[BUG] alert.suppress parameter is locked in by the Splunk GUI (ES Content Management)

### **Describe the bug**
When a detection which has throttling enabled, is edited with ES Content Management, the value for `alert.suppress` will be set to `1`, instead to `true` which the jinja2 template sets [here](https://github.com/splunk/contentctl/blob/093d75b2cd18ee84aa80b6a9ab38fe8a830f8ce0/contentctl/output/templates/savedsearches_detections.j2#L82C1-L82C22).

As a result, the parameter is set in local/savedsearches.conf which locks why further updates that might come through default/savedsearches.conf, using DaC methodology.

### **Expected behavior**
`contentctl` should follow the "preferences" of whatever the Spunk GUI wants to set.

### **contentctl Version:**
v5.5.9

### **ES Version:**
v7.3.4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[BUG] alert.suppress parameter is locked in by the Splunk GUI (ES Content Management) #452

Describe the bug

Expected behavior

contentctl Version:

ES Version:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[BUG] alert.suppress parameter is locked in by the Splunk GUI (ES Content Management) #452

Description

Describe the bug

Expected behavior

contentctl Version:

ES Version:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions