Contentctl

Latest version: v5.1.0

Safety actively analyzes 715032 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 6 of 10

4.1.3

This patch release includes a single PR that fixes an issue with the generation of detections.json API file.
Please see this PR for details: https://github.com/splunk/contentctl/pull/188

4.1.2

This release includes:
1. Bug fix to how mode:changes works. Modified content could be missed when the path to that content contained the substring "dist": https://github.com/splunk/contentctl/pull/187
2. Preliminary support for `data_source` objects! These do not make it into files that are produced by `contentctl build` yet, but stay tuned for how these objects will be used and integrated more tightly! https://github.com/splunk/contentctl/pull/180

4.1.1

This is a small update which ensures that even if no detection are tested, a `test_results/summary.yml` file is still created.
This is important so that we still have a record of the test.

4.1.0

This includes a number of updates:

- a new workflow is included that tests contentctl by ensuring that the github.com/splunk/security_content repo can be contentctl build correctly without errors. Since this content should all be "correct" this is a good test of the contentctl tool
- a simple API is included so that objects can be parsed+loaded and tests can be run without needing to go through the command line interface.
- API Deploy functionality, which was experimental and allowed individual pieces of content to be deployed to an on-premises instance using the Splunk REST API, has been removed. This is because it ONLY supported deploying searches and macros. Since we cannot deploy other content, such as lookups or stories, we cannot guarantee that content will work as expected. This may be recreated with more robust, scalable support at a later date as it is a popular user request.
- Improved contentctl new workflow to fix errors and ensure that fields are written in the correct order.
- "CVE Enrichment" now only populates the url field of the CVE. This is used to link directly to the relevant NIST page and supports faster site build time. It also avoids using the CVESearch tool (and the circl.lu API which is frequently down or has extremely slow, multi-minute response times).
- Better filter_macro validation and detection of macros used in searches missing from the macros/ folder

4.0.5

This PR fixes a number of issues with:

- The directories automatically created during `contentctl init`
- The questions asked to create new detections and stories using `contentctl new`

Thank you to ljstella for the PR which fixed these issues: https://github.com/splunk/contentctl/pull/162

4.0.4

This release contains a minor update for how SSA files are generated for the BA platform.
It only affects internal Splunk Content and should not affect content written by other users.

Page 6 of 10

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.