From 45f4c93a6218865d4e7f5a333597f2c3e255c6f7 Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Fri, 12 Jul 2024 13:11:35 -0500
Subject: [PATCH 1/2] Adding tags.mitre_attack_id{} back for SSE

---
 contentctl/objects/detection_tags.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/contentctl/objects/detection_tags.py b/contentctl/objects/detection_tags.py
index 73849de6..d7c42852 100644
--- a/contentctl/objects/detection_tags.py
+++ b/contentctl/objects/detection_tags.py
@@ -31,7 +31,7 @@ def risk_score(self)->int:
         return round((self.confidence * self.impact)/100)
     
     
-    mitre_attack_id: List[Annotated[str, Field(pattern="^T\d{4}(.\d{3})?$")]] = []
+    mitre_attack_id: List[Annotated[str, Field(pattern="^T[0-9]{4}(.[0-9]{3})?$")]] = []
     nist: list[NistCategory] = []
     observable: List[Observable] = []
     message: Optional[str] = Field(...)
@@ -138,6 +138,7 @@ def serialize_model(self):
             "risk_score": self.risk_score,
             "security_domain": self.security_domain,
             "risk_severity": self.risk_severity,
+            "mitre_attack_ids": self.mitre_attack_id,
             "mitre_attack_enrichments": self.mitre_attack_enrichments
         }
     
@@ -248,4 +249,4 @@ def mapAtomicGuidsToAtomicTests(cls, v:List[UUID4], info:ValidationInfo)->List[A
             print(missing_tests_string)
 
         return matched_tests + [AtomicTest.AtomicTestWhenTestIsMissing(test) for test in missing_tests]
-    
\ No newline at end of file
+    

From 0d2d4304a9a8787d10da150a34e0f011fc056275 Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Fri, 12 Jul 2024 13:40:15 -0500
Subject: [PATCH 2/2] Tweak name to match

---
 contentctl/objects/detection_tags.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contentctl/objects/detection_tags.py b/contentctl/objects/detection_tags.py
index d7c42852..87667c29 100644
--- a/contentctl/objects/detection_tags.py
+++ b/contentctl/objects/detection_tags.py
@@ -138,7 +138,7 @@ def serialize_model(self):
             "risk_score": self.risk_score,
             "security_domain": self.security_domain,
             "risk_severity": self.risk_severity,
-            "mitre_attack_ids": self.mitre_attack_id,
+            "mitre_attack_id": self.mitre_attack_id,
             "mitre_attack_enrichments": self.mitre_attack_enrichments
         }