contentctl 5.5.11__tar.gz → 5.5.13__tar.gz

{contentctl-5.5.11 → contentctl-5.5.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: contentctl
-Version: 5.5.11
+Version: 5.5.13
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 License-File: LICENSE.md

{contentctl-5.5.11 → contentctl-5.5.13}/contentctl/objects/content_versioning_service.py

@@ -7,13 +7,7 @@ from functools import cached_property
 from typing import Any, Callable
 
 import splunklib.client as splunklib  # type: ignore
-from pydantic import (
-    BaseModel,
-    Field,
-    PrivateAttr,
-    computed_field,
-    model_validator,
-)
+from pydantic import BaseModel, Field, PrivateAttr, computed_field, model_validator
 from semantic_version import Version
 from splunklib.binding import HTTPError, ResponseReader  # type: ignore
 from splunklib.data import Record  # type: ignore
@@ -422,12 +416,14 @@ class ContentVersioningService(BaseModel):
         if self.kvstore_content_versioning:
             query = (
                 f"| inputlookup cms_content_lookup | search app_name={self.global_config.app.appid}"
-                f"| fields content"
+                "| fields content | spath input=content "
+                "| search action.correlationsearch.detection_type=ebd | fields content"
             )
         elif self.indexbased_content_versioning:
             query = (
-                f"search index=cms_main sourcetype=stash_common_detection_model "
-                f'app_name="{self.global_config.app.appid}" | fields _raw'
+                "search index=cms_main sourcetype=stash_common_detection_model "
+                f'app_name="{self.global_config.app.appid}" '
+                "action.correlationsearch.detection_type=ebd | fields _raw"
             )
         else:
             if self.kvstore_content_versioning:

{contentctl-5.5.11 → contentctl-5.5.13}/contentctl/output/templates/savedsearches_detections.j2

@@ -1,15 +1,16 @@
-### {{app.label}} DETECTIONS ###
-
 [default]
 disabled = 1
 description = "This search was removed in a previous release, or is otherwise not present."
 search = | makeresults | eval text = "This search was removed in a previous release, or is otherwise not present."
 
+### {{app.label}} DETECTIONS ###
+
+
 {% for detection in objects %}
 [{{ detection.get_conf_stanza_name(app) }}]
 action.escu = 0
 action.escu.enabled = 1
-description = {{ detection.status_aware_description | escapeNewlines() }}
+description = {{ detection.status_aware_description | escapeNewlines() }} 
 action.escu.mappings = {{ detection.mappings | tojson }}
 action.escu.data_models = {{ detection.datamodel | tojson }}
 action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }}

{contentctl-5.5.11 → contentctl-5.5.13}/pyproject.toml

@@ -1,7 +1,7 @@
 [tool.poetry]
 name = "contentctl"
 
-version = "5.5.11"
+version = "5.5.13"
 
 description = "Splunk Content Control Tool"
 authors = ["STRT <research@splunk.com>"]