Contentctl

The most signifcant change in this release is that instead of emitting a **WARNING** that a non-existent DataSource is referenced by a detection, we now emit an **ERROR** which causes a validation failure.

What's Changed
* README + Docs Rewrite by ljstella in https://github.com/splunk/contentctl/pull/360
* Convert warning for missing datasource to an error by pyth0n1c in https://github.com/splunk/contentctl/pull/375


**Full Changelog**: https://github.com/splunk/contentctl/compare/v5.0.5...v5.1.0

Fix appinspect issue caused by spaces in dashboard filenames

What's Changed
* fix dashboard file names by pyth0n1c in https://github.com/splunk/contentctl/pull/373


**Full Changelog**: https://github.com/splunk/contentctl/compare/v5.0.4...v5.0.5

Create a new Dropdown menu called Dashboards showing dashboard objects that are part of your app

What's Changed
* Dashboards dropdown by pyth0n1c in https://github.com/splunk/contentctl/pull/372


**Full Changelog**: https://github.com/splunk/contentctl/compare/v5.0.3...v5.0.4

This PR introduces new validation enforcements on tags.mitre_attack_id field. It is not longer possible to declare overlapping techniques and sub-techniques. For example, both T1000 and T1000.001 cannot be defined.
However, any combination of non-overlapping techniques and sub-techniques remains valid.

What's Changed
* Cleanup mitre actors and techniques by pyth0n1c in https://github.com/splunk/contentctl/pull/363


**Full Changelog**: https://github.com/splunk/contentctl/compare/v5.0.2...v5.0.3

The following are some minor patch updates that improve output of appinspect (which now includes cloud, victoria, and classic tags) and adds a new optional field to data_source objects.

What's Changed
* Update appinspect flags by pyth0n1c in https://github.com/splunk/contentctl/pull/365
* Recognize by josehelps in https://github.com/splunk/contentctl/pull/366
* Adding output fields to data_source by ljstella in https://github.com/splunk/contentctl/pull/368


**Full Changelog**: https://github.com/splunk/contentctl/compare/v5.0.1...v5.0.2

Because Risk and Threat Objects in the new "rba" section of detections are a set, and not a list, their serialization order to conf files was non-deterministic. `contentctl build` MUST produce deterministic outputs into conf files. This is important for enforcing versioning compliance.

We still treat these objects as a set internally, but when serializing we now sort the objects by a custom sort function to ensure that the serialization order does not change between invocations.

What's Changed
* deterministic output for rba dict by pyth0n1c in https://github.com/splunk/contentctl/pull/362


**Full Changelog**: https://github.com/splunk/contentctl/compare/v5.0.0...v5.0.1