contentctl 5.5.9__py3-none-any.whl → 5.5.11__py3-none-any.whl

contentctl/actions/build.py

@@ -30,6 +30,7 @@ class Build:
             updated_conf_files.update(
                 conf_output.writeDetections(input_dto.director_output_dto.detections)
             )
+            updated_conf_files.update(conf_output.writeFbds())
             updated_conf_files.update(
                 conf_output.writeStories(input_dto.director_output_dto.stories)
             )

contentctl/objects/content_versioning_service.py

@@ -7,7 +7,14 @@ from functools import cached_property
 from typing import Any, Callable
 
 import splunklib.client as splunklib  # type: ignore
-from pydantic import BaseModel, Field, PrivateAttr, computed_field
+from pydantic import (
+    BaseModel,
+    Field,
+    PrivateAttr,
+    computed_field,
+    model_validator,
+)
+from semantic_version import Version
 from splunklib.binding import HTTPError, ResponseReader  # type: ignore
 from splunklib.data import Record  # type: ignore
 
@@ -21,6 +28,58 @@ ENABLE_LOGGING = False
 LOG_LEVEL = logging.DEBUG
 LOG_PATH = "content_versioning_service.log"
 
+# The app name of ES; needed to check ES version
+ES_APP_NAME = "SplunkEnterpriseSecuritySuite"
+
+
+class CMSEvent(BaseModel):
+    """
+    A model representing a CMS event. This is used to validate that detections have been installed
+    in a way that is compatible with content versioning.
+    """
+
+    content: str  # JSON string
+
+    # The app name of the detection
+    app_name: str
+
+    # The detection id of the detection
+    detection_id: str
+
+    # The version of the detection
+    version: str
+
+    # The saved search name of the detection
+    action_correlationsearch_label: str
+
+    @model_validator(mode="before")
+    @classmethod
+    def extract_from_content(cls, data):
+        """Extract fields from content JSON if not already provided"""
+        if isinstance(data, dict) and "content" in data:
+            try:
+                content_str = data.get("content")
+                parsed = json.loads(content_str)
+
+                # Extract metadata fields - note the key has dots in it
+                metadata_str = parsed.get("action.correlationsearch.metadata", {})
+                metadata = (
+                    json.loads(metadata_str)
+                    if isinstance(metadata_str, str)
+                    else metadata_str
+                )
+                data.setdefault("app_name", metadata.get("app_name"))
+                data.setdefault("detection_id", metadata.get("detection_id"))
+                data.setdefault("version", metadata.get("version"))
+                data.setdefault(
+                    "action_correlationsearch_label",
+                    parsed.get("action.correlationsearch.label"),
+                )
+            except (json.JSONDecodeError, AttributeError, KeyError, TypeError):
+                # If parsing fails, let Pydantic handle validation errors
+                raise ValueError("Failed to parse content JSON {}".format(data))
+        return data
+
 
 class ContentVersioningService(BaseModel):
     """
@@ -77,6 +136,47 @@ class ContentVersioningService(BaseModel):
             (self.validate_content_against_cms, "Validating Against CMS"),
         ]
 
+    @cached_property
+    def es_version(self) -> Version | None:
+        """
+        Returns the version of Enterprise Security installed on the instance; None if not installed.
+
+        :return: the version of ES, as a semver aware object
+        :rtype: :class:`semantic_version.Version`
+        """
+        if ES_APP_NAME not in self.service.apps:
+            return None
+        return Version(self.service.apps[ES_APP_NAME]["version"])  # type: ignore
+
+    @cached_property
+    def kvstore_content_versioning(self) -> bool:
+        """
+        Indicates whether we should test content versioning based on kvstore logic. Content versioning
+        should be tested with kvstore logic when ES is at least version 8.3.0.
+
+        :return: a bool indicating whether we should test content versioning with kvstore logic
+        :rtype: bool
+        """
+        es_version = self.es_version
+        return es_version is not None and es_version >= Version("8.3.0")
+
+    @cached_property
+    def indexbased_content_versioning(self) -> bool:
+        """
+        Indicates whether we should test content versioning based on indexbased logic. Content versioning
+        should be tested with indexbased logic when ES is less than version 8.3.0 but greater than or equal
+        to version 8.0.0.
+
+        :return: a bool indicating whether we should test content versioning with indexbased logic
+        :rtype: bool
+        """
+        es_version = self.es_version
+        return (
+            es_version is not None
+            and es_version >= Version("8.0.0")
+            and es_version < Version("8.3.0")
+        )
+
     def _query_content_versioning_service(
         self, method: str, body: dict[str, Any] = {}
     ) -> Record:
@@ -97,6 +197,17 @@ class ContentVersioningService(BaseModel):
 
         # Query the content versioning service
         try:
+            # TODO: The comment out section is for validating versioning is enabled and ready to go. The validation
+            # workflow (whether to be part of wait_for_cms_main or a separate function) is planed to be implemented
+            # in later contentctl-ng.
+            # API endpoint for checking versioning status after ES 8.3.0
+            # if method == "GET" and self.kvstore_content_versioning:
+            #     response = self.service.request(
+            #         method=method,
+            #         path_segment="content_versioning/versioning_apps",
+            #         app="SA-ContentVersioning",
+            #     )
+            # if self.indexbased_content_versioning:
             response = self.service.request(  # type: ignore
                 method=method,
                 path_segment="configs/conf-feature_flags/general",
@@ -141,6 +252,27 @@ class ContentVersioningService(BaseModel):
 
         # Find the versioning_activated field and report any errors
         try:
+            # TODO: The comment out section is for validating versioning is enabled and ready to go. The validation
+            # workflow (whether to be part of wait_for_cms_main or a separate function) is planed to be implemented
+            # in later contentctl-ng.
+            # Validating response by checking `status` field in `DA-ESS-ContentUpdate` app
+            # if self.kvstore_content_versioning:
+            #     if "content" in data:
+            #         for app in data["content"]:
+            #             if app.get("name") == "DA-ESS-ContentUpdate":
+            #                 # If there is error message versioning is not activated properly
+            #                 if "message" in app:
+            #                     return False
+
+            #                 # If the installed verion is not the same as the test version
+            #                 if app.get("version") != self.global_config.app.version:
+            #                     return False
+
+            #                 if app.get("status") == "active":
+            #                     return True
+            #     else:
+            #         return False
+            # if self.indexbased_content_versioning:
             for entry in data["entry"]:
                 if entry["name"] == "general":
                     return bool(int(entry["content"]["versioning_activated"]))
@@ -163,6 +295,18 @@ class ContentVersioningService(BaseModel):
             method="POST", body={"versioning_activated": True}
         )
 
+        # TODO: The comment out section is for validating versioning is enabled and ready to go. The validation
+        # workflow (whether to be part of wait_for_cms_main or a separate function) is planed to be implemented
+        # in later contentctl-ng.
+        # The versioning is expected to be ready within 10 minutes
+        # if self.kvstore_content_versioning:
+        #     timeout = 600
+        #     while not self.is_versioning_activated:
+        #         time.sleep(60)
+        #         timeout -= 60
+        #         if timeout <= 0:
+        #             break
+
         # Confirm versioning has been enabled
         if not self.is_versioning_activated:
             raise Exception(
@@ -173,23 +317,6 @@ class ContentVersioningService(BaseModel):
             f"[{self.infrastructure.instance_name}] Versioning service successfully activated"
         )
 
-    @computed_field
-    @cached_property
-    def cms_fields(self) -> list[str]:
-        """
-        Property listing the fields we want to pull from the cms_main index
-
-        :returns: a list of strings, the fields we want
-        :rtype: list[str]
-        """
-        return [
-            "app_name",
-            "detection_id",
-            "version",
-            "action.correlationsearch.label",
-            "sourcetype",
-        ]
-
     @property
     def is_cms_parser_enabled(self) -> bool:
         """
@@ -292,16 +419,37 @@ class ContentVersioningService(BaseModel):
             )
 
         # Construct the query looking for CMS events matching the content app name
-        query = (
-            f"search index=cms_main sourcetype=stash_common_detection_model "
-            f'app_name="{self.global_config.app.appid}" | fields {", ".join(self.cms_fields)}'
-        )
+        if self.kvstore_content_versioning:
+            query = (
+                f"| inputlookup cms_content_lookup | search app_name={self.global_config.app.appid}"
+                f"| fields content"
+            )
+        elif self.indexbased_content_versioning:
+            query = (
+                f"search index=cms_main sourcetype=stash_common_detection_model "
+                f'app_name="{self.global_config.app.appid}" | fields _raw'
+            )
+        else:
+            if self.kvstore_content_versioning:
+                raise Exception(
+                    f"Unable to perform search to cms_content_lookup in ES version {self.es_version}"
+                )
+            elif self.indexbased_content_versioning:
+                raise Exception(
+                    f"Unable to perform search to cms_main index in ES version {self.es_version}"
+                )
+            else:
+                raise Exception(
+                    f"Unable to determine content versioning method for ES version {self.es_version}. "
+                    "Expected ES version >= 8.0.0."
+                )
         self.logger.debug(
             f"[{self.infrastructure.instance_name}] Query on cms_main: {query}"
         )
 
         # Get the job as a blocking operation, set the cache, and return
         self._cms_main_job = self.service.search(query, exec_mode="blocking")  # type: ignore
+
         return self._cms_main_job
 
     def get_num_cms_events(self, use_cache: bool = False) -> int:
@@ -375,8 +523,13 @@ class ContentVersioningService(BaseModel):
                 # Increment the offset for each result
                 offset += 1
 
+                if self.kvstore_content_versioning:
+                    cms_event = CMSEvent(content=cms_event["content"])
+                elif self.indexbased_content_versioning:
+                    cms_event = CMSEvent(content=cms_event["_raw"])
+
                 # Get the name of the search in the CMS event
-                cms_entry_name = cms_event["action.correlationsearch.label"]
+                cms_entry_name = cms_event.action_correlationsearch_label
                 self.logger.info(
                     f"[{self.infrastructure.instance_name}] {offset}: Matching cms_main entry "
                     f"'{cms_entry_name}' against detections"
@@ -456,14 +609,14 @@ class ContentVersioningService(BaseModel):
         )
 
     def validate_detection_against_cms_event(
-        self, cms_event: dict[str, Any], detection: Detection
+        self, cms_event: CMSEvent, detection: Detection
     ) -> Exception | None:
         """
         Given an event from the cms_main index and the matched detection, compare fields and look
         for any inconsistencies
 
         :param cms_event: The event from the cms_main index
-        :type cms_event: dict[str, Any]
+        :type cms_event: CMSEvent
         :param detection: The matched detection
         :type detection: :class:`contentctl.objects.detection.Detection`
 
@@ -472,17 +625,18 @@ class ContentVersioningService(BaseModel):
         """
         # TODO (PEX-509): validate additional fields between the cms_event and the detection
 
-        cms_uuid = uuid.UUID(cms_event["detection_id"])
+        cms_uuid = uuid.UUID(cms_event.detection_id)
         rule_name_from_detection = detection.get_action_dot_correlationsearch_dot_label(
             self.global_config.app
         )
 
+        cms_entry_name = cms_event.action_correlationsearch_label
+
         # Compare the correlation search label
-        if cms_event["action.correlationsearch.label"] != rule_name_from_detection:
+        if cms_entry_name != rule_name_from_detection:
             msg = (
                 f"[{self.infrastructure.instance_name}][{detection.name}]: Correlation search "
-                f"label in cms_event ('{cms_event['action.correlationsearch.label']}') does not "
-                "match detection name"
+                f"label in cms_event ('{cms_entry_name}') does not match detection name"
             )
             self.logger.error(msg)
             return Exception(msg)
@@ -494,12 +648,12 @@ class ContentVersioningService(BaseModel):
             )
             self.logger.error(msg)
             return Exception(msg)
-        elif cms_event["version"] != f"{detection.version}.1":
+        elif cms_event.version != f"{detection.version}.1":
             # Compare the versions (we append '.1' to the detection version to be in line w/ the
             # internal representation in ES)
             msg = (
                 f"[{self.infrastructure.instance_name}] [{detection.name}]: Version in cms_event "
-                f"('{cms_event['version']}') does not match version in detection "
+                f"('{cms_event.version}') does not match version in detection "
                 f"('{detection.version}.1')"
             )
             self.logger.error(msg)

contentctl/objects/correlation_search.py

@@ -91,8 +91,8 @@ class ScheduleConfig(StrEnum):
     Configuraton values for the saved search schedule
     """
 
-    EARLIEST_TIME = "-5y@y"
-    LATEST_TIME = "-1m@m"
+    EARLIEST_TIME = "0"
+    LATEST_TIME = "now"
     CRON_SCHEDULE = "0 0 1 1 *"
 
 

contentctl/output/conf_output.py

@@ -110,6 +110,67 @@ class ConfOutput:
             )
         return written_files
 
+    def writeFbds(self) -> set[pathlib.Path]:
+        written_files: set[pathlib.Path] = set()
+
+        # Path to the static FBD configuration file
+        fbd_config_path = self.config.path / "static_configs" / "savedsearches_fbd.conf"
+
+        if not fbd_config_path.exists():
+            # If the file doesn't exist, just return empty set - no FBDs to write
+            print("No FBD configuration file found; skipping FBD writing to conf.")
+            return written_files
+        print(f"Reading FBD configuration from {fbd_config_path}")
+
+        # Read and parse the FBD configuration file
+        fbd_stanzas = self._parse_fbd_config_file(fbd_config_path)
+
+        if fbd_stanzas:  # Only write if there are actual stanzas
+            written_files.add(
+                ConfWriter.writeConfFile(
+                    pathlib.Path("default/savedsearches.conf"),
+                    "savedsearches_fbds.j2",
+                    self.config,
+                    fbd_stanzas,
+                )
+            )
+
+        return written_files
+
+    def _parse_fbd_config_file(self, file_path: pathlib.Path) -> list:
+        """Parse the FBD configuration file into individual stanza objects."""
+        stanzas = []
+        current_stanza_lines = []
+
+        with open(file_path, "r", encoding="utf-8") as f:
+            for line in f:
+                stripped_line = line.strip()
+
+                # Skip comment lines (lines starting with # after stripping whitespace)
+                if stripped_line.startswith("#"):
+                    continue
+
+                # If we hit a blank line and have accumulated stanza content, finalize the current stanza
+                if not stripped_line:
+                    if current_stanza_lines:
+                        stanza_content = "\n".join(current_stanza_lines)
+                        stanza_obj = type(
+                            "FbdStanza", (), {"content": stanza_content}
+                        )()
+                        stanzas.append(stanza_obj)
+                        current_stanza_lines = []
+                    continue
+
+                # Accumulate non-empty, non-comment lines for the current stanza
+                current_stanza_lines.append(line.rstrip())
+        # Handle the last stanza if the file doesn't end with a blank line
+        if current_stanza_lines:
+            stanza_content = "\n".join(current_stanza_lines)
+            stanza_obj = type("FbdStanza", (), {"content": stanza_content})()
+            stanzas.append(stanza_obj)
+
+        return stanzas
+
     def writeStories(self, objects: list[Story]) -> set[pathlib.Path]:
         written_files: set[pathlib.Path] = set()
         written_files.add(

contentctl/output/templates/savedsearches_detections.j2

@@ -1,10 +1,15 @@
 ### {{app.label}} DETECTIONS ###
 
+[default]
+disabled = 1
+description = "This search was removed in a previous release, or is otherwise not present."
+search = | makeresults | eval text = "This search was removed in a previous release, or is otherwise not present."
+
 {% for detection in objects %}
 [{{ detection.get_conf_stanza_name(app) }}]
 action.escu = 0
 action.escu.enabled = 1
-description = {{ detection.status_aware_description | escapeNewlines() }} 
+description = {{ detection.status_aware_description | escapeNewlines() }}
 action.escu.mappings = {{ detection.mappings | tojson }}
 action.escu.data_models = {{ detection.datamodel | tojson }}
 action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }}

contentctl/output/templates/savedsearches_fbds.j2

@@ -0,0 +1,9 @@
+
+
+### {{app.label}} FBDS ###
+
+{% for fbd_stanza in objects %}
+{{ fbd_stanza.content }}
+
+{% endfor %}
+### END {{app.label}} FBDS ###

contentctl/templates/app_template/metadata/default.meta

@@ -6,18 +6,9 @@ export = system
 [savedsearches]
 owner = admin
 
-## Correlation Searches
-[correlationsearches]
-access = read : [ * ], write : [ * ]
-
-[governance]
-access = read : [ * ], write : [ * ]
-
-## Managed Configurations
-[managed_configurations]
-access = read : [ * ], write : [ * ]
-
-## Postprocess
-[postprocess]
-access = read : [ * ], write : [ * ]
-
+## DO NOT EXPORT THE [default] stanza, and the [default] stanza alone.
+## Because this comes later in the default.meta file, it overrides the
+## export = system for [] above.
+## We MAY want to consider change the access, like making this stanza read-only or similar
+[savedsearches/default]
+export = none

{contentctl-5.5.9.dist-info → contentctl-5.5.11.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: contentctl
-Version: 5.5.9
+Version: 5.5.11
 Summary: Splunk Content Control Tool
 License: Apache 2.0
 License-File: LICENSE.md

{contentctl-5.5.9.dist-info → contentctl-5.5.11.dist-info}/RECORD

@@ -1,5 +1,5 @@
 contentctl/__init__.py,sha256=kUR5RAFc7HCeiqdlX36dZOHkUI5wI6V_43RpEcD8b-0,22
-contentctl/actions/build.py,sha256=C95i2MhxHkNJb9IdVp_MnRtuoowXxc5Gu-0xK24JEeU,4036
+contentctl/actions/build.py,sha256=q4TakZm1Kcurvr9yIrZ54VxNOmNSgJoVK5I8q1Iu2Qk,4099
 contentctl/actions/deploy_acs.py,sha256=TtDIrpZm3mMNpbs8yaritnS-kLPnOtJ2T2M9r2QwKL0,3263
 contentctl/actions/detection_testing/DetectionTestingManager.py,sha256=zdJM_4LP31PlexLdoaKLf_XBrVFoGBwpVm566uAO1d4,10965
 contentctl/actions/detection_testing/GitService.py,sha256=sp2ZyV_gpyTjonh48obNzbCC1LDni8F2nN7ZPn2LqnY,11333
@@ -44,8 +44,8 @@ contentctl/objects/baseline.py,sha256=EMcuz_9sVgOFh3YCj871GSAA6v3FIkRTf90-LAHq-J
 contentctl/objects/baseline_tags.py,sha256=SkGlsfigaARss3itHOgWnKhRDEB6NX8bMhfovrBUmhk,1609
 contentctl/objects/config.py,sha256=la0mUk1183ZD0gav7bGekhJxj4AOjn8hF5p7jwNqdhM,57938
 contentctl/objects/constants.py,sha256=VwwQtJBGC_zb3ukjb3A7P0CwAlyhacWiXczwAW5Jiog,5466
-contentctl/objects/content_versioning_service.py,sha256=BDk_TV1PTVoXpPcUxqTLa5_bjkfOs9PFYgqTuzOS9UI,20566
-contentctl/objects/correlation_search.py,sha256=rcgO0jIJgSFFOR3JXeQLwab4RZuChQOYhoGDurcHXkQ,51062
+contentctl/objects/content_versioning_service.py,sha256=KZs0DRo5AX6TzVIUDvlTiYKaKB6nZqx1WPko9-JLqP0,27341
+contentctl/objects/correlation_search.py,sha256=cTFpdcBXmQ9AhOkNK2EK4xOafsIRktsJKNVy4e1WAns,51056
 contentctl/objects/dashboard.py,sha256=wdNCIC1MExvpsB_EyPY9ZDo9Xu9V5WDI6wkunW0fTdk,4995
 contentctl/objects/data_source.py,sha256=O58GArXVlflz3dCtVOn96Ubyi5_ekSC1N9LuveQNws4,2019
 contentctl/objects/deployment.py,sha256=OctNayxFPRvrQtTklAKgfjCXFKOspD19swLj0hi6dWE,3323
@@ -94,7 +94,7 @@ contentctl/objects/unit_test_result.py,sha256=69VEAmajeRnWIdl6Xc90LU6hboEjJI9szF
 contentctl/output/api_json_output.py,sha256=AwuXFVzg3bY0DUsYaEGM73LAr9mJ5nxkOmUdVJgTzRs,8563
 contentctl/output/attack_nav_output.py,sha256=-zK9zxBFWQooLjfLeCJaKARemA1BhoiEYLYYT2Or9PQ,7088
 contentctl/output/attack_nav_writer.py,sha256=AiQU3q8hzz_lJECI-sjyqOsWx64HUugg3aAHEeZl-qM,2750
-contentctl/output/conf_output.py,sha256=eoDbqadndEnURr0IpY7cYVsEAkKPaaxg6cuHvn3I0Nw,11039
+contentctl/output/conf_output.py,sha256=lWEGKETO-d59_UyNEMqvXiYi92Mm5zn37RzywLdQNJ8,13575
 contentctl/output/conf_writer.py,sha256=3bo_VIFH3Qd96LLaYFJ1uwYQQW0UFPB0Rf3Bs9_N2W4,15110
 contentctl/output/doc_md_output.py,sha256=jHOiuO8IWQ4adR0ekj-Af0JI9XhOGI-zYfKqV34f5Vw,3551
 contentctl/output/jinja_writer.py,sha256=k3yVRnz8KnboodME09oTHkP_54uF-YUGiKuJHZ9XTxo,1205
@@ -124,7 +124,8 @@ contentctl/output/templates/header.j2,sha256=3usV7jm1q6J-QNnQrZzII9cN0XEGQjg_eVK
 contentctl/output/templates/macros.j2,sha256=SLcQQ5X7TZS8j-2qP06BTXqdIcnwoYqTAaBLX2Dge7Y,390
 contentctl/output/templates/panel.j2,sha256=Cw_W6p-14n6UivVfpS75KKJiJ2VpdGsSBceYsUYe9gk,221
 contentctl/output/templates/savedsearches_baselines.j2,sha256=WHZB4e0vmeym8832VxRmuUfDJ-YRYt6emcYaJrghI58,1709
-contentctl/output/templates/savedsearches_detections.j2,sha256=xb4G7ikTD89cK7FF2TxwuFO1t9AQ43-DmT2LaemUMP4,5326
+contentctl/output/templates/savedsearches_detections.j2,sha256=wMLRPr_N3PfPnp0rC7buKNGWcX2N6ulAAtD4SnDuq8M,5556
+contentctl/output/templates/savedsearches_fbds.j2,sha256=iYjuEESKzSVyornnBfcR_JPafHHAlff_G2LeXQRGMzc,132
 contentctl/output/templates/savedsearches_investigations.j2,sha256=KH2r8SgyAMiettSHypSbA2-1XmQ_8_8xzk3BkbZ1Re4,1196
 contentctl/output/templates/server.conf.j2,sha256=sPZUkiuJNGm9R8rpjfRKyuAvmmQb0C4w9Q6hpmvmPeU,127
 contentctl/output/templates/transforms.j2,sha256=TEKZi8DWpcCysRTNvuLEgAwx-g1SZ2E0CkLiu6v6AlU,1339
@@ -143,7 +144,7 @@ contentctl/templates/app_template/default/data/ui/views/escu_summary.xml,sha256=
 contentctl/templates/app_template/default/data/ui/views/feedback.xml,sha256=uM71EMK2uFz8h68nOTNKGnYxob3HhE_caSL6yA-3H-k,696
 contentctl/templates/app_template/default/use_case_library.conf,sha256=zWuCOOl8SiP7Kit2s-de4KRu3HySLtBSXcp1QnJx0ec,168
 contentctl/templates/app_template/lookups/mitre_enrichment.csv,sha256=tifPQjFoQHtvpb78hxSP2fKHnHeehNbZDwUjdvc0aEM,66072
-contentctl/templates/app_template/metadata/default.meta,sha256=h66ea1l3qMzDRgDUAXsJvGKeJnp5w-s2unYMZ9dJLzM,433
+contentctl/templates/app_template/metadata/default.meta,sha256=JUcThUfajDTW3ZrybyD9ILCThnNIRTcoezdFzpRZV-c,446
 contentctl/templates/app_template/static/appIcon.png,sha256=jcJ1PNdkBX7Kl_y9Tf0SZ55OJYA2PpwjvkVvBt9_OoE,3658
 contentctl/templates/app_template/static/appIconAlt.png,sha256=uRXjoHQQjs0-BxcK-3KNBEdck1adDNTHMvV14xR4W0g,2656
 contentctl/templates/app_template/static/appIconAlt_2x.png,sha256=I0m-CPRqq7ak9NJQZGGmz6Ac4pmzFV_SonOUxOEDOFs,7442
@@ -164,8 +165,8 @@ contentctl/templates/detections/web/.gitkeep,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRk
 contentctl/templates/macros/security_content_ctime.yml,sha256=Gg1YNllHVsX_YB716H1SJLWzxXZEfuJlnsgB2fuyoHU,159
 contentctl/templates/macros/security_content_summariesonly.yml,sha256=9BYUxAl2E4Nwh8K19F3AJS8Ka7ceO6ZDBjFiO3l3LY0,162
 contentctl/templates/stories/cobalt_strike.yml,sha256=uj8idtDNOAIqpZ9p8usQg6mop1CQkJ5TlB4Q7CJdTIE,3082
-contentctl-5.5.9.dist-info/METADATA,sha256=8ZwdE3ebeS0SOmQfVLWKQnkxVfhCfnS24PAYVNaAiKI,5143
-contentctl-5.5.9.dist-info/WHEEL,sha256=zp0Cn7JsFoX2ATtOhtaFYIiE2rmFAD4OcMhtUki8W3U,88
-contentctl-5.5.9.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
-contentctl-5.5.9.dist-info/licenses/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
-contentctl-5.5.9.dist-info/RECORD,,
+contentctl-5.5.11.dist-info/METADATA,sha256=B4PK_gn_ci0WmHDnWtmGPitFvMSToPqn2Qy5lWcw72Q,5144
+contentctl-5.5.11.dist-info/WHEEL,sha256=kJCRJT_g0adfAJzTx2GUMmS80rTJIVHRCfG0DQgLq3o,88
+contentctl-5.5.11.dist-info/entry_points.txt,sha256=5bjZ2NkbQfSwK47uOnA77yCtjgXhvgxnmCQiynRF_-U,57
+contentctl-5.5.11.dist-info/licenses/LICENSE.md,sha256=hQWUayRk-pAiOZbZnuy8djmoZkjKBx8MrCFpW-JiOgo,11344
+contentctl-5.5.11.dist-info/RECORD,,

{contentctl-5.5.9.dist-info → contentctl-5.5.11.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 2.2.1
+Generator: poetry-core 2.3.1
 Root-Is-Purelib: true
 Tag: py3-none-any