contentctl v4.4.0 #179
Merged
contentctl v4.4.0 #179
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This means a failed container will no longer hang the test command
This is consistent with the validation check that allows no tests if status=experimental
Updated validator for "tests" so that it always runs, even if no tests are provided. without adding always=True, it fails to catch missing tests. Also, ensure that we run against the .value of the enumeration, not the enum object itself. This is required since The Pydantic config use_enum_values = True
Allow absent tests for experimental detections
Update new content generator with new formats
Handle stopped containers in testing
templates. Write the proper name of the app into the request.ui_dispatch_app values of savedsearches detections, baselines, and investigations. Other jinja2 changes are to cope with passing in the entire app object, not just the APP_NAME (which was actually the app.label field).
dashboards as first-class SecurityContentObjects.
ui_dispatch_app as SplunkEnterpriseSecuritySuite
Resolve some merge conflicts.
that the description and name fields, if present in the YML, are identical to those which MUST be included in ther JSON object.
Note that some of these fixes have already been made separately.
Customer prs 1
es is not installed and we are not doing an es integration test
it is now calculated using the risk score
Fix error on missing roles
Add fields as requested Internal testing has confirmed that these changes are correct.
incorrectly. Change from throttling to alert_suppression since that is the name used in splunk+documentation. Update template to output the field if it is defined.
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
pyth0n1c
commented
Sep 18, 2024
ljstella
reviewed
Sep 19, 2024
| self.get_conn().roles.post( | ||
| self.infrastructure.splunk_app_username, | ||
| imported_roles=imported_roles + enterprise_security_roles, | ||
| imported_roles=roles, |
contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructureContainer.py
Show resolved
Hide resolved
contentctl/objects/abstract_security_content_objects/detection_abstract.py
Outdated
Show resolved
Hide resolved
with colleague.
of Detections, Baselines, and Investigations/Response Tasks Properly written to the conf files.
|
With the latest pushes, I have manually DIFFED the conf files and the API JSON files and believe they are correct. |
fix bug with informational searches having wrong output (info) written to savedsearches.conf
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Prep for release v4.2This branch has been remapped to
4.3.4.4.04.2
willcontained only the release version of the data_source implementation