Contentctl

Latest version: v4.4.6

Safety actively analyzes 681812 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 8

4.4.6

contentctl does not yet support Python 3.13. This was not reflected in the pyproject.toml and thus Pypi.
This release updates the compatibility here and on Pypi. At this time, contentctl supports Python 3.11 and 3.12.

Look for Python 3.13 support in an upcoming release!

What's Changed
* don't declare py3.13 compat by ljstella in https://github.com/splunk/contentctl/pull/329


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.4.5...v4.4.6

4.4.5

Ensure that when testing using `mode:changes`, updates to an underlying data_source object used by a detection mean that the detections which reference it must be retested.

What's Changed
* Ensure we print the right field for data_source by ljstella in https://github.com/splunk/contentctl/pull/324
* Testing on Datasource changes by ljstella in https://github.com/splunk/contentctl/pull/301


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.4.4...v4.4.5

4.4.4

This addresses a number of appinspect warnings and enables deploying via appinspect.


What's Changed
* Enable acs deploy + appinspect warnings by pyth0n1c in https://github.com/splunk/contentctl/pull/146


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.4.3...v4.4.4

4.4.3

This fixes a serious problem that caused all integration testing to fail due to an incorrect path used for scheduling a savedsearch.
There may still be some testing issues with this release, but this is definitely more correct than previously.

This supercedes 4.4.2 which had a bug where the version was not updated in pyproject.toml, meaning that the upload to Pypi failed.

What's Changed
* Fix savedsearches path issue by pyth0n1c in https://github.com/splunk/contentctl/pull/316
* remove "cloud" from the security_domain enum by pyth0n1c in https://github.com/splunk/contentctl/pull/314


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.4.1...v4.4.3

4.4.1

Update CLI release_notes workflow for a bit more control on the branch we diff against to generate those notes. Previously, we could only diff against a tag.

What's Changed
* add --compare_against flag to release_notes action by patel-bhavin in https://github.com/splunk/contentctl/pull/311


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.4.0...v4.4.1

4.4.0

Most notably, we now include support for

- Dashboard Objects - Dashboards can now be defined as content in the dashboards/ folder after creating a new app! These dashboards should be created in Splunk by creating a Simple XML Dashboard. Go to the "View Source" button when editing your dashboard to extract the JSON that represents that dashboard. Each dashboard is represented by a YML file and this JSON file (the JSON file should have the same name as the YML file. You can see some example dashboards that ESCU ships here: https://github.com/splunk/security_content/tree/develop/dashboards

- Drilldown Searches: Production searches which are NOT `type: Hunting` are now required to have two Drilldown searches. These now render in the Enterprise Security UI and make triaging and investigating your alerts much easier. For some example Drilldowns, please refer here: https://github.com/splunk/contentctl/blob/cfda377c6887e28e02bb1798382ac0070b7983c2/contentctl/templates/detections/endpoint/anomalous_usage_of_7zip.yml#L32-L40

- Throttling/Alert Suppression: In order to avoid too many alerts being generated in a given time frame, we have added support for Throttling/Alert Suppression on a per detection basis. Please refer to the inline documentation here for more information to:https://github.com/splunk/contentctl/blob/main/contentctl/objects/throttling.py . Splunk provides more information about throttling here: https://docs.splunk.com/Documentation/Splunk/9.3.1/Alert/ThrottleAlerts . An example throttling section of your Detection YML, under the "tags" section, looks like:


throttling:
period: 3600s time period to throttle
fields: name,host fields to throttle on


What's Changed
* Allow absent tests for experimental detections by linuxdaemon in https://github.com/splunk/contentctl/pull/36
* Update new content generator with new formats by linuxdaemon in https://github.com/splunk/contentctl/pull/44
* Handle stopped containers in testing by linuxdaemon in https://github.com/splunk/contentctl/pull/42
* Customer prs 1 by pyth0n1c in https://github.com/splunk/contentctl/pull/86
* Fix error on missing roles by pyth0n1c in https://github.com/splunk/contentctl/pull/190
* Add fields as requested by pyth0n1c in https://github.com/splunk/contentctl/pull/169
* Add UI dispatch app by pyth0n1c in https://github.com/splunk/contentctl/pull/145
* Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<72.0.0 by dependabot in https://github.com/splunk/contentctl/pull/196
* Handling when a user does not answer one of the questions by yaleman in https://github.com/splunk/contentctl/pull/189
* Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<72.0.0 by dependabot in https://github.com/splunk/contentctl/pull/202
* Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<72.0.0 by dependabot in https://github.com/splunk/contentctl/pull/205
* Handling the case where there are no tests by yaleman in https://github.com/splunk/contentctl/pull/198
* No tests fix by pyth0n1c in https://github.com/splunk/contentctl/pull/207
* Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<73.0.0 by dependabot in https://github.com/splunk/contentctl/pull/209
* Add Alert Suppression (throttling) support to detections by pyth0n1c in https://github.com/splunk/contentctl/pull/192
* Dashboard Support by pyth0n1c in https://github.com/splunk/contentctl/pull/147
* Fix name length by pyth0n1c in https://github.com/splunk/contentctl/pull/213
* improve output of risk severity field. by pyth0n1c in https://github.com/splunk/contentctl/pull/191
* contentctl v4.4.0 by pyth0n1c in https://github.com/splunk/contentctl/pull/179
* Ryanplasma add explanation by pyth0n1c in https://github.com/splunk/contentctl/pull/296
* Add type_list to annotations by pyth0n1c in https://github.com/splunk/contentctl/pull/293
* Fix datasource in contentctl new by pyth0n1c in https://github.com/splunk/contentctl/pull/297
* Optionally suppress missing detections during metadata validation by pyth0n1c in https://github.com/splunk/contentctl/pull/305
* Update xmltodict requirement from ^0.13.0 to >=0.13,<0.15 by dependabot in https://github.com/splunk/contentctl/pull/304
* Exception on malformatted unit tests in YMLs by pyth0n1c in https://github.com/splunk/contentctl/pull/300
* Refactoring for formatting and some logical error correction by cmcginley-splunk in https://github.com/splunk/contentctl/pull/308
* Mathieugonzales: replace deprecated pydantic validators by pyth0n1c in https://github.com/splunk/contentctl/pull/298
* Drilldown Support by pyth0n1c in https://github.com/splunk/contentctl/pull/256
* Allow testing with the default or custom_index by ax-hsmith in https://github.com/splunk/contentctl/pull/307
* Add more custom indexes by pyth0n1c in https://github.com/splunk/contentctl/pull/309

New Contributors
* yaleman made their first contribution in https://github.com/splunk/contentctl/pull/189
* ax-hsmith made their first contribution in https://github.com/splunk/contentctl/pull/307

**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.3.5...v4.4.0

Page 1 of 8

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.