contentctl 5.0.0a2__py3-none-any.whl → 5.0.1__py3-none-any.whl

contentctl/output/data_source_writer.py

@@ -3,37 +3,50 @@ from contentctl.objects.data_source import DataSource
 from typing import List
 import pathlib
 
-class DataSourceWriter:
 
+class DataSourceWriter:
     @staticmethod
-    def writeDataSourceCsv(data_source_objects: List[DataSource], file_path: pathlib.Path):
-        with open(file_path, mode='w', newline='') as file:
+    def writeDataSourceCsv(
+        data_source_objects: List[DataSource], file_path: pathlib.Path
+    ):
+        with open(file_path, mode="w", newline="") as file:
             writer = csv.writer(file)
             # Write the header
-            writer.writerow([
-                "name", "id", "author", "source", "sourcetype", "separator", 
-                "supported_TA_name", "supported_TA_version", "supported_TA_url",
-                "description"
-            ])
+            writer.writerow(
+                [
+                    "name",
+                    "id",
+                    "author",
+                    "source",
+                    "sourcetype",
+                    "separator",
+                    "supported_TA_name",
+                    "supported_TA_version",
+                    "supported_TA_url",
+                    "description",
+                ]
+            )
             # Write the data
             for data_source in data_source_objects:
-                if  len(data_source.supported_TA) > 0:
+                if len(data_source.supported_TA) > 0:
                     supported_TA_name = data_source.supported_TA[0].name
                     supported_TA_version = data_source.supported_TA[0].version
-                    supported_TA_url = data_source.supported_TA[0].url or ''
+                    supported_TA_url = data_source.supported_TA[0].url or ""
                 else:
-                    supported_TA_name = ''
-                    supported_TA_version = ''
-                    supported_TA_url = ''
-                writer.writerow([
-                    data_source.name,
-                    data_source.id,
-                    data_source.author,
-                    data_source.source,
-                    data_source.sourcetype,
-                    data_source.separator,
-                    supported_TA_name,
-                    supported_TA_version,
-                    supported_TA_url,
-                    data_source.description,
-                ])
+                    supported_TA_name = ""
+                    supported_TA_version = ""
+                    supported_TA_url = ""
+                writer.writerow(
+                    [
+                        data_source.name,
+                        data_source.id,
+                        data_source.author,
+                        data_source.source,
+                        data_source.sourcetype,
+                        data_source.separator,
+                        supported_TA_name,
+                        supported_TA_version,
+                        supported_TA_url,
+                        data_source.description,
+                    ]
+                )

contentctl/output/doc_md_output.py

@@ -1,23 +1,25 @@
 import os
-import asyncio
 import sys
 
 from pathlib import Path
 
-from contentctl.objects.enums import SecurityContentType
 from contentctl.output.jinja_writer import JinjaWriter
 
 
-class DocMdOutput():
+class DocMdOutput:
     index = 0
     files_to_write = 0
-    
+
     def writeObjects(self, objects: list, output_path: str) -> None:
         self.files_to_write = sum([len(obj) for obj in objects])
         self.index = 0
-        progress_percent = ((self.index+1)/self.files_to_write) * 100
-        if (sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty()):
-            print(f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...", end="", flush=True)
+        progress_percent = ((self.index + 1) / self.files_to_write) * 100
+        if sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty():
+            print(
+                f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...",
+                end="",
+                flush=True,
+            )
 
         attack_tactics = set()
         datamodels = set()
@@ -33,24 +35,41 @@ class DocMdOutput():
 
             if detection.datamodel:
                 datamodels.update(detection.datamodel)
-        
-        Path(os.path.join(output_path, 'overview')).mkdir(parents=True, exist_ok=True)
-        Path(os.path.join(output_path, 'detections')).mkdir(parents=True, exist_ok=True)
-        Path(os.path.join(output_path, 'stories')).mkdir(parents=True, exist_ok=True)
-        Path(os.path.join(output_path, 'playbooks')).mkdir(parents=True, exist_ok=True)
 
-        JinjaWriter.writeObjectsList('doc_story_page.j2', os.path.join(output_path, 'overview/stories.md'), sorted(objects[0], key=lambda x: x.name))
-        self.writeObjectsMd(objects[0], os.path.join(output_path, 'stories'), 'doc_stories.j2')
+        Path(os.path.join(output_path, "overview")).mkdir(parents=True, exist_ok=True)
+        Path(os.path.join(output_path, "detections")).mkdir(parents=True, exist_ok=True)
+        Path(os.path.join(output_path, "stories")).mkdir(parents=True, exist_ok=True)
+        Path(os.path.join(output_path, "playbooks")).mkdir(parents=True, exist_ok=True)
+
+        JinjaWriter.writeObjectsList(
+            "doc_story_page.j2",
+            os.path.join(output_path, "overview/stories.md"),
+            sorted(objects[0], key=lambda x: x.name),
+        )
+        self.writeObjectsMd(
+            objects[0], os.path.join(output_path, "stories"), "doc_stories.j2"
+        )
+
+        JinjaWriter.writeObjectsList(
+            "doc_detection_page.j2",
+            os.path.join(output_path, "overview/detections.md"),
+            sorted(objects[1], key=lambda x: x.name),
+        )
+        self.writeObjectsMd(
+            objects[1], os.path.join(output_path, "detections"), "doc_detections.j2"
+        )
 
-        JinjaWriter.writeObjectsList('doc_detection_page.j2', os.path.join(output_path, 'overview/detections.md'), sorted(objects[1], key=lambda x: x.name))
-        self.writeObjectsMd(objects[1], os.path.join(output_path, 'detections'), 'doc_detections.j2')
+        JinjaWriter.writeObjectsList(
+            "doc_playbooks_page.j2",
+            os.path.join(output_path, "overview/paybooks.md"),
+            sorted(objects[2], key=lambda x: x.name),
+        )
+        self.writeObjectsMd(
+            objects[2], os.path.join(output_path, "playbooks"), "doc_playbooks.j2"
+        )
 
-        JinjaWriter.writeObjectsList('doc_playbooks_page.j2', os.path.join(output_path, 'overview/paybooks.md'), sorted(objects[2], key=lambda x: x.name))
-        self.writeObjectsMd(objects[2], os.path.join(output_path, 'playbooks'), 'doc_playbooks.j2')
-        
         print("Done!")
-    
-    
+
     # def writeNavigationPageObjects(self, objects: list, output_path: str) -> None:
     #     for obj in objects:
     #         JinjaWriter.writeObject('doc_navigation_pages.j2', os.path.join(output_path, '_pages', obj.lower().replace(' ', '_') + '.md'),
@@ -61,10 +80,17 @@ class DocMdOutput():
 
     def writeObjectsMd(self, objects, output_path: str, template_name: str) -> None:
         for obj in objects:
-            progress_percent = ((self.index+1)/self.files_to_write) * 100
-            self.index+=1
-            if (sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty()):
-                print(f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...", end="", flush=True)
-
-            JinjaWriter.writeObject(template_name, os.path.join(output_path, obj.name.lower().replace(' ', '_') + '.md'), obj)
+            progress_percent = ((self.index + 1) / self.files_to_write) * 100
+            self.index += 1
+            if sys.stdout.isatty() and sys.stdin.isatty() and sys.stderr.isatty():
+                print(
+                    f"\r{'Docgen Progress'.rjust(23)}: [{progress_percent:3.0f}%]...",
+                    end="",
+                    flush=True,
+                )
 
+            JinjaWriter.writeObject(
+                template_name,
+                os.path.join(output_path, obj.name.lower().replace(" ", "_") + ".md"),
+                obj,
+            )

contentctl/output/jinja_writer.py

@@ -4,30 +4,34 @@ from jinja2 import Environment, FileSystemLoader
 
 
 class JinjaWriter:
-
     @staticmethod
-    def writeObjectsList(template_name : str, output_path : str, objects : list) -> None:
-
+    def writeObjectsList(template_name: str, output_path: str, objects: list) -> None:
         j2_env = Environment(
-            loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 
-            trim_blocks=False)
+            loader=FileSystemLoader(
+                os.path.join(os.path.dirname(__file__), "templates")
+            ),
+            trim_blocks=False,
+        )
 
         template = j2_env.get_template(template_name)
         output = template.render(objects=objects)
-        with open(output_path, 'w') as f:
-            output = output.encode('ascii', 'ignore').decode('ascii')
+        with open(output_path, "w") as f:
+            output = output.encode("ascii", "ignore").decode("ascii")
             f.write(output)
 
-
     @staticmethod
-    def writeObject(template_name : str, output_path : str, object: dict[str,Any]) -> None:
-
+    def writeObject(
+        template_name: str, output_path: str, object: dict[str, Any]
+    ) -> None:
         j2_env = Environment(
-            loader=FileSystemLoader(os.path.join(os.path.dirname(__file__), 'templates')), 
-            trim_blocks=False)
+            loader=FileSystemLoader(
+                os.path.join(os.path.dirname(__file__), "templates")
+            ),
+            trim_blocks=False,
+        )
 
         template = j2_env.get_template(template_name)
         output = template.render(object=object)
-        with open(output_path, 'w') as f:
-            output = output.encode('ascii', 'ignore').decode('ascii')
-            f.write(output)
+        with open(output_path, "w") as f:
+            output = output.encode("ascii", "ignore").decode("ascii")
+            f.write(output)

contentctl/output/json_writer.py

@@ -1,19 +1,31 @@
 import json
 from typing import Any
-class JsonWriter():
 
+
+class JsonWriter:
     @staticmethod
-    def writeJsonObject(file_path : str, object_name: str, objs: list[dict[str,Any]],readable_output:bool=True) -> None:
+    def writeJsonObject(
+        file_path: str,
+        object_name: str,
+        objs: list[dict[str, Any]],
+        readable_output: bool = True,
+    ) -> None:
         try:
-            with open(file_path, 'w') as outfile:
+            with open(file_path, "w") as outfile:
                 if readable_output:
                     # At the cost of slightly larger filesize, improve the redability significantly
                     # by sorting and indenting keys/values
-                    sorted_objs = sorted(objs, key=lambda o: o['name'])
-                    json.dump({object_name:sorted_objs}, outfile, ensure_ascii=False, indent=2)
+                    sorted_objs = sorted(objs, key=lambda o: o["name"])
+                    json.dump(
+                        {object_name: sorted_objs},
+                        outfile,
+                        ensure_ascii=False,
+                        indent=2,
+                    )
                 else:
-                    json.dump({object_name:objs}, outfile, ensure_ascii=False)
+                    json.dump({object_name: objs}, outfile, ensure_ascii=False)
 
         except Exception as e:
-             raise Exception(f"Error serializing object to Json File '{file_path}': {str(e)}")
-            
+            raise Exception(
+                f"Error serializing object to Json File '{file_path}': {str(e)}"
+            )

contentctl/output/svg_output.py

@@ -1,4 +1,3 @@
-import os
 import pathlib
 from typing import List, Any
 
@@ -6,50 +5,69 @@ from contentctl.objects.enums import SecurityContentType
 from contentctl.output.jinja_writer import JinjaWriter
 from contentctl.objects.enums import DetectionStatus
 from contentctl.objects.detection import Detection
-class SvgOutput():
 
-    
-    def get_badge_dict(self, name:str, total_detections:List[Detection], these_detections:List[Detection])->dict[str,Any]:
-        obj:dict[str,Any] = {}
-        obj['name'] = name
+
+class SvgOutput:
+    def get_badge_dict(
+        self,
+        name: str,
+        total_detections: List[Detection],
+        these_detections: List[Detection],
+    ) -> dict[str, Any]:
+        obj: dict[str, Any] = {}
+        obj["name"] = name
 
         if name == "Production":
-            obj['color'] = "Green"
+            obj["color"] = "Green"
         elif name == "Detections":
-            obj['color'] = "Green"
+            obj["color"] = "Green"
         elif name == "Experimental":
-            obj['color'] = "Yellow"
+            obj["color"] = "Yellow"
         elif name == "Deprecated":
-            obj['color'] = "Red"
+            obj["color"] = "Red"
 
-        obj['count'] = len(total_detections)
-        if obj['count'] == 0:
-            obj['coverage'] = "NaN"
+        obj["count"] = len(total_detections)
+        if obj["count"] == 0:
+            obj["coverage"] = "NaN"
         else:
-            obj['coverage'] = len(these_detections) / obj['count']
-            obj['coverage'] = "{:.0%}".format(obj['coverage'])
+            obj["coverage"] = len(these_detections) / obj["count"]
+            obj["coverage"] = "{:.0%}".format(obj["coverage"])
         return obj
-    
-    def writeObjects(self, detections: List[Detection], output_path: pathlib.Path, type: SecurityContentType = None) -> None:
-        
-        
-
-        total_dict:dict[str,Any] = self.get_badge_dict("Detections", detections, detections)
-        production_dict:dict[str,Any] = self.get_badge_dict("% Production", detections, [detection for detection in detections if detection.status == DetectionStatus.production])
-        #deprecated_dict = self.get_badge_dict("Deprecated", detections, [detection for detection in detections if detection.status == DetectionStatus.deprecated])
-        #experimental_dict = self.get_badge_dict("Experimental", detections, [detection for detection in detections if detection.status == DetectionStatus.experimental])
-        
-        
-
-
-        #Total number of detections
-        JinjaWriter.writeObject('detection_count.j2', output_path /'detection_count.svg', total_dict)
-        #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'production_count.svg'), production_dict)
-        #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'deprecated_count.svg'), deprecated_dict)
-        #JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'experimental_count.svg'), experimental_dict)
-
-        #Percentage of detections that are production
-        JinjaWriter.writeObject('detection_coverage.j2', output_path/'detection_coverage.svg', production_dict)
-        #JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), deprecated_dict)
-        #JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), experimental_dict)
 
+    def writeObjects(
+        self,
+        detections: List[Detection],
+        output_path: pathlib.Path,
+        type: SecurityContentType = None,
+    ) -> None:
+        total_dict: dict[str, Any] = self.get_badge_dict(
+            "Detections", detections, detections
+        )
+        production_dict: dict[str, Any] = self.get_badge_dict(
+            "% Production",
+            detections,
+            [
+                detection
+                for detection in detections
+                if detection.status == DetectionStatus.production
+            ],
+        )
+        # deprecated_dict = self.get_badge_dict("Deprecated", detections, [detection for detection in detections if detection.status == DetectionStatus.deprecated])
+        # experimental_dict = self.get_badge_dict("Experimental", detections, [detection for detection in detections if detection.status == DetectionStatus.experimental])
+
+        # Total number of detections
+        JinjaWriter.writeObject(
+            "detection_count.j2", output_path / "detection_count.svg", total_dict
+        )
+        # JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'production_count.svg'), production_dict)
+        # JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'deprecated_count.svg'), deprecated_dict)
+        # JinjaWriter.writeObject('detection_count.j2', os.path.join(output_path, 'experimental_count.svg'), experimental_dict)
+
+        # Percentage of detections that are production
+        JinjaWriter.writeObject(
+            "detection_coverage.j2",
+            output_path / "detection_coverage.svg",
+            production_dict,
+        )
+        # JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), deprecated_dict)
+        # JinjaWriter.writeObject('detection_coverage.j2', os.path.join(output_path, 'detection_coverage.svg'), experimental_dict)

contentctl/output/templates/analyticstories_detections.j2

@@ -7,7 +7,7 @@
 type = detection
 asset_type = {{ detection.tags.asset_type }}
 confidence = medium
-explanation = {{ (detection.explanation if detection.explanation else detection.description) | escapeNewlines() }}
+explanation = {{ detection.status_aware_description | escapeNewlines() }}
 {% if detection.how_to_implement is defined %}
 how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}

contentctl/output/templates/analyticstories_stories.j2

@@ -11,7 +11,7 @@ references = {{ story.getReferencesListForJson() | tojson }}
 maintainers = [{"company": "{{ story.author_company }}", "email": "{{ story.author_email }}", "name": "{{ story.author_name }}"}]
 spec_version = 3
 searches = {{ story.storyAndInvestigationNamesWithApp(app) | tojson }}
-description = {{ story.description | escapeNewlines() }}
+description = {{ story.status_aware_description | escapeNewlines() }}
 {% if story.narrative is defined %}
 narrative = {{ story.narrative | escapeNewlines() }}
 {% endif %}

contentctl/output/templates/es_investigations_investigations.j2

@@ -2,7 +2,7 @@
 {% for response_task in objects %}
 [panel://workbench_panel_{{ response_task.lowercase_name }}___response_task]
 label = {{ response_task.name }}
-description = {{ response_task.description | escapeNewlines() }}
+description = {{ response_task.status_aware_description | escapeNewlines() }}
 disabled = 0
 tokens = {\
 {% for token in response_task.inputs %}

contentctl/output/templates/es_investigations_stories.j2

@@ -2,7 +2,7 @@
 {% for story in objects %}
 [panel_group://workbench_panel_group_{{ story.lowercase_name}}]
 label = {{ story.name }}
-description = {{ story.description | escapeNewlines() }}
+description = {{ story.status_aware_description | escapeNewlines() }}
 disabled = 0
 
 {% if story.workbench_panels is defined %}

contentctl/output/templates/savedsearches_baselines.j2

@@ -8,7 +8,7 @@
 action.escu = 0
 action.escu.enabled = 1
 action.escu.search_type = support
-description = {{ detection.description | escapeNewlines() }}
+description = {{ detection.status_aware_description | escapeNewlines() }}
 action.escu.creation_date = {{ detection.date }}
 action.escu.modification_date = {{ detection.date }}
 {% if detection.tags.analytic_story is defined %}
@@ -29,7 +29,7 @@ action.escu.providing_technologies = {{ detection.providing_technologies | tojso
 {% else %}
 action.escu.providing_technologies = []
 {% endif %}
-action.escu.eli5 = {{ detection.description | escapeNewlines() }}
+action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }}
 {% if detection.how_to_implement is defined %}
 action.escu.how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}

contentctl/output/templates/savedsearches_detections.j2

@@ -5,16 +5,10 @@
 [{{ detection.get_conf_stanza_name(app) }}]
 action.escu = 0
 action.escu.enabled = 1
-{% if detection.status == "deprecated" %}
-description = **WARNING**, this detection has been marked **DEPRECATED** by the Splunk Threat Research Team. This means that it will no longer be maintained or supported. If you have any questions feel free to email us at: research@splunk.com. {{ detection.description | escapeNewlines() }} 
-{% elif detection.status == "experimental" %}
-description = **WARNING**, this detection is marked **EXPERIMENTAL** by the Splunk Threat Research Team. This means that the detection has been manually tested but we do not have the associated attack data to perform automated testing or cannot share this attack dataset due to its sensitive nature. If you have any questions feel free to email us at: research@splunk.com. {{ detection.description | escapeNewlines() }} 
-{% else %}
-description = {{ detection.description | escapeNewlines() }}
-{% endif %}
+description = {{ detection.status_aware_description | escapeNewlines() }} 
 action.escu.mappings = {{ detection.mappings | tojson }}
 action.escu.data_models = {{ detection.datamodel | tojson }}
-action.escu.eli5 = {{ detection.description | escapeNewlines() }}
+action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }}
 {% if detection.how_to_implement %}
 action.escu.how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}

contentctl/output/templates/savedsearches_investigations.j2

@@ -9,7 +9,7 @@
 action.escu = 0
 action.escu.enabled = 1
 action.escu.search_type = investigative
-description = {{ detection.description | escapeNewlines() }}
+description = {{ detection.status_aware_description | escapeNewlines() }}
 action.escu.creation_date = {{ detection.date }}
 action.escu.modification_date = {{ detection.date }}
 {% if detection.tags.analytic_story is defined %}
@@ -21,7 +21,7 @@ action.escu.earliest_time_offset = 3600
 action.escu.latest_time_offset = 86400
 action.escu.providing_technologies = []
 action.escu.data_models = {{ detection.datamodel | tojson }}
-action.escu.eli5 = {{ detection.description | escapeNewlines() }}
+action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }}
 action.escu.how_to_implement = none
 action.escu.known_false_positives = None at this time
 disabled = true

contentctl/output/templates/transforms.j2

@@ -13,11 +13,9 @@ default_match = {{ lookup.default_match | lower }}
 {% if lookup.case_sensitive_match is defined and lookup.case_sensitive_match != None %}
 case_sensitive_match = {{ lookup.case_sensitive_match | lower }}
 {% endif %}
-{% if lookup.description is defined and lookup.description != None %}
 # description = {{ lookup.description | escapeNewlines() }}
-{% endif %}
-{% if lookup.match_type is defined and lookup.match_type != None %}
-match_type = {{ lookup.match_type }}
+{% if lookup.match_type | length > 0 %}
+match_type = {{ lookup.match_type_to_conf_format }}
 {% endif %}
 {% if lookup.max_matches is defined and lookup.max_matches != None %}
 max_matches = {{ lookup.max_matches }}

contentctl/output/yml_writer.py

@@ -1,4 +1,3 @@
-
 import yaml
 from typing import Any
 from enum import StrEnum, IntEnum
@@ -8,25 +7,22 @@ from enum import StrEnum, IntEnum
 # to write to files:
 # yaml.representer.RepresenterError: ('cannot represent an object',.....
 yaml.SafeDumper.add_multi_representer(
-    StrEnum,
-    yaml.representer.SafeRepresenter.represent_str
+    StrEnum, yaml.representer.SafeRepresenter.represent_str
 )
 
 yaml.SafeDumper.add_multi_representer(
-    IntEnum,
-    yaml.representer.SafeRepresenter.represent_int
+    IntEnum, yaml.representer.SafeRepresenter.represent_int
 )
 
-class YmlWriter:
 
+class YmlWriter:
     @staticmethod
-    def writeYmlFile(file_path : str, obj : dict[Any,Any]) -> None:
-
-        with open(file_path, 'w') as outfile:
+    def writeYmlFile(file_path: str, obj: dict[Any, Any]) -> None:
+        with open(file_path, "w") as outfile:
             yaml.safe_dump(obj, outfile, default_flow_style=False, sort_keys=False)
 
     @staticmethod
-    def writeDetection(file_path: str, obj: dict[Any,Any]) -> None:
+    def writeDetection(file_path: str, obj: dict[Any, Any]) -> None:
         output = dict()
         output["name"] = obj["name"]
         output["id"] = obj["id"]
@@ -35,7 +31,7 @@ class YmlWriter:
         output["author"] = obj["author"]
         output["type"] = obj["type"]
         output["status"] = obj["status"]
-        output["data_source"] = obj['data_sources']
+        output["data_source"] = obj["data_sources"]
         output["description"] = obj["description"]
         output["search"] = obj["search"]
         output["how_to_implement"] = obj["how_to_implement"]
@@ -45,20 +41,18 @@ class YmlWriter:
         output["tests"] = obj["tags"]
 
         YmlWriter.writeYmlFile(file_path=file_path, obj=output)
- 
+
     @staticmethod
-    def writeStory(file_path: str, obj: dict[Any,Any]) -> None:
+    def writeStory(file_path: str, obj: dict[Any, Any]) -> None:
         output = dict()
-        output['name'] = obj['name']
-        output['id'] = obj['id']
-        output['version'] = obj['version']
-        output['date'] = obj['date']
-        output['author'] = obj['author']
-        output['description'] = obj['description']
-        output['narrative'] = obj['narrative']
-        output['references'] = obj['references']
-        output['tags'] = obj['tags']
+        output["name"] = obj["name"]
+        output["id"] = obj["id"]
+        output["version"] = obj["version"]
+        output["date"] = obj["date"]
+        output["author"] = obj["author"]
+        output["description"] = obj["description"]
+        output["narrative"] = obj["narrative"]
+        output["references"] = obj["references"]
+        output["tags"] = obj["tags"]
 
         YmlWriter.writeYmlFile(file_path=file_path, obj=output)
- 
-

contentctl/templates/stories/cobalt_strike.yml

@@ -3,6 +3,7 @@ id: bcfd17e8-5461-400a-80a2-3b7d1459220c
 version: 1
 date: '2021-02-16'
 author: Michael Haag, Splunk
+status: production
 description: Cobalt Strike is threat emulation software. Red teams and penetration
   testers use Cobalt Strike to demonstrate the risk of a breach and evaluate mature
   security programs. Most recently, Cobalt Strike has become the choice tool by threat

{contentctl-5.0.0a2.dist-info → contentctl-5.0.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: contentctl
-Version: 5.0.0a2
+Version: 5.0.1
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 Author: STRT