10rV8C6vdG-cBzHtFC9T2CuYY2o,7047
9
9
  contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureServer.py,sha256=Q1ZfCYOp54O39bgTScZMInkmZiU-bGAM9Hiwr2mq5ms,370
10
10
  contentctl/actions/detection_testing/progress_bar.py,sha256=OK9oRnPlzPAswt9KZNYID-YLHxqaYPY821kIE4-rCeA,3244
11
11
  contentctl/actions/detection_testing/views/DetectionTestingView.py,sha256=nh9-gBSy-7FFBU71v4K5rwJmPzX2swFivbNfzDOpH-U,7674
12
12
  contentctl/actions/detection_testing/views/DetectionTestingViewCLI.py,sha256=v5F3heZ3ZD0ik_-a_zDYSEz6oc5VdVj3e5rSSZ-tK00,2149
13
13
  contentctl/actions/detection_testing/views/DetectionTestingViewFile.py,sha256=3mBCQy3hYuX8bNqh3al0nANlMwq9sxbQjkhwA1V5LOA,1090
14
- contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py,sha256=6mecacXFoTJxcHiRZSnlHos5Hca1jdedEEZfiIAhaJg,4706
14
+ contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py,sha256=Q6p7UqDOYI2VjFl21_1iue76rWVsQmJUzRewtUBF1a8,4755
15
15
  contentctl/actions/doc_gen.py,sha256=YNc1VYA0ikL1hWDHYjfEOmUkfhy8PEIdvTyC4ZLxQRY,863
16
16
  contentctl/actions/initialize.py,sha256=wEO3u8vJYP8Xh2OSJ_HxfMV6mqOdkPyWbUzNGEqMTNA,3055
17
17
  contentctl/actions/initialize_old.py,sha256=0qXbW_fNDvkcnEeL6Zpte8d-hpTu1REyzHsXOCY-YB8,9333
18
- contentctl/actions/inspect.py,sha256=kxExmA4dn4-JXl_PiPVmGObeqQmYd04nKjFNvjFyFYc,17232
19
- contentctl/actions/new_content.py,sha256=o5ZYBQ216RN6TnW_wRxVGJybx2SsJ7ht4PAi1dw45Yg,6076
20
- contentctl/actions/release_notes.py,sha256=akkFfLhsJuaPUyjsb6dLlKt9cUM-JApAjTFQMbYoXeM,13115
18
+ contentctl/actions/inspect.py,sha256=dXV020g_GwwspSgiS6jQxW0JEVr_nublJBevwZ79mZo,17424
19
+ contentctl/actions/new_content.py,sha256=Mz70StFt0bbuUYUHzQ1NINAbPqPsM4deUdlxgQ5S7-k,6481
20
+ contentctl/actions/release_notes.py,sha256=0K7zHQyVHVYK_whiv4PvxOKS4_0s1Ya_RDCrrcT3FW4,13319
21
21
  contentctl/actions/reporting.py,sha256=MJEmvmoA1WnSFZEU9QM6daL_W94oOX0WXAcX1qAM2As,1583
22
22
  contentctl/actions/test.py,sha256=jv12UO_PTjZwvo4G-Dr8fE2gsuWvuvAmO2QQM4q7TL0,5917
23
- contentctl/actions/validate.py,sha256=TL_zUU8Lo2ygf28F_EtaKWTFRBrbg-31XN5j2feNFKM,5524
23
+ contentctl/actions/validate.py,sha256=eVxXf67b65ywe4yXYqaTXJShvqbzG9vd6jlkq-YVzy8,5538
24
24
  contentctl/api.py,sha256=O0dNE3-WkWs2zuOeAQnIicgOtBX5s2bGBhRVo3j69-8,6327
25
25
  contentctl/contentctl.py,sha256=CLYQ1kpVcUkOXPGrGyE7SwAkEtvjq2kHENWyy81gwsM,10400
26
26
  contentctl/enrichments/attack_enrichment.py,sha256=i0p5ud7EqA2SMB7Gc8JQdIonUTjAeDN-hxKBV4XV-Rg,6391
27
- contentctl/enrichments/cve_enrichment.py,sha256=rRdf62sKkBzCBLCNwzAmEhxNiPV2px1VS6MzDiS-uBw,2337
27
+ contentctl/enrichments/cve_enrichment.py,sha256=aXpv_kCS0XP6JpC_ZEOeBPgrl38t_vkKZe9Ay35lRi4,2347
28
28
  contentctl/enrichments/splunk_app_enrichment.py,sha256=zDNHFLZTi2dJ1gdnh0sHkD6F1VtkblqFnhacFcCMBfc,3418
29
29
  contentctl/helper/link_validator.py,sha256=-XorhxfGtjLynEL1X4hcpRMiyemogf2JEnvLwhHq80c,7139
30
30
  contentctl/helper/logger.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
31
31
  contentctl/helper/splunk_app.py,sha256=5KoacltgQ2J1BdxqvZYhr6GCXFl2tsy8TEWNc2gXkqw,14187
32
32
  contentctl/helper/utils.py,sha256=8ICRvE7DUiNL9BK4Hw71hCLFbd3R2u86OwKeDOdaBTY,19454
33
- contentctl/input/director.py,sha256=Z_NV6nyfFHDcWUaXi9Q88Xv-V_patuzQ39YsFzJoXQE,10434
34
- contentctl/input/new_content_questions.py,sha256=o4prlBoUhEMxqpZukquI9WKbzfFJfYhEF7a8m2q_BEE,5565
33
+ contentctl/input/director.py,sha256=U7jrhqP7IbfaSLXGIVtKrVvGTwIrmI1roW2X1jmZZ8Q,10841
34
+ contentctl/input/new_content_questions.py,sha256=p-rop4YpCjyg0RYKQ7Cvk9-7uaa5GDELNVeeUlxk6ks,4191
35
35
  contentctl/input/yml_reader.py,sha256=hyVUYhx4Ka8C618kP2D_E3sDUKEQGC6ty_QZQArHKd4,1489
36
- contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=2TOIfDVZm1uQbHFrP9YFOy7pXDPkIWCxzm-qCzK9Twc,39061
37
- contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=vdZvybF34Zlxf6XOjw400gYbpkPUkOtlu-JiWlAof40,9877
36
+ contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=L9ePzkwjkN2wfAM4su-fXJusIeryK7RqKgdqT4ViZwc,45722
37
+ contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=VUTNG6LvYf5D1L8UA5uciBBI0VfB432-6TCe2hP-_YE,10324
38
38
  contentctl/objects/alert_action.py,sha256=E9gjCn5C31h0sN7k90KNe4agRxFFSnMW_Z-Ri_3YQss,1335
39
39
  contentctl/objects/annotated_types.py,sha256=jnX02BQT4dHbd_DCIjik0PNN3kgsvb7sxAz_1Jy8TOY,259
40
40
  contentctl/objects/atomic.py,sha256=L9QSmwmmSFFfvUykPk_nXwz9XDz-Gn6e0rrDxxRO8uY,7292
41
41
  contentctl/objects/base_test.py,sha256=qUtKQJrqCto_fwCBdiH68_tXqokhcv9ceu2fQlBxsjA,1045
42
- contentctl/objects/base_test_result.py,sha256=jVroyGLb9GD6Wm2QzvgIEA3SWCZqxPsHp9PzxSvpyIs,5101
43
- contentctl/objects/baseline.py,sha256=Lb1vJKtDdlDrzWgrdkC9oQao_TnRrOxSwOWHf4trtaU,2150
44
- contentctl/objects/baseline_tags.py,sha256=fVhLF-NmisavybB_idu3N0Con0Ymj8clKfRMkWzBB-k,1762
45
- contentctl/objects/config.py,sha256=q6-zGzKXi_etiAOJDgKKrU31WfmJkA9_Yjnx2QccScA,49808
46
- contentctl/objects/constants.py,sha256=389Gna6BtukAkXfOKiHEg-FtPRVEVReV4pEMeLuq7o8,3653
47
- contentctl/objects/correlation_search.py,sha256=ZZVoO3M594qCy_aAMhQiOPWn8FiSFbRShUCCLx6zhNc,48434
42
+ contentctl/objects/base_test_result.py,sha256=pr-rwr80bJej8hHNhiVBvw49FZmRuPfOIChLJjY22lY,5205
43
+ contentctl/objects/baseline.py,sha256=cnJQt1z-PQDH6mbDU-eqo-l41LSWsaKmqU0IxuJWnGk,2139
44
+ contentctl/objects/baseline_tags.py,sha256=fyfH2KZqUhPGCwfverYw2_ZGXQIjgkT3P7hiYDPnN4Y,1599
45
+ contentctl/objects/config.py,sha256=XYkDRHeULwCzOfYKnj8xsLcHrZ_HdUlR-XsO0mupXGo,50474
46
+ contentctl/objects/constants.py,sha256=scKaQlubfjkW5n2AztY5zneAgjVLXbnyK0ZBALxPUV8,5529
47
+ contentctl/objects/correlation_search.py,sha256=_BlHgLmmY5OdrV3f301radrH1cE2Gpr1GqVTmCxWP44,46272
48
+ contentctl/objects/dashboard.py,sha256=GKb_YqZMSP98Y97AlKffJrtVUufZzJag-zdmqRePLZ4,4114
48
49
  contentctl/objects/data_source.py,sha256=aRr6lHu-EtGmi6J2nXKD7i2ozUPtp7X-vDkQiutvD3I,1545
49
- contentctl/objects/deployment.py,sha256=Qc6M4yeOvxjqFKR8sfjd4CG06AbVheTOqP1mwqo4t8s,2651
50
+ contentctl/objects/deployment.py,sha256=9iFo3iwvBVmBMlW-VhwX4ikbh2shl5cumSPOFMdqT2Q,3044
50
51
  contentctl/objects/deployment_email.py,sha256=Zu9cXZdfOP6noa_mZpiK1GrYCTgi3Mim94iLGjE674c,147
51
52
  contentctl/objects/deployment_notable.py,sha256=QhOI7HEkUuuqk0fum9SD8IpYBlbwIsJUff8s3kCKKj4,198
52
53
  contentctl/objects/deployment_phantom.py,sha256=EmRlPKpEij4vqUJgACqK_zcGBmHV8xXczkJi-FxMDio,207
@@ -56,42 +57,44 @@ contentctl/objects/deployment_slack.py,sha256=P6z8OLHDKcDWx7nbKWasqBc3dFRatGcpO2
56
57
  contentctl/objects/detection.py,sha256=3W41cXf3ECjWuPqWrseqSLC3PAA7O5_nENWWM6MPK0Y,620
57
58
  contentctl/objects/detection_metadata.py,sha256=eCsru2cymc3VINjt9MpDyGw2zXa2HyVEPv-XiGAcAeQ,2236
58
59
  contentctl/objects/detection_stanza.py,sha256=842fHPfGDdddHF5UzgftYr8OlYblWhMWZxPQsTu2wKg,3066
59
- contentctl/objects/detection_tags.py,sha256=90-dGSMwZH-6VYReb2_f81s3pZ4dJ2PBQZog4GMZcE4,11030
60
- contentctl/objects/enums.py,sha256=xY-pESjN8AUeP_ELCtMDUxQO7OzMJbK-QSl4UJfaqGQ,14016
60
+ contentctl/objects/detection_tags.py,sha256=iozG-McM6VRYuqWHhQXvKD_iVyug2rdofuTf4jeUaG4,11208
61
+ contentctl/objects/drilldown.py,sha256=k_U0-vXKBCKeoUKszQ_0FdYQMq9c9mJ3PsHe6rM2lAA,3914
62
+ contentctl/objects/enums.py,sha256=wwPC9IWOMxdZrFhXM-nDEnSvMvY8nN9Md5Mt9ELiYG0,14241
61
63
  contentctl/objects/errors.py,sha256=WURmJCqhy2CZNXXCypXVtwnjSBx-VIcB6W9oFJmzoFk,5762
62
64
  contentctl/objects/event_source.py,sha256=G9P7rtcN5hcBNQx6DG37mR3QyQufx--T6kgQGNqQuKk,415
63
65
  contentctl/objects/integration_test.py,sha256=UBBx85f517MpQXOM7-iEasACEQ0-Ia7W4rDChOHZfno,1319
64
66
  contentctl/objects/integration_test_result.py,sha256=9oVWka57alIVPiCDbNgy-OmJcBicyYbrr6anL52Wgks,278
65
- contentctl/objects/investigation.py,sha256=MrID5n9jnoHNKyZW0UszbiPdX4uc6tQWK-1wkns2rXA,2677
66
- contentctl/objects/investigation_tags.py,sha256=nFpMRKBVBsW21YW_vy2G1lXaSARX-kfFyrPoCyE77Q8,1280
67
- contentctl/objects/lookup.py,sha256=oZwBiHfRRrv2ZXdGyWIJWSWZMpuUbsXydaDDfpenk-4,7219
68
- contentctl/objects/macro.py,sha256=9nE-bxkFhtaltHOUCr0luU8jCCthmglHjhKs6Q2YzLU,2684
67
+ contentctl/objects/investigation.py,sha256=UCiKvTW3SQrjbbVAdYxmtJb_DT3-wuVgxZvT9nudvnw,3236
68
+ contentctl/objects/investigation_tags.py,sha256=mwjIyWtQflF_sjzKOmfcXj-DkPsgwX0jSN7_weearM4,1304
69
+ contentctl/objects/lookup.py,sha256=vy-4JVswguJGIniIwkPG_WAeo5JlCrHUTV9FOyksRII,7516
70
+ contentctl/objects/macro.py,sha256=nEIWRVCMQiTfSD5ajg-39laf-JH85zKE9uIFnljQTyE,3293
69
71
  contentctl/objects/manual_test.py,sha256=YNquEQ0UCzZGJ0uvHBgJ3Efho-F80ZG885ABLtqB7TI,1022
70
72
  contentctl/objects/manual_test_result.py,sha256=C4AYW3jlMsxVzCPzCA5dpAcbKgCpmDO43JmptFm--Q4,155
71
73
  contentctl/objects/mitre_attack_enrichment.py,sha256=4_9hvrxCXnGfyWqoj7C-0pCfGXEBJXfhrcSfb1cmPjs,3387
72
74
  contentctl/objects/notable_action.py,sha256=ValkblBaG-60TF19y_vSnNzoNZ3eg48wIfr0qZxyKTA,1605
73
- contentctl/objects/notable_event.py,sha256=ITcwLzeatSGpe8267PYN-EhgqOSoWTfciCBVu8zjOXE,682
75
+ contentctl/objects/notable_event.py,sha256=YlmI5CbTeu2hrj1yhmvu6ma4RY_6RFvIuq8aEtrn4z8,703
74
76
  contentctl/objects/observable.py,sha256=pw0Ehi_KMb7nXzw2kuw1FnCknpD8zDkCAqBTa-M_F28,1313
75
77
  contentctl/objects/playbook.py,sha256=hSYYpdMhctgpp7uwaPciFqu1yuFI4M1NHy1WBBLyvzM,2469
76
78
  contentctl/objects/playbook_tags.py,sha256=NrhTGcgoYSGEZggrfebko0GBOXN9x05IadRUUL_CVfQ,1436
77
- contentctl/objects/risk_analysis_action.py,sha256=Glzcq99DAqqOJ2eZYCkUI3R5hA5cZGU0ZuCSinFf2R8,4278
78
- contentctl/objects/risk_event.py,sha256=b5Smh3w5Hecmi7E-Ub5DvO8iOPwnVg2ux47u7oemxX4,14041
79
+ contentctl/objects/risk_analysis_action.py,sha256=OeatdTFXa6801JZIyvfN7c0B0rTnXpdVh1PXHCmQsz0,4275
80
+ contentctl/objects/risk_event.py,sha256=wPVQPwvA3u_2CTeZwy7xLHrIH98mWpvBunEsQLGlb-Y,14106
79
81
  contentctl/objects/risk_object.py,sha256=yY4NmEwEKaRl4sLzCRZb1n8kdpV3HzYbQVQ1ClQWYHw,904
80
82
  contentctl/objects/savedsearches_conf.py,sha256=tCyZHqAQ9azgwIyySViY2BdM4To5Cb_GeYEEHPwR4Zc,8604
81
83
  contentctl/objects/security_content_object.py,sha256=j8KNDwSMfZsSIzJucC3NuZo0SlFVpqHfDc6y3-YHjHI,234
82
- contentctl/objects/story.py,sha256=FXe11LV19xJTtCgx7DKdvV9cL0gKeryUnE3yjpnDmrU,4957
84
+ contentctl/objects/story.py,sha256=9q8_WosIZwq5cWIUbl_0IErV4fWc9VA18YBuJeflXn0,4823
83
85
  contentctl/objects/story_tags.py,sha256=cOL8PUzdlFdLPQHc54_-9sdI8nCE1D04oKY7KriOssI,2293
84
86
  contentctl/objects/test_attack_data.py,sha256=9OgErjdPR4S-SJpQePt0uwBLPYHYPtqKDd-auhjz7Uc,430
85
87
  contentctl/objects/test_group.py,sha256=DCtm4ChGYksOwZQVHsioaweOvI37CSlTZJzKvBX-jbY,2586
86
88
  contentctl/objects/threat_object.py,sha256=S8B7RQFfLxN_g7yKPrDTuYhIy9JvQH3YwJ_T5LUZIa4,711
89
+ contentctl/objects/throttling.py,sha256=om0pGOMStr6sTwm5uZ7rBcSHhRLpaX6TS5x-aaPGsR0,2369
87
90
  contentctl/objects/unit_test.py,sha256=eMFehpHhmZA5WYBqhWUNRF_LpxuLM9VooAxjXeNbrxY,1144
88
91
  contentctl/objects/unit_test_baseline.py,sha256=XHvOm7qLYfqrP6uC5U_pfgw_pf8-S2RojuNmbo6lXlM,227
89
92
  contentctl/objects/unit_test_result.py,sha256=POQfvvPpSw-jQzINBz1_IszUMJ4Wbopu8HRS1Qe6P2M,2940
90
93
  contentctl/output/api_json_output.py,sha256=n3OTd5z-Vkmsn7ny6QCAar_jSMNuuJfzAQa7xq_9if4,9085
91
94
  contentctl/output/attack_nav_output.py,sha256=95iKV8U9BMMgqh6cCOw1S89Ln73xmJGgJPHTYR0L7hA,2304
92
95
  contentctl/output/attack_nav_writer.py,sha256=64ILZLmNbh2XLmbopgENkeo6t-4SRRG8xZXBmtpNd4g,2219
93
- contentctl/output/conf_output.py,sha256=7HcHM9pJLNnan1Kq_7ozvs5iOgfzqdKbO6gwxUZJVnc,9994
94
- contentctl/output/conf_writer.py,sha256=uMxWrdu-4paiTgUGu_FUWMjT-r_IpdZSTUSDZUGC6k8,8541
96
+ contentctl/output/conf_output.py,sha256=gmO180RpPPB1H1_tkNpQERkai--l0iRS7qV-kMtFir0,10136
97
+ contentctl/output/conf_writer.py,sha256=o0lpCGKuOtFrf_7uV4Qq8nCBL69fivCkEavmxGXFuvs,9575
95
98
  contentctl/output/data_source_writer.py,sha256=ubFjm6XJ4T2d3oqfKwDFasITHeDj3HFmegqVN--5_ME,1635
96
99
  contentctl/output/detection_writer.py,sha256=AzxbssNLmsNIOaYKotew5-ONoyq1cQpKSGy3pe191B0,960
97
100
  contentctl/output/doc_md_output.py,sha256=gf7osH1uSrC6js3D_I72g4uDe9TaB3tsvtqCHi5znp0,3238
@@ -99,9 +102,9 @@ contentctl/output/jinja_writer.py,sha256=bdiqr9FaXYxth4wZ1A52zTMAS5stHNGpezTkaS5
99
102
  contentctl/output/json_writer.py,sha256=Z-iVLnZb8tzYATxbQtXax0dz572lVPFMNVTx-vWbnog,1007
100
103
  contentctl/output/new_content_yml_output.py,sha256=KvP0FffQBPznSKqJyRQMtehf4XYEVK5jiPlUwnkekUc,2061
101
104
  contentctl/output/svg_output.py,sha256=T2p4S085MKj5VPZKvo4tWBVOmYme32J9L7kMEBm3SwQ,2751
102
- contentctl/output/templates/analyticstories_detections.j2,sha256=MYefoyWAq4b7dth3OlbMWNhFnH3_nnMKaOfw0lMkxT4,917
103
- contentctl/output/templates/analyticstories_investigations.j2,sha256=7bwt_6U3dr9hbxOUkp0a1KnRJohNgC7GE1zRg_N_awI,515
104
- contentctl/output/templates/analyticstories_stories.j2,sha256=w_MIadmsynoO_tCmofZj3_5TEmxeHnQEPJuhYaqqc-4,668
105
+ contentctl/output/templates/analyticstories_detections.j2,sha256=TZHnWEPWWwMjGgPswMoT9Dcfqs2X2E1lJCVXYwqveHY,970
106
+ contentctl/output/templates/analyticstories_investigations.j2,sha256=kqy9lR6W3avqETCM2tSZ8WWOlfiyOtFv6G5N4SZWSaQ,527
107
+ contentctl/output/templates/analyticstories_stories.j2,sha256=4rS-oN6JHAVKF3ToMxzHqK7asytw1R4OQmZGtzdRRBI,663
105
108
  contentctl/output/templates/app.conf.j2,sha256=Y9vDwdU1yRTQZ7jBQWLFo0XAEerN_6IXrkXdS3xkcuM,737
106
109
  contentctl/output/templates/app.manifest.j2,sha256=n9TBpikEOD-HQzsad4Fmd0iH5cosRQ12SiXXYZhcO0g,1063
107
110
  contentctl/output/templates/collections.j2,sha256=rDpAcqM6hRiyCQPgfRh8KcL41Mrqsc97krQ-JPFhSBQ,181
@@ -118,13 +121,12 @@ contentctl/output/templates/doc_stories.j2,sha256=0J3dAbfSZz-Ma1-C9B6vYPKGwrxoZr
118
121
  contentctl/output/templates/doc_story_page.j2,sha256=jrf-As8GbqLarRoiDipfM9ZUVRl_bhdNsy-XaCrBaXE,874
119
122
  contentctl/output/templates/es_investigations_investigations.j2,sha256=M4beFAFrkdhOIda2uYOXOxm9eBTdtSrTg07ke8FcELs,1013
120
123
  contentctl/output/templates/es_investigations_stories.j2,sha256=3_adGXuyMR6v-k3uc6_ht13UqX1AI4HagRdokwW0tqk,388
121
- contentctl/output/templates/finding_report.j2,sha256=DS9ElRGeyz7UFPiTXiqbhUzOrT4eN8oetdBheQJRFck,1753
122
124
  contentctl/output/templates/header.j2,sha256=3usV7jm1q6J-QNnQrZzII9cN0XEGQjg_eVKrEQwfOG0,201
123
125
  contentctl/output/templates/macros.j2,sha256=SLcQQ5X7TZS8j-2qP06BTXqdIcnwoYqTAaBLX2Dge7Y,390
124
126
  contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
125
- contentctl/output/templates/savedsearches_baselines.j2,sha256=xr05J9WJSVdwpiBoPWEejZ1hmeqInyDKyDH4kjzHP6U,1743
126
- contentctl/output/templates/savedsearches_detections.j2,sha256=Y-yrvikFG7zQx6bJ-AkVFdZR8P6kRE-gQHyHc1aEyvs,6376
127
- contentctl/output/templates/savedsearches_investigations.j2,sha256=aFIDK4NqtsZr3fb4F_tv9UQTQ2Z-n9pkP5rIocPA65Q,1259
127
+ contentctl/output/templates/savedsearches_baselines.j2,sha256=BfpNrApucyByZHYW-Az63NO7hXBRYtlQCZcgBcLDv60,1683
128
+ contentctl/output/templates/savedsearches_detections.j2,sha256=WEpY9C81cifCM0ZC_pubn9pNIXcnPPhQGSrmr79j1aI,6672
129
+ contentctl/output/templates/savedsearches_investigations.j2,sha256=3jWg3OEwnexZxebpyP9_7lbZI407e5rlx1-epRs1Kpc,1170
128
130
  contentctl/output/templates/transforms.j2,sha256=-cSoie0LgJwibtW-GMhc9BQlmS6h1s1Vykm9O2M0f9Y,1456
129
131
  contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
130
132
  contentctl/output/yml_output.py,sha256=xtTD3f_WWy8O6Joi4S8gG9paot8JpQFRlwt17_ek5B4,2682
@@ -159,14 +161,14 @@ contentctl/templates/deployments/escu_default_configuration_hunting.yml,sha256=h
159
161
  contentctl/templates/deployments/escu_default_configuration_ttp.yml,sha256=1D-pvzaH1v3_yCZXaY6njmdvV4S2_Ak8uzzCOsnj9XY,548
160
162
  contentctl/templates/detections/application/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
161
163
  contentctl/templates/detections/cloud/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
162
- contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml,sha256=tw5_HVqMyx6itht6v2fz6Uqoy3EoIJ_lzVlrRABrMhY,3311
164
+ contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml,sha256=AwAjsSuNAEux-_P4Co_Rf73IzSQF6XNhVcCzgU_bGT0,4189
163
165
  contentctl/templates/detections/network/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
164
166
  contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
165
167
  contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
166
168
  contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
167
169
  contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
168
- contentctl-4.3.5.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
169
- contentctl-4.3.5.dist-info/METADATA,sha256=Ja_S233rBxi4ZWj0ihjS7XdybxUirZFKwC2sZvwvOaI,21489
170
- contentctl-4.3.5.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
171
- contentctl-4.3.5.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
172
- contentctl-4.3.5.dist-info/RECORD,,
170
+ contentctl-4.4.1.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
171
+ contentctl-4.4.1.dist-info/METADATA,sha256=zVFQfn81KezVcmp4T2cbTvaX3Abvvtp-qnp5p3NWpAo,21536
172
+ contentctl-4.4.1.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
173
+ contentctl-4.4.1.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
174
+ contentctl-4.4.1.dist-info/RECORD,,
{contentctl-4.3.5.dist-info → contentctl-4.4.1.dist-info}/WHEEL RENAMED
@@ -1,4 +1,4 @@
1
1
  Wheel-Version: 1.0
2
- Generator: poetry-core 1.9.0
2
+ Generator: poetry-core 1.9.1
3
3
  Root-Is-Purelib: true
4
4
  Tag: py3-none-any
contentctl/output/templates/finding_report.j2 DELETED
@@ -1,30 +0,0 @@
1
-
2
- | eval devices = [{"hostname": device_hostname, "type_id": 0, "uuid": device.uuid}],
3
- time = timestamp,
4
- evidence = {{ detection.tags.evidence_str }},
5
- message = "{{ detection.name }} has been triggered on " + device_hostname + " by " + {{ actor_user_name }} + ".",
6
- users = [{"name": {{ actor_user_name }}, "uuid": actor_user.uuid, "uid": actor_user.uid}],
7
- activity_id = 1,
8
- cis_csc = [{"control": "CIS 10", "version": 8}],
9
- analytic_stories = {{ detection.tags.analytics_story_str }},
10
- class_name = "Detection Report",
11
- confidence = {{ detection.tags.confidence }},
12
- confidence_id = {{ detection.tags.confidence_id }},
13
- duration = 0,
14
- impact = {{ detection.tags.impact }},
15
- impact_id = {{ detection.tags.impact_id }},
16
- kill_chain = {{ detection.tags.kill_chain_phases_str }},
17
- nist = ["DE.AE"],
18
- risk_level = "{{ detection.tags.risk_level }}",
19
- category_uid = 2,
20
- class_uid = 102001,
21
- risk_level_id = {{ detection.tags.risk_level_id }},
22
- risk_score = {{ detection.tags.risk_score }},
23
- severity_id = 0,
24
- rule = {"name": "{{ detection.name }}", "uid": "{{ detection.id }}", "type": "Streaming"},
25
- metadata = {"customer_uid": metadata.customer_uid, "product": {"name": "Behavior Analytics", "vendor_name": "Splunk"}, "version": "1.0.0-rc.2", "logged_time": time()},
26
- type_uid = 10200101,
27
- start_time = timestamp,
28
- end_time = timestamp
29
- | fields metadata, rule, activity_id, analytic_stories, cis_csc, category_uid, class_name, class_uid, confidence, confidence_id, devices, duration, time, evidence, impact, impact_id, kill_chain, message, nist, observables, risk_level, risk_level_id, risk_score, severity_id, type_uid, users, start_time, end_time
30
- | into sink;