contentctl 4.4.4__py3-none-any.whl → 4.4.6__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- contentctl/actions/detection_testing/GitService.py +17 -6
- contentctl/actions/new_content.py +1 -2
- contentctl/objects/abstract_security_content_objects/detection_abstract.py +1 -0
- {contentctl-4.4.4.dist-info → contentctl-4.4.6.dist-info}/METADATA +2 -3
- {contentctl-4.4.4.dist-info → contentctl-4.4.6.dist-info}/RECORD +8 -8
- {contentctl-4.4.4.dist-info → contentctl-4.4.6.dist-info}/LICENSE.md +0 -0
- {contentctl-4.4.4.dist-info → contentctl-4.4.6.dist-info}/WHEEL +0 -0
- {contentctl-4.4.4.dist-info → contentctl-4.4.6.dist-info}/entry_points.txt +0 -0
|
@@ -13,6 +13,7 @@ if TYPE_CHECKING:
|
|
|
13
13
|
from contentctl.objects.macro import Macro
|
|
14
14
|
from contentctl.objects.lookup import Lookup
|
|
15
15
|
from contentctl.objects.detection import Detection
|
|
16
|
+
from contentctl.objects.data_source import DataSource
|
|
16
17
|
from contentctl.objects.security_content_object import SecurityContentObject
|
|
17
18
|
from contentctl.objects.config import test_common, All, Changes, Selected
|
|
18
19
|
|
|
@@ -67,9 +68,12 @@ class GitService(BaseModel):
|
|
|
67
68
|
|
|
68
69
|
#Make a filename to content map
|
|
69
70
|
filepath_to_content_map = { obj.file_path:obj for (_,obj) in self.director.name_to_content_map.items()}
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
71
|
+
|
|
72
|
+
updated_detections: set[Detection] = set()
|
|
73
|
+
updated_macros: set[Macro] = set()
|
|
74
|
+
updated_lookups: set[Lookup] = set()
|
|
75
|
+
updated_datasources: set[DataSource] = set()
|
|
76
|
+
|
|
73
77
|
|
|
74
78
|
for diff in all_diffs:
|
|
75
79
|
if type(diff) == pygit2.Patch:
|
|
@@ -90,6 +94,13 @@ class GitService(BaseModel):
|
|
|
90
94
|
updated_macros.add(macroObject)
|
|
91
95
|
else:
|
|
92
96
|
raise Exception(f"Error getting macro object for file {str(decoded_path)}")
|
|
97
|
+
|
|
98
|
+
elif decoded_path.is_relative_to(self.config.path/"data_sources") and decoded_path.suffix == ".yml":
|
|
99
|
+
datasourceObject = filepath_to_content_map.get(decoded_path, None)
|
|
100
|
+
if isinstance(datasourceObject, DataSource):
|
|
101
|
+
updated_datasources.add(datasourceObject)
|
|
102
|
+
else:
|
|
103
|
+
raise Exception(f"Error getting data source object for file {str(decoded_path)}")
|
|
93
104
|
|
|
94
105
|
elif decoded_path.is_relative_to(self.config.path/"lookups"):
|
|
95
106
|
# We need to convert this to a yml. This means we will catch
|
|
@@ -115,7 +126,6 @@ class GitService(BaseModel):
|
|
|
115
126
|
# Detected a changed .mlmodel file. However, since we do not have testing for these detections at
|
|
116
127
|
# this time, we will ignore this change.
|
|
117
128
|
updatedLookup = None
|
|
118
|
-
|
|
119
129
|
|
|
120
130
|
else:
|
|
121
131
|
raise Exception(f"Detected a changed file in the lookups/ directory '{str(decoded_path)}'.\n"
|
|
@@ -136,7 +146,8 @@ class GitService(BaseModel):
|
|
|
136
146
|
|
|
137
147
|
# If a detection has at least one dependency on changed content,
|
|
138
148
|
# then we must test it again
|
|
139
|
-
|
|
149
|
+
|
|
150
|
+
changed_macros_and_lookups_and_datasources:set[SecurityContentObject] = updated_macros.union(updated_lookups, updated_datasources)
|
|
140
151
|
|
|
141
152
|
for detection in self.director.detections:
|
|
142
153
|
if detection in updated_detections:
|
|
@@ -144,7 +155,7 @@ class GitService(BaseModel):
|
|
|
144
155
|
# to add it again
|
|
145
156
|
continue
|
|
146
157
|
|
|
147
|
-
for obj in
|
|
158
|
+
for obj in changed_macros_and_lookups_and_datasources:
|
|
148
159
|
if obj in detection.get_content_dependencies():
|
|
149
160
|
updated_detections.add(detection)
|
|
150
161
|
break
|
|
@@ -29,8 +29,7 @@ class NewContent:
|
|
|
29
29
|
answers['date'] = datetime.today().strftime('%Y-%m-%d')
|
|
30
30
|
answers['author'] = answers['detection_author']
|
|
31
31
|
del answers['detection_author']
|
|
32
|
-
answers['
|
|
33
|
-
del answers['data_source']
|
|
32
|
+
answers['data_source'] = answers['data_source']
|
|
34
33
|
answers['type'] = answers['detection_type']
|
|
35
34
|
del answers['detection_type']
|
|
36
35
|
answers['status'] = "production" #start everything as production since that's what we INTEND the content to become
|
|
@@ -689,6 +689,7 @@ class Detection_Abstract(SecurityContentObject):
|
|
|
689
689
|
objects: list[SecurityContentObject] = []
|
|
690
690
|
objects += self.macros
|
|
691
691
|
objects += self.lookups
|
|
692
|
+
objects += self.data_source_objects
|
|
692
693
|
return objects
|
|
693
694
|
|
|
694
695
|
@field_validator("deployment", mode="before")
|
|
@@ -1,16 +1,15 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: contentctl
|
|
3
|
-
Version: 4.4.
|
|
3
|
+
Version: 4.4.6
|
|
4
4
|
Summary: Splunk Content Control Tool
|
|
5
5
|
License: Apache 2.0
|
|
6
6
|
Author: STRT
|
|
7
7
|
Author-email: research@splunk.com
|
|
8
|
-
Requires-Python: >=3.11,<
|
|
8
|
+
Requires-Python: >=3.11,<3.13
|
|
9
9
|
Classifier: License :: Other/Proprietary License
|
|
10
10
|
Classifier: Programming Language :: Python :: 3
|
|
11
11
|
Classifier: Programming Language :: Python :: 3.11
|
|
12
12
|
Classifier: Programming Language :: Python :: 3.12
|
|
13
|
-
Classifier: Programming Language :: Python :: 3.13
|
|
14
13
|
Requires-Dist: Jinja2 (>=3.1.4,<4.0.0)
|
|
15
14
|
Requires-Dist: PyYAML (>=6.0.2,<7.0.0)
|
|
16
15
|
Requires-Dist: attackcti (>=0.4.0,<0.5.0)
|
|
@@ -2,7 +2,7 @@ contentctl/__init__.py,sha256=IMjkMO3twhQzluVTo8Z6rE7Eg-9U79_LGKMcsWLKBkY,22
|
|
|
2
2
|
contentctl/actions/build.py,sha256=T1shTnBqJ2OfAL5RRDLBw1CdeV-Oqqp3uJ8ObEEKTIM,5201
|
|
3
3
|
contentctl/actions/deploy_acs.py,sha256=4mD3wEgudi8UWpTW9mB5n65Bcs1w4g5cG2yflj-uEck,3259
|
|
4
4
|
contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zg8JasDjCpSC-yhseEyUwO8qbDJIUJbhlus9Li9ZAnA,8818
|
|
5
|
-
contentctl/actions/detection_testing/GitService.py,sha256=
|
|
5
|
+
contentctl/actions/detection_testing/GitService.py,sha256=HcyuPrW6zBeCNu2l2JJgB_wTyvdWeK3Ii32pUf3vs08,9698
|
|
6
6
|
contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=N5mznaeErVak3mOBwsd0RDBFJO3bku0EZvpayCyU-uk,2259
|
|
7
7
|
contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py,sha256=mcdLt3tZr-xF5xaYnD0q7JQx9qrbRIzPNl6D9MeeB5k,56999
|
|
8
8
|
contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py,sha256=WCtyyMKTA17JzPIb10rV8C6vdG-cBzHtFC9T2CuYY2o,7047
|
|
@@ -16,7 +16,7 @@ contentctl/actions/doc_gen.py,sha256=YNc1VYA0ikL1hWDHYjfEOmUkfhy8PEIdvTyC4ZLxQRY
|
|
|
16
16
|
contentctl/actions/initialize.py,sha256=wEO3u8vJYP8Xh2OSJ_HxfMV6mqOdkPyWbUzNGEqMTNA,3055
|
|
17
17
|
contentctl/actions/initialize_old.py,sha256=0qXbW_fNDvkcnEeL6Zpte8d-hpTu1REyzHsXOCY-YB8,9333
|
|
18
18
|
contentctl/actions/inspect.py,sha256=dXV020g_GwwspSgiS6jQxW0JEVr_nublJBevwZ79mZo,17424
|
|
19
|
-
contentctl/actions/new_content.py,sha256=
|
|
19
|
+
contentctl/actions/new_content.py,sha256=3ZKSQ_O7GUTflEg2bqo2iGK65EaL96c4MEqGJPanXWg,6445
|
|
20
20
|
contentctl/actions/release_notes.py,sha256=0K7zHQyVHVYK_whiv4PvxOKS4_0s1Ya_RDCrrcT3FW4,13319
|
|
21
21
|
contentctl/actions/reporting.py,sha256=MJEmvmoA1WnSFZEU9QM6daL_W94oOX0WXAcX1qAM2As,1583
|
|
22
22
|
contentctl/actions/test.py,sha256=jv12UO_PTjZwvo4G-Dr8fE2gsuWvuvAmO2QQM4q7TL0,5917
|
|
@@ -33,7 +33,7 @@ contentctl/helper/utils.py,sha256=8ICRvE7DUiNL9BK4Hw71hCLFbd3R2u86OwKeDOdaBTY,19
|
|
|
33
33
|
contentctl/input/director.py,sha256=U7jrhqP7IbfaSLXGIVtKrVvGTwIrmI1roW2X1jmZZ8Q,10841
|
|
34
34
|
contentctl/input/new_content_questions.py,sha256=p-rop4YpCjyg0RYKQ7Cvk9-7uaa5GDELNVeeUlxk6ks,4191
|
|
35
35
|
contentctl/input/yml_reader.py,sha256=hyVUYhx4Ka8C618kP2D_E3sDUKEQGC6ty_QZQArHKd4,1489
|
|
36
|
-
contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=
|
|
36
|
+
contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=QnLfNK4fa-Y-LmdPVfEJMa8WDzDsKz-bwpixbCLJKNo,45766
|
|
37
37
|
contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=VUTNG6LvYf5D1L8UA5uciBBI0VfB432-6TCe2hP-_YE,10324
|
|
38
38
|
contentctl/objects/alert_action.py,sha256=E9gjCn5C31h0sN7k90KNe4agRxFFSnMW_Z-Ri_3YQss,1335
|
|
39
39
|
contentctl/objects/annotated_types.py,sha256=jnX02BQT4dHbd_DCIjik0PNN3kgsvb7sxAz_1Jy8TOY,259
|
|
@@ -166,8 +166,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
|
|
|
166
166
|
contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
|
|
167
167
|
contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
|
|
168
168
|
contentctl/templates/stories/cobalt_strike.yml,sha256=rlaXxMN-5k8LnKBLPafBoksyMtlmsPMHPJOjTiMiZ-M,3063
|
|
169
|
-
contentctl-4.4.
|
|
170
|
-
contentctl-4.4.
|
|
171
|
-
contentctl-4.4.
|
|
172
|
-
contentctl-4.4.
|
|
173
|
-
contentctl-4.4.
|
|
169
|
+
contentctl-4.4.6.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
|
|
170
|
+
contentctl-4.4.6.dist-info/METADATA,sha256=1Pm1dJSU9fg8yNPt0dknhmoq_xdt5vXN3m--qV3fMiM,21486
|
|
171
|
+
contentctl-4.4.6.dist-info/WHEEL,sha256=Nq82e9rUAnEjt98J6MlVmMCZb-t9cYE2Ir1kpBmnWfs,88
|
|
172
|
+
contentctl-4.4.6.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
|
|
173
|
+
contentctl-4.4.6.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|