Contentctl

What's Changed
* add support for the entire mitre group metadata by pyth0n1c in https://github.com/splunk/contentctl/pull/253


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.3.1...v4.3.2

Improve checking against observables. These changes ensure that Threat Objects and Risk Objects are created correctly.

What's Changed
* Threat objects by ljstella in https://github.com/splunk/contentctl/pull/234
* New observable role enum by ljstella in https://github.com/splunk/contentctl/pull/243
* Update setuptools requirement from >=69.5.1,<73.0.0 to >=69.5.1,<74.0.0 by dependabot in https://github.com/splunk/contentctl/pull/245


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.3.0...v4.3.1

This change removes code and references to SSA as they are not applicable to external users.
What's Changed
* Update readme by pyth0n1c in https://github.com/splunk/contentctl/pull/244
* Remove SSA specific code by P4T12ICK in https://github.com/splunk/contentctl/pull/219


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.5...v4.3.0

A number of small improvements from internal and community PRs. See the "What's Changed" below for details.

What's Changed
* Add a launcher to contentctl.py to allow easier debugging and launchi… by Res260 in https://github.com/splunk/contentctl/pull/212
* Update attackcti requirement from ^0.3.7 to >=0.3.7,<0.5.0 by dependabot in https://github.com/splunk/contentctl/pull/214
* Update on naming for the repo readme vs app readme by pyth0n1c in https://github.com/splunk/contentctl/pull/235
* Hotfix: Bumping integration testing timeout to compensate for recent bugfix by cmcginley-splunk in https://github.com/splunk/contentctl/pull/240


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.4...v4.2.5

This change includes extended validation of the `message:` field of a detection when using `--enable-integration-testing` flag for `contentctl test`. This is mostly used for internal Splunk testing at this time.

It also now includes validation of DataSource Objects to ensure that the latest TA version is declared for each Data Source.

Finally, Res260 made a contribution to get `contentctl test` working on Windows by fixing a path issue. Thanks!



What's Changed
* Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<73.0.0 by dependabot in https://github.com/splunk/contentctl/pull/215
* Tweaks to Data Source Validation by pyth0n1c in https://github.com/splunk/contentctl/pull/218
* Add latest TA version validation by P4T12ICK in https://github.com/splunk/contentctl/pull/216
* Allow `contentctl test` to work on Windows by fixing a path problem. by Res260 in https://github.com/splunk/contentctl/pull/217
* Addressed Casey's Feedback by pyth0n1c in https://github.com/splunk/contentctl/pull/222
* Adding risk message validation++ by cmcginley-splunk in https://github.com/splunk/contentctl/pull/92

New Contributors
* Res260 made their first contribution in https://github.com/splunk/contentctl/pull/217

**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.2...v4.2.4

This update adds a new "missing" lookup to ignore as it is used by some detections in the latest release of security_content / ESCU.
It also removes the optional words Deprecated/Experimental/RIR from action.correlationsearch.label field in savedsearches.conf. This could cause labels which are too long and provide poor experience in Enterprise Security.

What's Changed
* SA Admon lookup exclusion by patel-bhavin in https://github.com/splunk/contentctl/pull/210
* make labels a bit shorter by pyth0n1c in https://github.com/splunk/contentctl/pull/211


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.1...v4.2.2