contentctl 4.4.7__py3-none-any.whl → 5.0.0__py3-none-any.whl

contentctl-5.0.0.dist-info/RECORD

@@ -0,0 +1,168 @@
+contentctl/__init__.py,sha256=kUR5RAFc7HCeiqdlX36dZOHkUI5wI6V_43RpEcD8b-0,22
+contentctl/actions/build.py,sha256=M68XubxTqI-LiW8P4eaNmb62pWNQtVE8cF3xKb6g44c,5669
+contentctl/actions/deploy_acs.py,sha256=w3OqO8GXzB_5zHrE8lDYbadAy4Etw7F2o84Gze74RY0,3264
+contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=TWZpmDjMqWRWyzsLyiYol_jAovAr6ok9J_GzE9-kNN0,9079
+contentctl/actions/detection_testing/GitService.py,sha256=a6y7lqCgSL1KdSVEgJDxawea8ZgEkGNfOKEf9v_BgLo,11135
+contentctl/actions/detection_testing/generate_detection_coverage_badge.py,sha256=bGUVKjKv96lTw1GZ4Kw1JX-Yicu4aOJWm-IL524e9HI,2302
+contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py,sha256=52Xsbyq4M913kXuQ8JcjYfP2BvwRJo3chK1p2hK76o0,57281
+contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py,sha256=qYWgRW7uc-15jzwv5xSUF2xyLDmtyGyMfuXkQK9j-aM,7221
+contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureServer.py,sha256=Q1ZfCYOp54O39bgTScZMInkmZiU-bGAM9Hiwr2mq5ms,370
+contentctl/actions/detection_testing/progress_bar.py,sha256=UrpNCqxTmQ4hfoRZgxPJ1xvDVwMrTq0UnotdryHN0gM,3232
+contentctl/actions/detection_testing/views/DetectionTestingView.py,sha256=E07v2VK-pyLMeTA6EtNI_04kt-T90SwSM4kN9yfp-2I,7475
+contentctl/actions/detection_testing/views/DetectionTestingViewCLI.py,sha256=-4yhxGJsafcRRAIebFZebUG_qSkASDLHajN9piAPlvM,2104
+contentctl/actions/detection_testing/views/DetectionTestingViewFile.py,sha256=G-6YqBtj0R1A9eiPrgHP2yvUMm7H8wopTBYjxIEIl8g,1090
+contentctl/actions/detection_testing/views/DetectionTestingViewWeb.py,sha256=CXV1fByf3J-Jc4D9U6jgWSaUhNzjcMpvEgRMuusF2vU,4740
+contentctl/actions/doc_gen.py,sha256=P2-RYsJoW-QuhAkSpOQespDLJBC-4Cq3-XGTmadK8Ys,936
+contentctl/actions/initialize.py,sha256=KaWSbrTaJA4vNSpKc_rwdlaaERnWw_hPlWwsPOA6Gy8,3191
+contentctl/actions/inspect.py,sha256=rXnrhDt59-n0Jqh_UZ0tDzpKqiOvkGzlvSypXoarKjU,18322
+contentctl/actions/new_content.py,sha256=xs0QvHzlrf0g-EgdUJTkdDdFaA-uEGmzMTixDt6NcTY,8212
+contentctl/actions/release_notes.py,sha256=_Rdljg0tPSAFlw34LJ7dUsHLiH8tJTQ6B95X6MvxURo,17023
+contentctl/actions/reporting.py,sha256=GF32i7sHdc47bw-VWSW-nZ1QBaUl6Ni1JjV5_SOyiAU,1660
+contentctl/actions/test.py,sha256=GTtvHi1yB5yDm1jPMyuc4WxczOq-O7f2N8LpTmMaWgU,6014
+contentctl/actions/validate.py,sha256=thnxanLj6mfw5g17C1FrzWlkpyIT_AjnDxv_wyNdspA,5837
+contentctl/api.py,sha256=6s17vNOW1E1EzQqOCXAa5uWuhwwShu-JkGSgrsOFEMs,6329
+contentctl/contentctl.py,sha256=bO7jKOn9oSDQ4YncN9msu1cwyEXGdDTLcCHh8X9dzzY,11185
+contentctl/enrichments/attack_enrichment.py,sha256=68C9xQ8Q3YX-luRdK2hLnwWtRFpheFA2kE4v5GOLGEo,6358
+contentctl/enrichments/cve_enrichment.py,sha256=TsZ52ef2njt19lPf_VyclY_-5Z5iQ1boVOAxFbjGdSQ,2431
+contentctl/enrichments/splunk_app_enrichment.py,sha256=Xynxjjkqlw0_RtQ1thGSFwy1I3HdmPAJmNKZezyqniU,3419
+contentctl/helper/link_validator.py,sha256=kzEi2GdncPWSi-UKNerXm2jtTJfFQ5goS9pqyAz5U5c,7427
+contentctl/helper/logger.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/helper/splunk_app.py,sha256=Zq_C9rjNVqCjBNgm-5CWdBpXyeX5jSpbE-QTGptEZlk,14571
+contentctl/helper/utils.py,sha256=rigwZzCwWzn11sKTVWDkYEtLmRSf0yBbJ671OSRQnOM,19094
+contentctl/input/director.py,sha256=asK4yUlSVdv0QDUzCrTEXQUm0j9hbzVu55o_-wD-eWc,11560
+contentctl/input/new_content_questions.py,sha256=z2C4Mg7-EyxtiF2z9m4SnSbi6QO4CUPB3wg__JeMXIQ,4067
+contentctl/input/yml_reader.py,sha256=ymmAqsWsf9Oj56waDOhCh_E4SomkSCmu4dAx7iURFt8,2050
+contentctl/objects/abstract_security_content_objects/detection_abstract.py,sha256=mtVO2cilGiLq1wpE9oF9KGiUGi0FpAFypvZREe0zsJ4,44013
+contentctl/objects/abstract_security_content_objects/security_content_object_abstract.py,sha256=P1v5n8hM4XzJOjNZbJ5m3y4Bu-cQYaddLPdbE6K-4Xw,12164
+contentctl/objects/alert_action.py,sha256=iEvdEOT4TrTXT0z4rQ_W5v79hPJpPhFPSzo7TuHDxwA,1376
+contentctl/objects/annotated_types.py,sha256=eAMm1Nm3_C5pwfCxhzL5ynDRsC_eK614bFuwUFxPVLw,261
+contentctl/objects/atomic.py,sha256=5nl-JhZnymadi8B8ZEJ8l80DnpvjG-OlRxUjVKR6ffY,7341
+contentctl/objects/base_test.py,sha256=JG6qlr7xe9P71n3CzKOro8_bsmDQGYDfTG9YooHQSIE,1105
+contentctl/objects/base_test_result.py,sha256=TYYzTPKWqp9rHTebWoid50uxAp_iALZouril4sFwIcA,5197
+contentctl/objects/baseline.py,sha256=grzM56KCpROjMnJQIan-fG0LCYfRGA2GHui4FwBwb8A,3172
+contentctl/objects/baseline_tags.py,sha256=Eomy8y3HV-E6Lym5B5ZZTtsmQJYi6Jd4y8GZpTWGYgQ,1643
+contentctl/objects/config.py,sha256=5nK3EkUea-6qUvSzqAxl5UyoLRlldKsh9K8glaBup3I,48603
+contentctl/objects/constants.py,sha256=P4K07PX4_pL_n5jmBVn1BxtoFpjvhT8MuHOquhnEkdA,5465
+contentctl/objects/correlation_search.py,sha256=ab6v-0nbzujhTMpwaXynQiInWpRO1zB5KR4eZLCav_M,45234
+contentctl/objects/dashboard.py,sha256=qMSP76hkJo7PVsWr19hQW4eYoUqGTcRejaOEjlcA_DY,4198
+contentctl/objects/data_source.py,sha256=4u4JaA-Q5xa0gS61yarJuowgy4TrAYE98O2G8o9CQzA,1454
+contentctl/objects/deployment.py,sha256=FRsgsX2T1gvA_0A44_sFPr22rsedxXVIhtO7o9F7eZM,2902
+contentctl/objects/deployment_email.py,sha256=_Sdr_BNjvXECiFonRHLkiOrIQp3slnUaERbptqRbD0Q,206
+contentctl/objects/deployment_notable.py,sha256=j5AniTRDcw32El5H91qKOXDVZvUYxnIuM4Zzlhrm9cM,258
+contentctl/objects/deployment_phantom.py,sha256=Qs9UH3pYe2M3evLLgn5FblTe28QH1QojVaBGM_Ydvjw,261
+contentctl/objects/deployment_rba.py,sha256=n_v79NhcLYHyABceKsI_iEziWhp3uNrqxIUrC8tdjD4,184
+contentctl/objects/deployment_scheduling.py,sha256=PbyAeIEV6ShHuwfzF4LtGrv6tNt1cwNdl-VDQLj0rE8,257
+contentctl/objects/deployment_slack.py,sha256=pC8-BB4qOD5fUqUi7Oj2Tre7-kKVqW2xEvCF7tZENQ4,194
+contentctl/objects/detection.py,sha256=GKjjhnwyFxm7139dOlPJ4c3vIW0675-NLCPWxEB5m-c,631
+contentctl/objects/detection_metadata.py,sha256=JMz8rtcn5HfeEoaAx34kw2wXa35qsRIap_mXoY0Vbss,2237
+contentctl/objects/detection_stanza.py,sha256=-BRQNib5NNhY7Z2fILS5xkpjNkGSLF7qBciTmgOgLV8,3112
+contentctl/objects/detection_tags.py,sha256=kOb-hb83k71m3YkfJ5l-fw3sODMgmekuES7WlT5suAQ,8573
+contentctl/objects/drilldown.py,sha256=Vinw6UYlOl0YzoRA_0oBCfHA5Gvgu5p-rEsfBIgMCdI,4186
+contentctl/objects/enums.py,sha256=HdaSQgEQ_T38BIlVYk1xdqMm05YyhQb0720nzBorXQw,13554
+contentctl/objects/errors.py,sha256=xX_FDUaJbJiOWgjgrzjtYW5QsD41UZ2KWqH-yGkHaCU,5554
+contentctl/objects/integration_test.py,sha256=TYjKyH4YinUnYXOse5BQGCa4-ez_5mtoMwvh1JJcb0o,1254
+contentctl/objects/integration_test_result.py,sha256=_uUSgqgjFhEZM8UwOJI6Q9K-ekIrbKU6OPdqHZycl-s,279
+contentctl/objects/investigation.py,sha256=kmvQ0grCd1YVEW5wVF4-_Rx87PnOxPiNoN_ufTLc3ZM,3659
+contentctl/objects/investigation_tags.py,sha256=qDGNusrWDvCX_GcBEzag2MydSV0LIhGxoXZGgxDXfHA,1317
+contentctl/objects/lookup.py,sha256=mzOPhMDyoNZKLAj8zf6Wg6i9FJKMu3qHWinATtH75I8,13015
+contentctl/objects/macro.py,sha256=usbxyOPIRIJoDmvawfP2DxtFNf71GaDwffxiZsRkP5A,3594
+contentctl/objects/manual_test.py,sha256=cx_XAtQ8VG8Ui_F553Xnut75vFEOtRwm1dDIIWNpOaM,952
+contentctl/objects/manual_test_result.py,sha256=FyCVVf-f1DKs-qBkM4tbKfY6mkrW25NcIEBqyaDC2rE,156
+contentctl/objects/mitre_attack_enrichment.py,sha256=Qzm-P-gx_j-qOe6CKaUCv7AmcNy9EFwnMkw0oYsMfAY,3314
+contentctl/objects/notable_action.py,sha256=sW5XlpGznMHqyBmGXtXrl22hWLiCoKkfGCasGtK3rGo,1607
+contentctl/objects/notable_event.py,sha256=2aOtmfnsdInTtN_fHAGIKmBTBritjHbS_Nc-pqL-GbY,689
+contentctl/objects/playbook.py,sha256=mgYbWsD3OW86u11MbIFKvmyFueSoMJ1WBJm_rNrFvAo,2425
+contentctl/objects/playbook_tags.py,sha256=O5obkQyb82YdJEii8ZJEQtrHtLOSnAvAkT1qIgpCK2s,1547
+contentctl/objects/rba.py,sha256=N1i_ggXjYmHluvYZRq6OJddlbokDnS1mkUsmehmFWOg,2880
+contentctl/objects/risk_analysis_action.py,sha256=v-TQktXEEzbGzmTtqwEykXoSKdGnIlK_JojnqvvAE1s,4370
+contentctl/objects/risk_event.py,sha256=JQUmXriiwi5FetqVnhM0hf5cUp6LzLSNPuoecC2JKK0,12593
+contentctl/objects/risk_object.py,sha256=5iUKW_UwQLjjLWiD_vlE78uwH9bkaMNCHRNmKM25W1Q,905
+contentctl/objects/savedsearches_conf.py,sha256=Dn_Pxd9i3RT6DwNh6JrgmfxjsO3q15xzMksYr3wIGwQ,8624
+contentctl/objects/security_content_object.py,sha256=iDnhq81P7m6Qkmc_Yi-wOyFm9gZUYnPy1GJxxyCtonA,245
+contentctl/objects/story.py,sha256=jalNgK4yYGRr_yVkzuO_YHIrPhpWHF0Q79PkTJhcLzY,5048
+contentctl/objects/story_tags.py,sha256=SLwgkckLxBdtgJro0LnYgj5TFHZEgMiaqDI9q6OfNE0,2364
+contentctl/objects/test_attack_data.py,sha256=7p-kOJguTZtG9y5th5U3qfPFvpiAWLST_OBw8dwWl_4,488
+contentctl/objects/test_group.py,sha256=r-dXyddok4yslv8SIjwOpqylbN1rdjsRi-HIijvpWD0,2602
+contentctl/objects/threat_object.py,sha256=CB3igcmiq06lqnEh7h-btxFrBfgZbHaA9p8kFDKY6lQ,712
+contentctl/objects/throttling.py,sha256=oupWmdtvwAXzLmD3MBJyAU18SD2L2ciEZWUcnL8MuGk,2309
+contentctl/objects/unit_test.py,sha256=-rtSmZ8N2UZ4NkDsfzNXzXiF6dTDwt_jsQ_14xp0hjs,1005
+contentctl/objects/unit_test_baseline.py,sha256=ezg8Ctih_3che2ln2tuVCAtRPHaf5tDMR3dGb34MqaA,287
+contentctl/objects/unit_test_result.py,sha256=gqHqYN5XGBKdV-mdKhAdwfOw4_PpN3i9z_b6ciByDSc,2928
+contentctl/output/api_json_output.py,sha256=QWe_KWlHHxE4Mhd3BHRfJbUJ4z2mLHZn_eMWfMVInik,8237
+contentctl/output/attack_nav_output.py,sha256=2_JISJ3sL4dVAwrIfZ7c426CGz5gjUBVkWh0uFO2MXU,2276
+contentctl/output/attack_nav_writer.py,sha256=FEua57vv347PjFiu1skOEGAbxIqPWMN8Iyp8nDrIvAA,2044
+contentctl/output/conf_output.py,sha256=2_ofRqMro4xmFzf6ZmPRDd93pCG-LQhOiB_kE4owADc,10609
+contentctl/output/conf_writer.py,sha256=9eqt2tm1xjs397pwWLz5oPJcMHbs62ejRG7KghGQQCI,15137
+contentctl/output/data_source_writer.py,sha256=hjr0b5zfJ2UHcDLbCkmTrqma1ngu8F5vWFPJEwOZwU8,1860
+contentctl/output/doc_md_output.py,sha256=wlgbzBD2hUbQNIW2zv5sdrq2UdAKhOZJUYSObnpWQfY,3552
+contentctl/output/jinja_writer.py,sha256=5PbFrc8KuLWrlNIHDvMTyvJ18u_mtjd5Led6-9sn2Eo,1204
+contentctl/output/json_writer.py,sha256=waw73wOmalSrUFcr2K1CWR-xz5oW8il10zDAn56mtMg,1041
+contentctl/output/svg_output.py,sha256=5s9fjmKullMV6cCCGwP7_xvQwg9EZLOKRKMw_IyO6hY,2988
+contentctl/output/templates/analyticstories_detections.j2,sha256=6ZiQO8np6KkX8skVoIB0BN9_s8SBW3qeo8IBA8r8GQk,923
+contentctl/output/templates/analyticstories_investigations.j2,sha256=kqy9lR6W3avqETCM2tSZ8WWOlfiyOtFv6G5N4SZWSaQ,527
+contentctl/output/templates/analyticstories_stories.j2,sha256=MxkmwsgW1oge2YJhbgAzXVcTplSr5JjKIDxX4SBZV0E,676
+contentctl/output/templates/app.conf.j2,sha256=UL80Px4IUGPD-DgcAiUrS4emHBIY7DxleSNyNXCH5tQ,623
+contentctl/output/templates/app.manifest.j2,sha256=Q1803mcfgNvUs8s4e1zD1J3_mxfPYVtLkD8fhCO6d-I,1103
+contentctl/output/templates/collections.j2,sha256=w2hkY7Yfm7AmY1O_7DP-znLS_whgKX79VbnW7QlvrNU,151
+contentctl/output/templates/content-version.j2,sha256=2-it0TF5BvqUcmUXVFB4DEh0I01igQGDxZNJpdtDFIA,54
+contentctl/output/templates/detection_count.j2,sha256=9U3o-P_ECkMknsooj_L3B9GZqjnsbaEzr59s3-DOK0I,670
+contentctl/output/templates/detection_coverage.j2,sha256=guE4fow9BqGoCCrQ3b6-EZqWJcThb58V9khuIH7nhT0,631
+contentctl/output/templates/doc_detection_page.j2,sha256=kATedDq0Z8tzxKiD3nD0_-7YiOrjssUMYSDenRYTh6A,1012
+contentctl/output/templates/doc_detections.j2,sha256=tjTQh6R5zMMmBm9hk-8dFG5p0PyhWSGkrYeRxe9gfPU,6500
+contentctl/output/templates/doc_navigation.j2,sha256=h25ITC3xcAM17uZGIyyDFURmEdYtQSPvNeWN3RH7j4Q,1471
+contentctl/output/templates/doc_navigation_pages.j2,sha256=ptfjbD4F0Ob7dze9at2q5gqOslcbL3eteUO1zsblDJo,203
+contentctl/output/templates/doc_playbooks.j2,sha256=CWsnm8F097oYT8anW3CE7JaX1haAJTfylThP1ic0UIw,1681
+contentctl/output/templates/doc_playbooks_page.j2,sha256=2d5UNDSOxyMtxKGxGHzJ2Ny_UrqTq267NO1h-lmNduc,679
+contentctl/output/templates/doc_stories.j2,sha256=0J3dAbfSZz-Ma1-C9B6vYPKGwrxoZryYoudy3wUIT4s,1827
+contentctl/output/templates/doc_story_page.j2,sha256=jrf-As8GbqLarRoiDipfM9ZUVRl_bhdNsy-XaCrBaXE,874
+contentctl/output/templates/es_investigations_investigations.j2,sha256=vIWiQ6hNsb_-w8ChlWWbQXxGIx5jjWaQ6VoeBJxpHJk,1026
+contentctl/output/templates/es_investigations_stories.j2,sha256=E-OvO7EFdqO3HKyfAY1jBS6VMsDVKuiVqg8SrDVXwls,401
+contentctl/output/templates/header.j2,sha256=3usV7jm1q6J-QNnQrZzII9cN0XEGQjg_eVKrEQwfOG0,201
+contentctl/output/templates/macros.j2,sha256=SLcQQ5X7TZS8j-2qP06BTXqdIcnwoYqTAaBLX2Dge7Y,390
+contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
+contentctl/output/templates/savedsearches_baselines.j2,sha256=WHZB4e0vmeym8832VxRmuUfDJ-YRYt6emcYaJrghI58,1709
+contentctl/output/templates/savedsearches_detections.j2,sha256=B7_b8aBjEKAV7mJm0DxUS_HyCt63bQZtpacCQfDgDqc,6033
+contentctl/output/templates/savedsearches_investigations.j2,sha256=KH2r8SgyAMiettSHypSbA2-1XmQ_8_8xzk3BkbZ1Re4,1196
+contentctl/output/templates/server.conf.j2,sha256=sPZUkiuJNGm9R8rpjfRKyuAvmmQb0C4w9Q6hpmvmPeU,127
+contentctl/output/templates/transforms.j2,sha256=mM9vIIGqxlhLk1W8sHoUgppfK1FO3ESQD1WCVAewhBw,1386
+contentctl/output/templates/workflow_actions.j2,sha256=DFoZVnCa8dMRHjW2AdpoydBC0THgiH_W-Nx7WI4-uR4,925
+contentctl/output/yml_writer.py,sha256=gGgbamHWunHKjj47TcqB04k0xliX6w3H7iajZtUZRSU,2124
+contentctl/templates/README.md,sha256=GoRmywUqwnjaehY_GLmGqxsFXCLP9plpDYwB6W6nVPs,428
+contentctl/templates/app_default.yml,sha256=kDeYdJbfMADQPcho8iH1nqgTFrHNt4EXnIJjPHc2unI,6390
+contentctl/templates/app_template/README/essoc_story_detail.txt,sha256=7hFPBfPpRH28TFl7QchKceZLewQqgFjRWDlmxZzwpmo,897
+contentctl/templates/app_template/README/essoc_summary.txt,sha256=u6wYNYBqmmm7Kn_g_Uex8rRzMQ995MUXCavla95Y1dw,2538
+contentctl/templates/app_template/README/essoc_usage_dashboard.txt,sha256=xYUKKVtdgzPyT3mqdTccaBZuwWnC63lbc9zyYpmHN4o,2432
+contentctl/templates/app_template/README.md,sha256=RT-J9bgRSFsEFgNr9qV6yc2LkfUH_uiMJ2RV4NM9Ymo,366
+contentctl/templates/app_template/default/analytic_stories.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
+contentctl/templates/app_template/default/commands.conf,sha256=U2ccwUeGXKKKt5jo14QY5swi-p9_TSJtaNquOkeF3Yk,319
+contentctl/templates/app_template/default/data/ui/nav/default.xml,sha256=fKN53HZCtNJbQqq_5pP8e5-5m30DRrJittr6q5s6V_0,236
+contentctl/templates/app_template/default/data/ui/views/escu_summary.xml,sha256=jQhkIthPgEEptCJ2wUCj2lWGHBvUl6JGsKkDfONloxI,8635
+contentctl/templates/app_template/default/data/ui/views/feedback.xml,sha256=uM71EMK2uFz8h68nOTNKGnYxob3HhE_caSL6yA-3H-k,696
+contentctl/templates/app_template/default/use_case_library.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
+contentctl/templates/app_template/lookups/mitre_enrichment.csv,sha256=tifPQjFoQHtvpb78hxSP2fKHnHeehNbZDwUjdvc0aEM,66072
+contentctl/templates/app_template/metadata/default.meta,sha256=h66ea1l3qMzDRgDUAXsJvGKeJnp5w-s2unYMZ9dJLzM,433
+contentctl/templates/app_template/static/appIcon.png,sha256=jcJ1PNdkBX7Kl_y9Tf0SZ55OJYA2PpwjvkVvBt9_OoE,3658
+contentctl/templates/app_template/static/appIconAlt.png,sha256=uRXjoHQQjs0-BxcK-3KNBEdck1adDNTHMvV14xR4W0g,2656
+contentctl/templates/app_template/static/appIconAlt_2x.png,sha256=I0m-CPRqq7ak9NJQZGGmz6Ac4pmzFV_SonOUxOEDOFs,7442
+contentctl/templates/app_template/static/appIcon_2x.png,sha256=XEpqQzDvzuEV5StzD05XRgxwySqHHLes1hMPy2v5Vdk,3657
+contentctl/templates/data_sources/sysmon_eventid_1.yml,sha256=7PIcLr1e9Ql-wu_Dk9D4JAZs1OWDby-tY77nDDUZ1CQ,6079
+contentctl/templates/datamodels_cim.conf,sha256=RB_SCtpQG_KaC_0lKTCKexVOlEq_ShGwpGlg95aqOfs,9381
+contentctl/templates/datamodels_custom.conf,sha256=6BANthXdqg3fYpYmEqiGZnv4cWheNfXz1uQ_I1JePXc,480
+contentctl/templates/deployments/escu_default_configuration_anomaly.yml,sha256=j_H2wovWBj1EKxVwj3mMoJVQnVm-2Imt7xnB9U1Tun4,418
+contentctl/templates/deployments/escu_default_configuration_baseline.yml,sha256=NzUvaotkk7hatx9EBjROFIwsvSOZXgfAJUvGS8JrUMg,334
+contentctl/templates/deployments/escu_default_configuration_correlation.yml,sha256=iWLqvJnUKVhpKaLBc_w_W65d9HVZgOZfGA-RIpxsH6M,519
+contentctl/templates/deployments/escu_default_configuration_hunting.yml,sha256=hHmM8u7zncpb-32Qv74UoNs0HKwZwCMoKAq2ygDJZbo,329
+contentctl/templates/deployments/escu_default_configuration_ttp.yml,sha256=1D-pvzaH1v3_yCZXaY6njmdvV4S2_Ak8uzzCOsnj9XY,548
+contentctl/templates/detections/application/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/detections/cloud/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml,sha256=VQ8mxkOOm7RfnBomtOXF9XGE8fV-j5j-4pFtpocQ17Y,3875
+contentctl/templates/detections/network/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
+contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
+contentctl/templates/stories/cobalt_strike.yml,sha256=uj8idtDNOAIqpZ9p8usQg6mop1CQkJ5TlB4Q7CJdTIE,3082
+contentctl-5.0.0.dist-info/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-5.0.0.dist-info/METADATA,sha256=99Dsj6xpEKa3kGWPD2uxqttJyHlzYJbpzn_VqgedaIc,21539
+contentctl-5.0.0.dist-info/WHEEL,sha256=IYZQI976HJqqOpQU6PHkJ8fb3tMNBFjg-Cn-pwAbaFM,88
+contentctl-5.0.0.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-5.0.0.dist-info/RECORD,,

{contentctl-4.4.7.dist-info → contentctl-5.0.0.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 1.9.1
+Generator: poetry-core 2.0.1
 Root-Is-Purelib: true
 Tag: py3-none-any

contentctl/actions/initialize_old.py

@@ -1,245 +0,0 @@
-'''
-Initializes a Splunk Content Project
-'''
-
-from pathlib import Path
-import yaml
-import sys
-import questionary
-import os
-from contentctl.objects.enums import LogLevel
-
-import abc
-from pydantic import BaseModel, Field
-
-from contentctl.objects.config import Config
-
-DEFAULT_FOLDERS = ['detections', 'stories', 'lookups', 'macros', 'baselines', 'dist']
-
-
-def create_folders(path):
-
-    for folder in DEFAULT_FOLDERS:
-        folder_path = path + "/" + folder
-        if not os.path.exists(folder_path):
-            os.makedirs(folder_path)
-
-
-
-def NewContentPack(args, default_config):
-    """
-    new function creates a new configuration file based on the user input on the terminal.
-    :param config: python dictionary having the configuration 
-    :return: No return value
-    """
-    contentctl_config_file = Path(args.config)
-    if contentctl_config_file.is_file():
-        questions = [
-            {
-                'type': 'confirm',
-                'message': 'File {0} already exist, are you sure you want to continue?\nTHIS WILL OVERWRITE YOUR CURRENT CONFIG!'.format(contentctl_config_file),
-                'name': 'continue',
-                'default': True,
-            },
-        ]
-
-        answers = questionary.prompt(questions)
-        if answers['continue']:
-            print("> continuing with contentctl configuration...")
-        else:
-            print("> exiting, to create a unique configuration file in another location use the --config flag")
-            sys.exit(0)
-
-
-    # configuration parameters  
-    if os.path.exists(args.output):  
-        config_path = args.output + "/" + str(contentctl_config_file)
-    else:
-        print("ERROR, output folder: {0} does not exist".format(args.output))
-        sys.exit(1)
-
-    # deal with skipping configuration
-    if args.skip_configuration:
-        print("initializing with default configuration: {0}".format(config_path))
-        # write config file
-        with open(config_path, 'w') as outfile:
-            yaml.dump(default_config, outfile, default_flow_style=False, sort_keys=False)
-
-        # write folder structure
-        create_folders(args.output)
-        sys.exit(0)
-        
-
-    questions = [
-        {
-            "type": "select",
-            "message": "Which build format should we use for this content pack? Builds will be created under the dist/ folder.",
-            "name": "product",
-            "choices": ["Splunk App", "JSON API Objects", "BA Objects", "All"],
-            "default": "Splunk App"
-        },
-        {
-            'type': 'text',
-            'message': 'What should the Splunk App for this content pack be called?',
-            'name': 'product_app_name',
-            'default': 'Capybara Splunk Content Pack',
-            'when': lambda answers: answers['product'] == "Splunk App" or answers['product'] == "All",
-
-        },
-        {
-            'type': 'confirm',
-            'message': 'Should this content pack be deployed to a (Cloud) Splunk Enterprise Server?',
-            'name': 'deploy_to_splunk',
-            'default': False,
-
-        },
-        {
-            'type': 'text',
-            'message': 'What is the <host>:<port> of the (Cloud) Splunk Enterprise Server?',
-            'name': 'deploy_to_splunk_server',
-            'default': '127.0.0.1:8089',
-            'when': lambda answers: answers['deploy_to_splunk'],
-
-        },
-        {
-            'type': 'text',
-            'message': 'What is the username of the (Cloud) Splunk Enterprise Server?',
-            'name': 'deploy_to_splunk_username',
-            'default': 'admin',
-            'when': lambda answers: answers['deploy_to_splunk'],
-
-        },
-        {
-            'type': 'text',
-            'message': 'What is the password of the (Cloud) Splunk Enterprise Server?',
-            'name': 'deploy_to_splunk_password',
-            'default': 'xxx',
-            'when': lambda answers: answers['deploy_to_splunk'],
-
-        },    
-        {
-            'type': 'text',
-            'message': 'How often should analytics run? The schedule is on cron format (https://crontab.guru/).',
-            'name': 'scheduling_cron_schedule',
-            'default': '0 * * * *',
-        },
-        {
-            'type': 'text',
-            'message': 'What is the earliest time for analytics? Uses Splunk time modifiers (https://docs.splunk.com/Documentation/SCS/current/Search/Timemodifiers).',
-            'name': 'scheduling_earliest_time',
-            'default': '-70m@m',
-        },
-        {
-            'type': 'text',
-            'message': 'What is the latest time for analytics? Uses Splunk time modifiers (https://docs.splunk.com/Documentation/SCS/current/Search/Timemodifiers).',
-            'name': 'scheduling_latest_time',
-            'default': '-10m@m',
-        },
-        {
-            'type': 'checkbox',
-            'message': 'What should the default action be when an analytic triggers?',
-            'name': 'default_actions',
-            'choices': ["notable", "risk_event", "email"],
-            'default': 'notable',
-        },
-        {
-            'type': 'text',
-            'message': 'What email address should we send the alerts to?',
-            'name': 'to_email',
-            'default': 'geralt@monsterkiller.com',
-            'when': lambda answers: 'email' in answers['default_actions'],
-        },
-        {
-            'type': 'confirm',
-            'message': 'Should we include some example content? This will add a detection and its test with supporting components like lookups and macros.',
-            'name': 'pre_populate',
-            'default': True,
-        },
-    ]
-
-    answers = questionary.prompt(questions)
-
-    # create a custom config object to store answers
-    custom_config = default_config
-
-    # remove other product settings
-    if answers['product'] == 'Splunk App':
-        # pop other configs out
-        custom_config['build'].pop('json_objects')
-        custom_config['build'].pop('ba_objects')
-        # capture configs
-        custom_config['build']['splunk_app']['name'] = answers['product_app_name']
-        custom_config['build']['splunk_app']['path'] = 'dist/' + answers['product_app_name'].lower().replace(" ", "_")
-        custom_config['build']['splunk_app']['prefix'] = answers['product_app_name'].upper()[0: 3]
-
-    elif answers['product'] == 'JSON API Objects':
-        custom_config['build'].pop('splunk_app')
-        custom_config['build'].pop('ba_objects')
-    elif answers['product'] == 'BA Objects':
-        custom_config['build'].pop('splunk_app')
-        custom_config['build'].pop('json_objects')
-    else:
-        # splunk app config
-        custom_config['build']['splunk_app']['name'] = answers['product_app_name']
-        custom_config['build']['splunk_app']['path'] = 'dist/' + answers['product_app_name'].lower().replace(" ", "_")
-        custom_config['build']['splunk_app']['prefix'] = answers['product_app_name'].upper()[0: 3]
-
-    if answers['deploy_to_splunk']:
-        custom_config['deploy']['server'] = answers['deploy_to_splunk_server']
-        custom_config['deploy']['username'] = answers['deploy_to_splunk_username']
-        custom_config['deploy']['password'] = answers['deploy_to_splunk_password']
-    else:
-        custom_config.pop('deploy')
-    
-    custom_config['scheduling']['cron_schedule'] = answers['scheduling_cron_schedule']
-    custom_config['scheduling']['earliest_time'] = answers['scheduling_earliest_time']
-    custom_config['scheduling']['latest_time'] = answers['scheduling_latest_time']
-
-    if 'notable' in answers['default_actions']:
-            custom_config['alert_actions']['notable']['rule_description'] = '%description%'
-            custom_config['alert_actions']['notable']['rule_title'] = '%name%'
-            custom_config['alert_actions']['notable']['nes_fields'] = ['user','dest','src']
-    else:
-        custom_config['alert_actions'].pop('notable')
-    if 'risk_event' in answers['default_actions']:
-            rba = dict()
-            custom_config['alert_actions']['rba'] = rba
-            custom_config['alert_actions']['rba']['enabled'] = 'true'
-            
-    if 'email' in answers['default_actions']:
-            email = dict()
-            custom_config['alert_actions']['email'] = email
-            custom_config['alert_actions']['email']['subject'] = 'Alert %name% triggered'
-            custom_config['alert_actions']['email']['message'] = 'The rule %name% triggered base on %description%'
-            custom_config['alert_actions']['email']['to'] = answers['to_email']
-        
-   
-    # write config file
-    with open(config_path, 'w') as outfile:
-        yaml.dump(custom_config, outfile, default_flow_style=False, sort_keys=False)
-    print('Content pack configuration created under: {0} .. edit to fine tune details before building'.format(config_path))
-
-    # write folder structure
-    create_folders(args.output)
-    print('The following folders were created: {0} under {1}.\nContent pack has been initialized, please run `new` to create new content.'.format(DEFAULT_FOLDERS, args.output))
-
-    print("Load the custom_config into the pydantic model we have created")
-    cfg = ContentPackConfig().parse_obj(custom_config)
-    import pprint
-    pprint.pprint(cfg.__dict__)
-    print("********************")
-    pprint.pprint(custom_config)
-    print("done")
-        
-
-
-
-
-
-
-
-
-
-
-
-

contentctl/objects/event_source.py

@@ -1,11 +0,0 @@
-from __future__ import annotations
-from typing import Union, Optional, List
-from pydantic import BaseModel, Field
-
-from contentctl.objects.security_content_object import SecurityContentObject
-
-class EventSource(SecurityContentObject):
-    fields: Optional[list[str]] = None
-    field_mappings: Optional[list[dict]] = None
-    convert_to_log_source: Optional[list[dict]] = None
-    example_log: Optional[str] = None

contentctl/objects/observable.py

@@ -1,37 +0,0 @@
-from pydantic import BaseModel, field_validator
-from contentctl.objects.constants import SES_OBSERVABLE_TYPE_MAPPING, RBA_OBSERVABLE_ROLE_MAPPING
-
-
-class Observable(BaseModel):
-    name: str
-    type: str
-    role: list[str]
-
-    @field_validator('name')
-    def check_name(cls, v: str):
-        if v == "":
-            raise ValueError("No name provided for observable")
-        return v
-
-    @field_validator('type')
-    def check_type(cls, v: str):
-        if v not in SES_OBSERVABLE_TYPE_MAPPING.keys():
-            raise ValueError(
-                f"Invalid type '{v}' provided for observable.  Valid observable types are "
-                f"{SES_OBSERVABLE_TYPE_MAPPING.keys()}"
-            )
-        return v
-
-    @field_validator('role')
-    def check_roles(cls, v: list[str]):
-        if len(v) == 0:
-            raise ValueError("Error, at least 1 role must be listed for Observable.")
-        if len(v) > 1:
-            raise ValueError("Error, each Observable can only have one role.")
-        for role in v:
-            if role not in RBA_OBSERVABLE_ROLE_MAPPING.keys():
-                raise ValueError(
-                    f"Invalid role '{role}' provided for observable.  Valid observable types are "
-                    f"{RBA_OBSERVABLE_ROLE_MAPPING.keys()}"
-                )
-        return v

contentctl/output/detection_writer.py

@@ -1,28 +0,0 @@
-
-import yaml
-
-
-class DetectionWriter:
-
-    @staticmethod
-    def writeYmlFile(file_path : str, obj : dict) -> None:
-
-        new_obj = dict()
-        new_obj["name"] = obj["name"]
-        new_obj["id"] = obj["id"]
-        new_obj["version"] = obj["version"]
-        new_obj["date"] = obj["date"]
-        new_obj["author"] = obj["author"]
-        new_obj["type"] = obj["type"]
-        new_obj["status"] = obj["status"]
-        new_obj["description"] = obj["description"]
-        new_obj["data_source"] = obj["data_source"]
-        new_obj["search"] = obj["search"]
-        new_obj["how_to_implement"] = obj["how_to_implement"]
-        new_obj["known_false_positives"] = obj["known_false_positives"]
-        new_obj["references"] = obj["references"]
-        new_obj["tags"] = obj["tags"]
-        new_obj["tests"] = obj["tests"]
-
-        with open(file_path, 'w') as outfile:
-            yaml.safe_dump(new_obj, outfile, default_flow_style=False, sort_keys=False)

contentctl/output/new_content_yml_output.py

@@ -1,56 +0,0 @@
-import os
-import pathlib
-from contentctl.objects.enums import SecurityContentType
-from contentctl.output.yml_writer import YmlWriter
-import pathlib
-from contentctl.objects.config import NewContentType
-class NewContentYmlOutput():
-    output_path: pathlib.Path
-    
-    def __init__(self, output_path:pathlib.Path):
-        self.output_path = output_path
-    
-    
-    def writeObjectNewContent(self, object: dict, subdirectory_name: str, type: NewContentType) -> None:
-        if type == NewContentType.detection:
-
-            file_path = os.path.join(self.output_path, 'detections', subdirectory_name, self.convertNameToFileName(object['name'], object['tags']['product']))
-            output_folder = pathlib.Path(self.output_path)/'detections'/subdirectory_name
-            #make sure the output folder exists for this detection
-            output_folder.mkdir(exist_ok=True)
-
-            YmlWriter.writeYmlFile(file_path, object)
-            print("Successfully created detection " + file_path)
-        
-        elif type == NewContentType.story:
-            file_path = os.path.join(self.output_path, 'stories', self.convertNameToFileName(object['name'], object['tags']['product']))
-            YmlWriter.writeYmlFile(file_path, object)
-            print("Successfully created story " + file_path)        
-        
-        else:
-            raise(Exception(f"Object Must be Story or Detection, but is not: {object}"))
-
-
-
-    def convertNameToFileName(self, name: str, product: list):
-        file_name = name \
-            .replace(' ', '_') \
-            .replace('-','_') \
-            .replace('.','_') \
-            .replace('/','_') \
-            .lower()
-        
-        file_name = file_name + '.yml'
-        return file_name
-
-
-    def convertNameToTestFileName(self, name: str, product: list):
-        file_name = name \
-            .replace(' ', '_') \
-            .replace('-','_') \
-            .replace('.','_') \
-            .replace('/','_') \
-            .lower()
-        
-        file_name = file_name + '.test.yml'
-        return file_name

contentctl/output/yml_output.py

@@ -1,66 +0,0 @@
-import os
-
-from contentctl.output.detection_writer import DetectionWriter
-from contentctl.objects.detection import Detection
-
-
-class YmlOutput():
-
-
-    def writeDetections(self, objects: list, output_path : str) -> None:
-        for obj in objects:
-            file_path = obj.file_path
-            obj.id = str(obj.id)
-
-            DetectionWriter.writeYmlFile(os.path.join(output_path, file_path), obj.dict(
-                exclude_none=True,
-                include =
-                    {
-                        "name": True,
-                        "id": True,
-                        "version": True,
-                        "date": True,
-                        "author": True,
-                        "type": True,
-                        "status": True,
-                        "description": True,
-                        "data_source": True,
-                        "search": True,
-                        "how_to_implement": True,
-                        "known_false_positives": True,
-                        "references": True,
-                        "tags": 
-                            {
-                                "analytic_story": True,
-                                "asset_type": True,
-                                "atomic_guid": True,
-                                "confidence": True,
-                                "impact": True,
-                                "drilldown_search": True,
-                                "mappings": True,
-                                "message": True,
-                                "mitre_attack_id": True,
-                                "kill_chain_phases:": True,
-                                "observable": True,
-                                "product": True,
-                                "required_fields": True,
-                                "risk_score": True,
-                                "security_domain": True
-                            },
-                        "tests": 
-                            {
-                                '__all__': 
-                                    {
-                                        "name": True,
-                                        "attack_data": {
-                                            '__all__': 
-                                            {
-                                                "data": True,
-                                                "source": True,
-                                                "sourcetype": True
-                                            }
-                                        }
-                                    }
-                            }
-                    }
-            ))