contentctl 4.4.1__py3-none-any.whl → 4.4.4__py3-none-any.whl

contentctl/actions/build.py

@@ -51,7 +51,9 @@ class Build:
             updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.lookups, SecurityContentType.lookups))
             updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.macros, SecurityContentType.macros))
             updated_conf_files.update(conf_output.writeObjects(input_dto.director_output_dto.dashboards, SecurityContentType.dashboards))
-            updated_conf_files.update(conf_output.writeAppConf())
+            updated_conf_files.update(conf_output.writeMiscellaneousAppFiles())
+            
+
             
             #Ensure that the conf file we just generated/update is syntactically valid
             for conf_file in updated_conf_files:

contentctl/actions/deploy_acs.py

@@ -1,38 +1,55 @@
-from dataclasses import dataclass
-from contentctl.input.director import DirectorInputDto
-from contentctl.output.conf_output import ConfOutput
-
-
-from typing import Union
-
-@dataclass(frozen=True)
-class ACSDeployInputDto:
-    director_input_dto: DirectorInputDto
-    splunk_api_username: str
-    splunk_api_password: str
-    splunk_cloud_jwt_token: str
-    splunk_cloud_stack: str
-    stack_type: str
+from contentctl.objects.config import deploy_acs, StackType
+from requests import post
+import pprint
 
 
 class Deploy:
-    def execute(self, input_dto: ACSDeployInputDto) -> None:
-        
-        conf_output = ConfOutput(input_dto.director_input_dto.input_path, input_dto.director_input_dto.config)
+    def execute(self, config: deploy_acs, appinspect_token:str) -> None:
         
-        appinspect_token = conf_output.inspectAppAPI(input_dto.splunk_api_username, input_dto.splunk_api_password, input_dto.stack_type)
+        #The following common headers are used by both Clasic and Victoria
+        headers = {
+            'Authorization': f'Bearer {config.splunk_cloud_jwt_token}',
+            'ACS-Legal-Ack': 'Y'
+        }
+        try:
+            
+            with open(config.getPackageFilePath(include_version=False),'rb') as app_data:
+                #request_data = app_data.read()
+                if config.stack_type == StackType.classic:
+                    # Classic instead uses a form to store token and package
+                    # https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/Config/ManageApps#Manage_private_apps_using_the_ACS_API_on_Classic_Experience
+                    address = f"https://admin.splunk.com/{config.splunk_cloud_stack}/adminconfig/v2/apps"
+                    
+                    form_data = {
+                        'token': (None, appinspect_token),
+                        'package': app_data
+                    }
+                    res = post(address, headers=headers, files = form_data)
+                elif config.stack_type == StackType.victoria:
+                    # Victoria uses the X-Splunk-Authorization Header
+                    # It also uses --data-binary for the app content
+                    # https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/Config/ManageApps#Manage_private_apps_using_the_ACS_API_on_Victoria_Experience
+                    headers.update({'X-Splunk-Authorization':  appinspect_token})
+                    address = f"https://admin.splunk.com/{config.splunk_cloud_stack}/adminconfig/v2/apps/victoria"
+                    res = post(address, headers=headers, data=app_data.read())
+                else:
+                    raise Exception(f"Unsupported stack type: '{config.stack_type}'")
+        except Exception as e:
+            raise Exception(f"Error installing to stack '{config.splunk_cloud_stack}' (stack_type='{config.stack_type}') via ACS:\n{str(e)}")
         
-
-        if input_dto.splunk_cloud_jwt_token is None or input_dto.splunk_cloud_stack is None:
-            if input_dto.splunk_cloud_jwt_token is None:
-                raise Exception("Cannot deploy app via ACS, --splunk_cloud_jwt_token was not defined on command line.")
-            else:
-                raise Exception("Cannot deploy app via ACS, --splunk_cloud_stack was not defined on command line.")
-        
-        conf_output.deploy_via_acs(input_dto.splunk_cloud_jwt_token,
-                                input_dto.splunk_cloud_stack, 
-                                appinspect_token,
-                                input_dto.stack_type)
-
+        try:
+            # Request went through and completed, but may have returned a non-successful error code.
+            # This likely includes a more verbose response describing the error
+            res.raise_for_status()
+            print(res.json())
+        except Exception as e:
+            try:
+                error_text = res.json()
+            except Exception as e:
+                error_text = "No error text - request failed"
+            formatted_error_text = pprint.pformat(error_text)
+            print("While this may not be the cause of your error, ensure that the uid and appid of your Private App does not exist in Splunkbase\n"
+                  "ACS cannot deploy and app with the same uid or appid as one that exists in Splunkbase.")
+            raise Exception(f"Error installing to stack '{config.splunk_cloud_stack}' (stack_type='{config.stack_type}') via ACS:\n{formatted_error_text}")
         
-        
+        print(f"'{config.getPackageFilePath(include_version=False)}' successfully installed to stack '{config.splunk_cloud_stack}' (stack_type='{config.stack_type}') via ACS!")

contentctl/contentctl.py

@@ -19,6 +19,7 @@ from contentctl.actions.test import TestInputDto
 from contentctl.actions.reporting import ReportingInputDto, Reporting
 from contentctl.actions.inspect import Inspect
 from contentctl.input.yml_reader import YmlReader
+from contentctl.actions.deploy_acs import Deploy
 from contentctl.actions.release_notes import ReleaseNotes
 
 # def print_ascii_art():
@@ -95,8 +96,11 @@ def new_func(config:new):
 
 
 def deploy_acs_func(config:deploy_acs):
-    #This is a bit challenging to get to work with the default values.
-    raise Exception("deploy acs not yet implemented") 
+    print("Building and inspecting app...")
+    token = inspect_func(config)
+    print("App successfully built and inspected.")
+    print("Deploying app...")
+    Deploy().execute(config, token)
 
 def test_common_func(config:test_common):
     if type(config) == test:

contentctl/objects/config.py

@@ -294,6 +294,7 @@ class StackType(StrEnum):
 
 
 class inspect(build):
+
     splunk_api_username: str = Field(
         description="Splunk API username used for appinspect and Splunkbase downloads."
     )

contentctl/objects/correlation_search.py

@@ -264,7 +264,7 @@ class CorrelationSearch(BaseModel):
         :returns: the search path
         :rtype: str
         """
-        return f"/saved/searches/{self.name}"
+        return f"saved/searches/{self.name}"
 
     @computed_field
     @cached_property

contentctl/objects/enums.py

@@ -330,7 +330,6 @@ class SecurityDomain(str, enum.Enum):
     IDENTITY = "identity"
     ACCESS = "access"
     AUDIT = "audit"
-    CLOUD = "cloud"
 
 class AssetType(str, enum.Enum):
     AWS_ACCOUNT = "AWS Account"

contentctl/output/conf_output.py

@@ -57,19 +57,26 @@ class ConfOutput:
             pass
             
 
-    def writeAppConf(self)->set[pathlib.Path]:
+    
+
+    def writeMiscellaneousAppFiles(self)->set[pathlib.Path]:
         written_files:set[pathlib.Path] = set()
-        for output_app_path, template_name in [ ("default/app.conf", "app.conf.j2"),
-                                                ("default/content-version.conf", "content-version.j2")]:
-            written_files.add(ConfWriter.writeConfFile(pathlib.Path(output_app_path),
-                                    template_name,
-                                    self.config,
-                                    [self.config.app]))
+        
+        written_files.add(ConfWriter.writeConfFile(pathlib.Path("default/content-version.conf"),
+                                "content-version.j2",
+                                self.config,
+                                [self.config.app]))
         
         written_files.add(ConfWriter.writeManifestFile(pathlib.Path("app.manifest"),
                                               "app.manifest.j2",
                                               self.config,
                                               [self.config.app]))
+        
+        written_files.add(ConfWriter.writeServerConf(self.config))
+
+        written_files.add(ConfWriter.writeAppConf(self.config))
+                                              
+
         return written_files
 
         

contentctl/output/conf_writer.py

@@ -12,6 +12,76 @@ from contentctl.objects.dashboard import Dashboard
 from contentctl.objects.config import build
 import xml.etree.ElementTree as ET
 
+# This list is not exhaustive of all default conf files, but should be
+# sufficient for our purposes.
+DEFAULT_CONF_FILES = [
+    "alert_actions.conf",
+    "app.conf",
+    "audit.conf",
+    "authentication.conf",
+    "authorize.conf",
+    "bookmarks.conf",
+    "checklist.conf",
+    "collections.conf",
+    "commands.conf",
+    "conf.conf",
+    "datamodels.conf",
+    "datatypesbnf.conf",
+    "default-mode.conf",
+    "deploymentclient.conf",
+    "distsearch.conf",
+    "event_renderers.conf",
+    "eventdiscoverer.conf",
+    "eventtypes.conf",
+    "federated.conf",
+    "fields.conf",
+    "global-banner.conf",
+    "health.conf",
+    "indexes.conf",
+    "inputs.conf",
+    "limits.conf",
+    "literals.conf",
+    "livetail.conf",
+    "macros.conf",
+    "messages.conf",
+    "metric_alerts.conf",
+    "metric_rollups.conf",
+    "multikv.conf",
+    "outputs.conf",
+    "passwords.conf",
+    "procmon-filters.conf",
+    "props.conf",
+    "pubsub.conf",
+    "restmap.conf",
+    "rolling_upgrade.conf",
+    "savedsearches.conf",
+    "searchbnf.conf",
+    "segmenters.conf",
+    "server.conf",
+    "serverclass.conf",
+    "serverclass.seed.xml.conf",
+    "source-classifier.conf",
+    "sourcetypes.conf",
+    "tags.conf",
+    "telemetry.conf",
+    "times.conf",
+    "transactiontypes.conf",
+    "transforms.conf",
+    "ui-prefs.conf",
+    "ui-tour.conf",
+    "user-prefs.conf",
+    "user-seed.conf",
+    "viewstates.conf",
+    "visualizations.conf",
+    "web-features.conf",
+    "web.conf",
+    "wmi.conf",
+    "workflow_actions.conf",
+    "workload_policy.conf",
+    "workload_pools.conf",
+    "workload_rules.conf",
+]
+
 class ConfWriter():
 
     @staticmethod
@@ -57,6 +127,52 @@ class ConfWriter():
         ConfWriter.validateConfFile(output_path)        
         return output_path
 
+    @staticmethod
+    def getCustomConfFileStems(config:build)->list[str]:
+        # Get all the conf files in the default directory. We must make a reload.conf_file = simple key/value for them if
+        # they are custom conf files
+        default_path = config.getPackageDirectoryPath()/"default"
+        conf_files = default_path.glob("*.conf")
+        
+        custom_conf_file_stems = [conf_file.stem for conf_file in conf_files if conf_file.name not in DEFAULT_CONF_FILES]
+        return sorted(custom_conf_file_stems)
+
+    @staticmethod
+    def writeServerConf(config: build) -> pathlib.Path:
+        app_output_path = pathlib.Path("default/server.conf")
+        template_name = "server.conf.j2"
+
+        j2_env = ConfWriter.getJ2Environment()
+        template = j2_env.get_template(template_name)
+
+        output = template.render(custom_conf_files=ConfWriter.getCustomConfFileStems(config))
+        
+        output_path = config.getPackageDirectoryPath()/app_output_path
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        with open(output_path, 'a') as f:
+            output = output.encode('utf-8', 'ignore').decode('utf-8')
+            f.write(output)
+        return output_path
+
+
+    @staticmethod
+    def writeAppConf(config: build) -> pathlib.Path:
+        app_output_path = pathlib.Path("default/app.conf")
+        template_name = "app.conf.j2"
+
+        j2_env = ConfWriter.getJ2Environment()
+        template = j2_env.get_template(template_name)
+
+        output = template.render(custom_conf_files=ConfWriter.getCustomConfFileStems(config), 
+                                 app=config.app)
+        
+        output_path = config.getPackageDirectoryPath()/app_output_path
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        with open(output_path, 'a') as f:
+            output = output.encode('utf-8', 'ignore').decode('utf-8')
+            f.write(output)
+        return output_path
+
     @staticmethod
     def writeManifestFile(app_output_path:pathlib.Path, template_name : str, config: build, objects : list) -> pathlib.Path:
         j2_env = ConfWriter.getJ2Environment()
@@ -70,6 +186,7 @@ class ConfWriter():
             output = output.encode('utf-8', 'ignore').decode('utf-8')
             f.write(output)
         return output_path
+    
 
 
     @staticmethod
@@ -218,8 +335,3 @@ class ConfWriter():
                 _ = json.load(manifestFile)
         except Exception as e:
             raise Exception(f"Failed to validate .manifest file {str(path)} (Note that .manifest files should contain only valid JSON-formatted data): {str(e)}")
-            
-
-
-
-

contentctl/output/templates/app.conf.j2

@@ -4,31 +4,33 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = {{ objects[0].build }}
+build = {{ app.build }}
 
 [triggers]
-reload.analytic_stories = simple
-reload.usage_searches = simple
-reload.use_case_library = simple
-reload.correlationsearches = simple
-reload.analyticstories = simple
-reload.governance = simple
-reload.managed_configurations = simple
-reload.postprocess = simple
-reload.content-version = simple
-reload.es_investigations = simple
+{% for custom_conf_file in custom_conf_files%}
+reload.{{custom_conf_file}} = simple
+{% endfor %}
 
 [launcher]
-author = {{ objects[0].author_company }}
-version = {{ objects[0].version }} 
-description = {{ objects[0].description | escapeNewlines() }}
+author = {{ app.author_company }}
+version = {{ app.version }} 
+description = {{ app.description | escapeNewlines() }}
 
 [ui]
 is_visible = true
-label = {{ objects[0].title }}
+label = {{ app.title }}
 
 [package]
-id = {{ objects[0].appid }}
+id = {{ app.appid }}
+{% if app.uid == 3449 %}
+check_for_updates = true
+{% else %}
+check_for_updates = false
+{% endif %}
+
+[id]
+version = {{ app.version }}
+name = {{ app.appid }}
 
 
 

contentctl/output/templates/app.manifest.j2

@@ -1,5 +1,6 @@
 {
-  "schemaVersion": "1.0.0", 
+  "schemaVersion": "1.0.0",
+  "targetWorkloads": ["_search_heads"], 
   "info": {
     "title": "{{ objects[0].title }}", 
     "id": {

contentctl/output/templates/server.conf.j2

@@ -0,0 +1,4 @@
+[shclustering]
+{% for custom_conf_file in custom_conf_files%}
+conf_replication_include.{{custom_conf_file}} = true
+{% endfor %}

contentctl/templates/app_template/metadata/default.meta

@@ -1,6 +1,6 @@
 ## shared Application-level permissions
 []
-access = read : [ * ], write : [ admin ]
+access = read : [ * ], write : [ admin, sc_admin ]
 export = system
 
 [savedsearches]

{contentctl-4.4.1.dist-info → contentctl-4.4.4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: contentctl
-Version: 4.4.1
+Version: 4.4.4
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT

{contentctl-4.4.1.dist-info → contentctl-4.4.4.dist-info}/RECORD

@@ -1,6 +1,6 @@
 contentctl/__init__.py,sha256=IMjkMO3twhQzluVTo8Z6rE7Eg-9U79_LGKMcsWLKBkY,22
-contentctl/actions/build.py,sha256=htuFSKjavKOSUMxcjw7y84teLI6XFkG_U7cnLn5eGnA,5173
-contentctl/actions/deploy_acs.py,sha256=mf3uk495H1EU_LNN-TiOsYCo18HMGoEBMb6ojeTr0zw,1418
+contentctl/actions/build.py,sha256=T1shTnBqJ2OfAL5RRDLBw1CdeV-Oqqp3uJ8ObEEKTIM,5201
+contentctl/actions/deploy_acs.py,sha256=4mD3wEgudi8UWpTW9mB5n65Bcs1w4g5cG2yflj-uEck,3259
 contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zg8JasDjCpSC-yhseEyUwO8qbDJIUJbhlus9Li9ZAnA,8818
 contentctl/actions/detection_testing/GitService.py,sha256=cofi7yilcaq_5fugSbRpSmQjFRKFcB8nJmOdUfHVRzc,9045
 contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=N5mznaeErVak3mOBwsd0RDBFJO3bku0EZvpayCyU-uk,2259
@@ -22,7 +22,7 @@ contentctl/actions/reporting.py,sha256=MJEmvmoA1WnSFZEU9QM6daL_W94oOX0WXAcX1qAM2
 contentctl/actions/test.py,sha256=jv12UO_PTjZwvo4G-Dr8fE2gsuWvuvAmO2QQM4q7TL0,5917
 contentctl/actions/validate.py,sha256=eVxXf67b65ywe4yXYqaTXJShvqbzG9vd6jlkq-YVzy8,5538
 contentctl/api.py,sha256=O0dNE3-WkWs2zuOeAQnIicgOtBX5s2bGBhRVo3j69-8,6327
-contentctl/contentctl.py,sha256=CLYQ1kpVcUkOXPGrGyE7SwAkEtvjq2kHENWyy81gwsM,10400
+contentctl/contentctl.py,sha256=H2tst7G9JSpfvPqR_-Vmt78ngwaRg6FmndNByWf-3tM,10517
 contentctl/enrichments/attack_enrichment.py,sha256=i0p5ud7EqA2SMB7Gc8JQdIonUTjAeDN-hxKBV4XV-Rg,6391
 contentctl/enrichments/cve_enrichment.py,sha256=aXpv_kCS0XP6JpC_ZEOeBPgrl38t_vkKZe9Ay35lRi4,2347
 contentctl/enrichments/splunk_app_enrichment.py,sha256=zDNHFLZTi2dJ1gdnh0sHkD6F1VtkblqFnhacFcCMBfc,3418
@@ -42,9 +42,9 @@ contentctl/objects/base_test.py,sha256=qUtKQJrqCto_fwCBdiH68_tXqokhcv9ceu2fQlBxs
 contentctl/objects/base_test_result.py,sha256=pr-rwr80bJej8hHNhiVBvw49FZmRuPfOIChLJjY22lY,5205
 contentctl/objects/baseline.py,sha256=cnJQt1z-PQDH6mbDU-eqo-l41LSWsaKmqU0IxuJWnGk,2139
 contentctl/objects/baseline_tags.py,sha256=fyfH2KZqUhPGCwfverYw2_ZGXQIjgkT3P7hiYDPnN4Y,1599
-contentctl/objects/config.py,sha256=XYkDRHeULwCzOfYKnj8xsLcHrZ_HdUlR-XsO0mupXGo,50474
+contentctl/objects/config.py,sha256=m99_glCCDluLrSDsC8SXJpXt97kIom8ppsp34aG3J5s,50475
 contentctl/objects/constants.py,sha256=scKaQlubfjkW5n2AztY5zneAgjVLXbnyK0ZBALxPUV8,5529
-contentctl/objects/correlation_search.py,sha256=_BlHgLmmY5OdrV3f301radrH1cE2Gpr1GqVTmCxWP44,46272
+contentctl/objects/correlation_search.py,sha256=N83HiS-IUcFFPPw2F7wyTn0GrrKsq9YbtWuE5iqhAKs,46271
 contentctl/objects/dashboard.py,sha256=GKb_YqZMSP98Y97AlKffJrtVUufZzJag-zdmqRePLZ4,4114
 contentctl/objects/data_source.py,sha256=aRr6lHu-EtGmi6J2nXKD7i2ozUPtp7X-vDkQiutvD3I,1545
 contentctl/objects/deployment.py,sha256=9iFo3iwvBVmBMlW-VhwX4ikbh2shl5cumSPOFMdqT2Q,3044
@@ -59,7 +59,7 @@ contentctl/objects/detection_metadata.py,sha256=eCsru2cymc3VINjt9MpDyGw2zXa2HyVE
 contentctl/objects/detection_stanza.py,sha256=842fHPfGDdddHF5UzgftYr8OlYblWhMWZxPQsTu2wKg,3066
 contentctl/objects/detection_tags.py,sha256=iozG-McM6VRYuqWHhQXvKD_iVyug2rdofuTf4jeUaG4,11208
 contentctl/objects/drilldown.py,sha256=k_U0-vXKBCKeoUKszQ_0FdYQMq9c9mJ3PsHe6rM2lAA,3914
-contentctl/objects/enums.py,sha256=wwPC9IWOMxdZrFhXM-nDEnSvMvY8nN9Md5Mt9ELiYG0,14241
+contentctl/objects/enums.py,sha256=teR7tf5mUc60B5DjIhDsczbsOUJRkkOu--oh_id9JQk,14221
 contentctl/objects/errors.py,sha256=WURmJCqhy2CZNXXCypXVtwnjSBx-VIcB6W9oFJmzoFk,5762
 contentctl/objects/event_source.py,sha256=G9P7rtcN5hcBNQx6DG37mR3QyQufx--T6kgQGNqQuKk,415
 contentctl/objects/integration_test.py,sha256=UBBx85f517MpQXOM7-iEasACEQ0-Ia7W4rDChOHZfno,1319
@@ -93,8 +93,8 @@ contentctl/objects/unit_test_result.py,sha256=POQfvvPpSw-jQzINBz1_IszUMJ4Wbopu8H
 contentctl/output/api_json_output.py,sha256=n3OTd5z-Vkmsn7ny6QCAar_jSMNuuJfzAQa7xq_9if4,9085
 contentctl/output/attack_nav_output.py,sha256=95iKV8U9BMMgqh6cCOw1S89Ln73xmJGgJPHTYR0L7hA,2304
 contentctl/output/attack_nav_writer.py,sha256=64ILZLmNbh2XLmbopgENkeo6t-4SRRG8xZXBmtpNd4g,2219
-contentctl/output/conf_output.py,sha256=gmO180RpPPB1H1_tkNpQERkai--l0iRS7qV-kMtFir0,10136
-contentctl/output/conf_writer.py,sha256=o0lpCGKuOtFrf_7uV4Qq8nCBL69fivCkEavmxGXFuvs,9575
+contentctl/output/conf_output.py,sha256=tJRFWSswl-XAkcggstkR-tiQUL9en4Z4x-KBZTQCQYg,10170
+contentctl/output/conf_writer.py,sha256=LgkVrJuG1PAnilTyh3DhraNJiG2o-h19_1JU2M_7zB0,13115
 contentctl/output/data_source_writer.py,sha256=ubFjm6XJ4T2d3oqfKwDFasITHeDj3HFmegqVN--5_ME,1635
 contentctl/output/detection_writer.py,sha256=AzxbssNLmsNIOaYKotew5-ONoyq1cQpKSGy3pe191B0,960
 contentctl/output/doc_md_output.py,sha256=gf7osH1uSrC6js3D_I72g4uDe9TaB3tsvtqCHi5znp0,3238
@@ -105,8 +105,8 @@ contentctl/output/svg_output.py,sha256=T2p4S085MKj5VPZKvo4tWBVOmYme32J9L7kMEBm3S
 contentctl/output/templates/analyticstories_detections.j2,sha256=TZHnWEPWWwMjGgPswMoT9Dcfqs2X2E1lJCVXYwqveHY,970
 contentctl/output/templates/analyticstories_investigations.j2,sha256=kqy9lR6W3avqETCM2tSZ8WWOlfiyOtFv6G5N4SZWSaQ,527
 contentctl/output/templates/analyticstories_stories.j2,sha256=4rS-oN6JHAVKF3ToMxzHqK7asytw1R4OQmZGtzdRRBI,663
-contentctl/output/templates/app.conf.j2,sha256=Y9vDwdU1yRTQZ7jBQWLFo0XAEerN_6IXrkXdS3xkcuM,737
-contentctl/output/templates/app.manifest.j2,sha256=n9TBpikEOD-HQzsad4Fmd0iH5cosRQ12SiXXYZhcO0g,1063
+contentctl/output/templates/app.conf.j2,sha256=UL80Px4IUGPD-DgcAiUrS4emHBIY7DxleSNyNXCH5tQ,623
+contentctl/output/templates/app.manifest.j2,sha256=Q1803mcfgNvUs8s4e1zD1J3_mxfPYVtLkD8fhCO6d-I,1103
 contentctl/output/templates/collections.j2,sha256=rDpAcqM6hRiyCQPgfRh8KcL41Mrqsc97krQ-JPFhSBQ,181
 contentctl/output/templates/content-version.j2,sha256=2-it0TF5BvqUcmUXVFB4DEh0I01igQGDxZNJpdtDFIA,54
 contentctl/output/templates/detection_count.j2,sha256=9U3o-P_ECkMknsooj_L3B9GZqjnsbaEzr59s3-DOK0I,670
@@ -127,6 +127,7 @@ contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceY
 contentctl/output/templates/savedsearches_baselines.j2,sha256=BfpNrApucyByZHYW-Az63NO7hXBRYtlQCZcgBcLDv60,1683
 contentctl/output/templates/savedsearches_detections.j2,sha256=WEpY9C81cifCM0ZC_pubn9pNIXcnPPhQGSrmr79j1aI,6672
 contentctl/output/templates/savedsearches_investigations.j2,sha256=3jWg3OEwnexZxebpyP9_7lbZI407e5rlx1-epRs1Kpc,1170
+contentctl/output/templates/server.conf.j2,sha256=sPZUkiuJNGm9R8rpjfRKyuAvmmQb0C4w9Q6hpmvmPeU,127
 contentctl/output/templates/transforms.j2,sha256=-cSoie0LgJwibtW-GMhc9BQlmS6h1s1Vykm9O2M0f9Y,1456
 contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
 contentctl/output/yml_output.py,sha256=xtTD3f_WWy8O6Joi4S8gG9paot8JpQFRlwt17_ek5B4,2682
@@ -138,15 +139,13 @@ contentctl/templates/app_template/README/essoc_summary.txt,sha256=u6wYNYBqmmm7Kn
 contentctl/templates/app_template/README/essoc_usage_dashboard.txt,sha256=xYUKKVtdgzPyT3mqdTccaBZuwWnC63lbc9zyYpmHN4o,2432
 contentctl/templates/app_template/README.md,sha256=RT-J9bgRSFsEFgNr9qV6yc2LkfUH_uiMJ2RV4NM9Ymo,366
 contentctl/templates/app_template/default/analytic_stories.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
-contentctl/templates/app_template/default/app.conf,sha256=PrW8TosZ5oVBfpB0SoLxa5vk2ewEAbVKQ6rG8g5WDSQ,654
 contentctl/templates/app_template/default/commands.conf,sha256=U2ccwUeGXKKKt5jo14QY5swi-p9_TSJtaNquOkeF3Yk,319
-contentctl/templates/app_template/default/content-version.conf,sha256=TGzX6qLdzRK7x6b0y5AE8ZF59PLU-DrRfS43fVWITqo,34
 contentctl/templates/app_template/default/data/ui/nav/default.xml,sha256=fKN53HZCtNJbQqq_5pP8e5-5m30DRrJittr6q5s6V_0,236
 contentctl/templates/app_template/default/data/ui/views/escu_summary.xml,sha256=jQhkIthPgEEptCJ2wUCj2lWGHBvUl6JGsKkDfONloxI,8635
 contentctl/templates/app_template/default/data/ui/views/feedback.xml,sha256=uM71EMK2uFz8h68nOTNKGnYxob3HhE_caSL6yA-3H-k,696
 contentctl/templates/app_template/default/use_case_library.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
 contentctl/templates/app_template/lookups/mitre_enrichment.csv,sha256=tifPQjFoQHtvpb78hxSP2fKHnHeehNbZDwUjdvc0aEM,66072
-contentctl/templates/app_template/metadata/default.meta,sha256=tcYHZkDF44ApDoDQ_rp8MCA8cuT3DVd5atHgulR1Tvc,423
+contentctl/templates/app_template/metadata/default.meta,sha256=h66ea1l3qMzDRgDUAXsJvGKeJnp5w-s2unYMZ9dJLzM,433
 contentctl/templates/app_template/static/appIcon.png,sha256=jcJ1PNdkBX7Kl_y9Tf0SZ55OJYA2PpwjvkVvBt9_OoE,3658
 contentctl/templates/app_template/static/appIconAlt.png,sha256=uRXjoHQQjs0-BxcK-3KNBEdck1adDNTHMvV14xR4W0g,2656
 contentctl/templates/app_template/static/appIconAlt_2x.png,sha256=I0m-CPRqq7ak9NJQZGGmz6Ac4pmzFV_SonOUxOEDOFs,7442
@@ -167,8 +166,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
 contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
 contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
 contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
-contentctl-4.4.1.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
-contentctl-4.4.1.dist-info/METADATA,sha256=zVFQfn81KezVcmp4T2cbTvaX3Abvvtp-qnp5p3NWpAo,21536
-contentctl-4.4.1.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
-contentctl-4.4.1.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
-contentctl-4.4.1.dist-info/RECORD,,
+contentctl-4.4.4.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-4.4.4.dist-info/METADATA,sha256=3zRhuCBmek4vTGSvBroXV4tHTIfmEpPugsxFRu4XBlY,21536
+contentctl-4.4.4.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
+contentctl-4.4.4.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-4.4.4.dist-info/RECORD,,

contentctl/templates/app_template/default/app.conf

@@ -1,30 +0,0 @@
-## Splunk app configuration file
-
-[install]
-is_configured = false
-state = enabled
-state_change_requires_restart = false
-build = 16367
-
-[triggers]
-reload.analytic_stories = simple
-reload.use_case_library = simple
-reload.correlationsearches = simple
-reload.analyticstories = simple
-reload.governance = simple
-reload.managed_configurations = simple
-reload.postprocess = simple
-reload.content-version = simple
-reload.es_investigations = simple
-
-[launcher]
-author = Splunk
-version = 4.9.0
-description = Explore the Analytic Stories included with ES Content Updates.
-
-[ui]
-is_visible = true
-label      = ES Content Updates
-
-[package]
-id = DA-ESS-ContentUpdate

contentctl/templates/app_template/default/content-version.conf

@@ -1,2 +0,0 @@
-[content-version]
-version = 4.9.0