contentctl 5.5.11__py3-none-any.whl → 5.5.13__py3-none-any.whl

contentctl/objects/content_versioning_service.py

@@ -7,13 +7,7 @@ from functools import cached_property
 from typing import Any, Callable
 
 import splunklib.client as splunklib  # type: ignore
-from pydantic import (
-    BaseModel,
-    Field,
-    PrivateAttr,
-    computed_field,
-    model_validator,
-)
+from pydantic import BaseModel, Field, PrivateAttr, computed_field, model_validator
 from semantic_version import Version
 from splunklib.binding import HTTPError, ResponseReader  # type: ignore
 from splunklib.data import Record  # type: ignore
@@ -422,12 +416,14 @@ class ContentVersioningService(BaseModel):
         if self.kvstore_content_versioning:
             query = (
                 f"| inputlookup cms_content_lookup | search app_name={self.global_config.app.appid}"
-                f"| fields content"
+                "| fields content | spath input=content "
+                "| search action.correlationsearch.detection_type=ebd | fields content"
             )
         elif self.indexbased_content_versioning:
             query = (
-                f"search index=cms_main sourcetype=stash_common_detection_model "
-                f'app_name="{self.global_config.app.appid}" | fields _raw'
+                "search index=cms_main sourcetype=stash_common_detection_model "
+                f'app_name="{self.global_config.app.appid}" '
+                "action.correlationsearch.detection_type=ebd | fields _raw"
             )
         else:
             if self.kvstore_content_versioning:

contentctl/output/templates/savedsearches_detections.j2

@@ -1,15 +1,16 @@
-### {{app.label}} DETECTIONS ###
-
 [default]
 disabled = 1
 description = "This search was removed in a previous release, or is otherwise not present."
 search = | makeresults | eval text = "This search was removed in a previous release, or is otherwise not present."
 
+### {{app.label}} DETECTIONS ###
+
+
 {% for detection in objects %}
 [{{ detection.get_conf_stanza_name(app) }}]
 action.escu = 0
 action.escu.enabled = 1
-description = {{ detection.status_aware_description | escapeNewlines() }}
+description = {{ detection.status_aware_description | escapeNewlines() }} 
 action.escu.mappings = {{ detection.mappings | tojson }}
 action.escu.data_models = {{ detection.datamodel | tojson }}
 action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }}

{contentctl-5.5.11.dist-info → contentctl-5.5.13.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: contentctl
-Version: 5.5.11
+Version: 5.5.13
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 License-File: LICENSE.md

{contentctl-5.5.11.dist-info → contentctl-5.5.13.dist-info}/RECORD

@@ -44,7 +44,7 @@ contentctl/objects/baseline.py,sha256=EMcuz_9sVgOFh3YCj871GSAA6v3FIkRTf90-LAHq-J
 contentctl/objects/baseline_tags.py,sha256=SkGlsfigaARss3itHOgWnKhRDEB6NX8bMhfovrBUmhk,1609
 contentctl/objects/config.py,sha256=la0mUk1183ZD0gav7bGekhJxj4AOjn8hF5p7jwNqdhM,57938
 contentctl/objects/constants.py,sha256=VwwQtJBGC_zb3ukjb3A7P0CwAlyhacWiXczwAW5Jiog,5466
-contentctl/objects/content_versioning_service.py,sha256=KZs0DRo5AX6TzVIUDvlTiYKaKB6nZqx1WPko9-JLqP0,27341
+contentctl/objects/content_versioning_service.py,sha256=y7U71BzaSf49Tp45myV4RPTgjOcyXcBjgy7HEn3Flak,27488
 contentctl/objects/correlation_search.py,sha256=cTFpdcBXmQ9AhOkNK2EK4xOafsIRktsJKNVy4e1WAns,51056
 contentctl/objects/dashboard.py,sha256=wdNCIC1MExvpsB_EyPY9ZDo9Xu9V5WDI6wkunW0fTdk,4995
 contentctl/objects/data_source.py,sha256=O58GArXVlflz3dCtVOn96Ubyi5_ekSC1N9LuveQNws4,2019
@@ -124,7 +124,7 @@ contentctl/output/templates/header.j2,sha256=3usV7jm1q6J-QNnQrZzII9cN0XEGQjg_eVK
 contentctl/output/templates/macros.j2,sha256=SLcQQ5X7TZS8j-2qP06BTXqdIcnwoYqTAaBLX2Dge7Y,390
 contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
 contentctl/output/templates/savedsearches_baselines.j2,sha256=WHZB4e0vmeym8832VxRmuUfDJ-YRYt6emcYaJrghI58,1709
-contentctl/output/templates/savedsearches_detections.j2,sha256=wMLRPr_N3PfPnp0rC7buKNGWcX2N6ulAAtD4SnDuq8M,5556
+contentctl/output/templates/savedsearches_detections.j2,sha256=2QqPIPt8TNIpOfNCbJAaFHOqE-u2DyKSYaWywDDZK_g,5558
 contentctl/output/templates/savedsearches_fbds.j2,sha256=iYjuEESKzSVyornnBfcR_JPafHHAlff_G2LeXQRGMzc,132
 contentctl/output/templates/savedsearches_investigations.j2,sha256=KH2r8SgyAMiettSHypSbA2-1XmQ_8_8xzk3BkbZ1Re4,1196
 contentctl/output/templates/server.conf.j2,sha256=sPZUkiuJNGm9R8rpjfRKyuAvmmQb0C4w9Q6hpmvmPeU,127
@@ -165,8 +165,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
 contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
 contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
 contentctl/templates/stories/cobalt_strike.yml,sha256=uj8idtDNOAIqpZ9p8usQg6mop1CQkJ5TlB4Q7CJdTIE,3082
-contentctl-5.5.11.dist-info/METADATA,sha256=B4PK_gn_ci0WmHDnWtmGPitFvMSToPqn2Qy5lWcw72Q,5144
-contentctl-5.5.11.dist-info/WHEEL,sha256=kJCRJT_g0adfAJzTx2GUMmS80rTJIVHRCfG0DQgLq3o,88
-contentctl-5.5.11.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
-contentctl-5.5.11.dist-info/licenses/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
-contentctl-5.5.11.dist-info/RECORD,,
+contentctl-5.5.13.dist-info/METADATA,sha256=cU0VqTKzYp-ncuQxHUWaJaQZqW8UKSDFIIWowEcqsaw,5144
+contentctl-5.5.13.dist-info/WHEEL,sha256=kJCRJT_g0adfAJzTx2GUMmS80rTJIVHRCfG0DQgLq3o,88
+contentctl-5.5.13.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-5.5.13.dist-info/licenses/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-5.5.13.dist-info/RECORD,,