Contentctl

A number of small improvements from internal and community PRs. See the "What's Changed" below for details.

What's Changed
* Add a launcher to contentctl.py to allow easier debugging and launchi… by Res260 in https://github.com/splunk/contentctl/pull/212
* Update attackcti requirement from ^0.3.7 to >=0.3.7,<0.5.0 by dependabot in https://github.com/splunk/contentctl/pull/214
* Update on naming for the repo readme vs app readme by pyth0n1c in https://github.com/splunk/contentctl/pull/235
* Hotfix: Bumping integration testing timeout to compensate for recent bugfix by cmcginley-splunk in https://github.com/splunk/contentctl/pull/240


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.4...v4.2.5

This change includes extended validation of the `message:` field of a detection when using `--enable-integration-testing` flag for `contentctl test`. This is mostly used for internal Splunk testing at this time.

It also now includes validation of DataSource Objects to ensure that the latest TA version is declared for each Data Source.

Finally, Res260 made a contribution to get `contentctl test` working on Windows by fixing a path issue. Thanks!



What's Changed
* Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<73.0.0 by dependabot in https://github.com/splunk/contentctl/pull/215
* Tweaks to Data Source Validation by pyth0n1c in https://github.com/splunk/contentctl/pull/218
* Add latest TA version validation by P4T12ICK in https://github.com/splunk/contentctl/pull/216
* Allow `contentctl test` to work on Windows by fixing a path problem. by Res260 in https://github.com/splunk/contentctl/pull/217
* Addressed Casey's Feedback by pyth0n1c in https://github.com/splunk/contentctl/pull/222
* Adding risk message validation++ by cmcginley-splunk in https://github.com/splunk/contentctl/pull/92

New Contributors
* Res260 made their first contribution in https://github.com/splunk/contentctl/pull/217

**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.2...v4.2.4

This update adds a new "missing" lookup to ignore as it is used by some detections in the latest release of security_content / ESCU.
It also removes the optional words Deprecated/Experimental/RIR from action.correlationsearch.label field in savedsearches.conf. This could cause labels which are too long and provide poor experience in Enterprise Security.

What's Changed
* SA Admon lookup exclusion by patel-bhavin in https://github.com/splunk/contentctl/pull/210
* make labels a bit shorter by pyth0n1c in https://github.com/splunk/contentctl/pull/211


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.1...v4.2.2

What's Changed
* updating error handling on selected testing by patel-bhavin in https://github.com/splunk/contentctl/pull/206


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.2.0...v4.2.1

What's Changed
* Data Source Integration Improvements by pyth0n1c in https://github.com/splunk/contentctl/pull/203
* better data source handling by P4T12ICK in https://github.com/splunk/contentctl/pull/193

These changes now make use of the updates DataSource objects introduced in the follow PR: https://github.com/splunk/security_content/pull/3049


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.1.5...v4.2.0

This PR introduces a fix where unused files in the lookups directory, such as CSV or MLMODEL files that
are no longer referenced by a Lookup YML, could be included in the build of an app.
It also now ensures that CSV referenced by a lookup are syntactically valid CSV.

It also fixes a bug that caused `contentctl test mode:changes` to fail when an mlmodel file had been updated in the lookups directory.

What's Changed
* Fix mlmodel changes bug by pyth0n1c in https://github.com/splunk/contentctl/pull/199
* Parse and validate CSV files by pyth0n1c in https://github.com/splunk/contentctl/pull/200


**Full Changelog**: https://github.com/splunk/contentctl/compare/v4.1.4...v4.1.5