Update new content generator with new formats

contentctl/input/new_content_generator.py

@@ -4,7 +4,7 @@
 from dataclasses import dataclass
 from datetime import datetime
 
-from contentctl.objects.enums import SecurityContentType
+from contentctl.objects.enums import DetectionStatus, SecurityContentType
 from contentctl.input.new_content_questions import NewContentQuestions
 
 
@@ -32,17 +32,18 @@ def execute(self, input_dto: NewContentGeneratorInputDto) -> None:
             self.output_dto.obj['name'] = answers['detection_name']
             self.output_dto.obj['id'] = str(uuid.uuid4())
             self.output_dto.obj['version'] = 1
+            self.output_dto.obj['status'] = DetectionStatus.experimental.value
             self.output_dto.obj['date'] = datetime.today().strftime('%Y-%m-%d')
             self.output_dto.obj['author'] = answers['detection_author']
             self.output_dto.obj['type'] = answers['detection_type']
             self.output_dto.obj['datamodel'] = answers['datamodels']
-            self.output_dto.obj['datamodel'] = answers['datamodels']
             self.output_dto.obj['description'] = 'UPDATE_DESCRIPTION'   
             file_name = self.output_dto.obj['name'].replace(' ', '_').replace('-','_').replace('.','_').replace('/','_').lower()
             self.output_dto.obj['search'] = answers['detection_search'] + ' | `' + file_name + '_filter`'
             self.output_dto.obj['how_to_implement'] = 'UPDATE_HOW_TO_IMPLEMENT'
             self.output_dto.obj['known_false_positives'] = 'UPDATE_KNOWN_FALSE_POSITIVES'            
             self.output_dto.obj['references'] = ['REFERENCE']
+            self.output_dto.obj['data_source'] = ['UPDATE']
             self.output_dto.obj['tags'] = dict()
             self.output_dto.obj['tags']['analytic_story'] = ['UPDATE_STORY_NAME']
             self.output_dto.obj['tags']['asset_type'] = 'UPDATE asset_type'

contentctl/output/new_content_yml_output.py

@@ -14,18 +14,14 @@ def __init__(self, output_path:str):
     def writeObjectNewContent(self, object: dict, type: SecurityContentType) -> None:
         if type == SecurityContentType.detections:
             file_path = os.path.join(self.output_path, 'detections', self.convertNameToFileName(object['name'], object['tags']['product']))
-            test_obj = {}
-            test_obj['name'] = object['name'] + ' Unit Test'
-            test_obj['tests'] = [
+            object['tests'] = [
                 {
                     'name': object['name'],
-                    'file': self.convertNameToFileName(object['name'],object['tags']['product']),
                     'pass_condition': '| stats count | where count > 0',
                     'earliest_time': '-24h',
                     'latest_time': 'now',
                     'attack_data': [
                         {
-                            'file_name': 'UPDATE',
                             'data': 'UPDATE',
                             'source': 'UPDATE',
                             'sourcetype': 'UPDATE',
@@ -34,12 +30,10 @@ def writeObjectNewContent(self, object: dict, type: SecurityContentType) -> None
                     ]
                 }
             ]
-            file_path_test = os.path.join(self.output_path, 'tests', self.convertNameToTestFileName(object['name'], object['tags']['product']))
-            YmlWriter.writeYmlFile(file_path_test, test_obj)
             #object.pop('source')
             YmlWriter.writeYmlFile(file_path, object)
             print("Successfully created detection " + file_path)
-        
+
         elif type == SecurityContentType.stories:
             file_path = os.path.join(self.output_path, 'stories', self.convertNameToFileName(object['name'], object['tags']['product']))
             YmlWriter.writeYmlFile(file_path, object)