splunk/contentctl

Issues

• Error validating test apps: 'version'

  #295 opened 2 months ago by Res260
  1

• Allow for "Next Steps".

  #294 opened 2 months ago by 0xMishee
  0

• content_test.yml is gone, can not set new docker ports

  #292 opened 2 months ago by irichmondge
  0

• Consider deploying sphinx for autodocs

  #286 opened 3 months ago by cmcginley-splunk
  1

• Add `inspect` to the CI/CD jobs

  #287 opened 3 months ago by cmcginley-splunk
  0

• Refactor to allow consistent inspect and testing of the build produced in earlier stages

  #282 opened 3 months ago by cmcginley-splunk
  1

• Allow Splunkbase or Private Apps in Versioning Checking

  #283 opened 3 months ago by pyth0n1c
  0

• Extend Conf Parsing to KV Parsing

  #285 opened 3 months ago by pyth0n1c
  0

• Move app downloads to common directory

  #284 opened 3 months ago by pyth0n1c
  0

• improve validation of risk_message fields

  #279 opened 3 months ago by patel-bhavin
  0

• Import content from conf files

  #275 opened 3 months ago by pyth0n1c
  1

• Webhook action support

  #273 opened 3 months ago by 0xC0FFEEEE
  0

• Email action support

  #272 opened 3 months ago by 0xC0FFEEEE
  0

• Actively Test Baselines

  #269 opened 3 months ago by pyth0n1c
  0

• Validate `manual_test` has length > 0 if not `None`

  #268 opened 3 months ago by cmcginley-splunk
  0

• Align test reporting more closely w/ status enums (as it related to "untested")

  #267 opened 3 months ago by cmcginley-splunk
  0

• Disable `use_enum_values`

  #266 opened 3 months ago by cmcginley-splunk
  0

• Create macros for detections by default

  #183 opened 3 months ago by 0xC0FFEEEE
  3

• Detection - analytic story must exist in content pack

  #265 opened 3 months ago by 0xC0FFEEEE
  2

• Detection - known_false_positives should support a list

  #264 opened 3 months ago by 0xC0FFEEEE
  2

• Example config stanzas and YML templates

  #262 opened 3 months ago by 0xC0FFEEEE
  0

• Map our observable types to more than user/system

  #259 opened 3 months ago by cmcginley-splunk
  1

• Document how to include lookups in contentctl content packs

  #258 opened 3 months ago by Res260
  0

• Refactor and re-enable per-field validation of risk events

  #252 opened 3 months ago by cmcginley-splunk
  0

• Refactor the `risk` property of `detection_abstract` to handle observable/risk/threat mappings more transparently

  #247 opened 3 months ago by cmcginley-splunk
  1

• Add validation and matching of threat objects to observables

  #251 opened 3 months ago by cmcginley-splunk
  0

• Re-enable and refactor code that validates the specific counts of each risk event matched to each observable

  #250 opened 3 months ago by cmcginley-splunk
  0

• Add a pydantic validator to ensure observable names are unique in `detection.tags.observable`

  #249 opened 3 months ago by cmcginley-splunk
  0

• Refactor risk/notable querying to pin to a single savedsearch ID

  #248 opened 3 months ago by cmcginley-splunk
  0

• The "User Name" type should map to a "user" risk object and not "other"

  #246 opened 3 months ago by cmcginley-splunk
  0

• Question: how to test existing detections?

  #242 opened 3 months ago by cb13579
  0

• AttributeError: 'IntegrationTest' object has no attribute 'attack_data'

  #237 opened 4 months ago by Res260
  2

• Remove "anomalous_usage_of_7zip.yml" from `contentctl init`

  #236 opened 4 months ago by Res260
  0

• Remove Use of Deprecated @validator

  #232 opened 4 months ago by pyth0n1c
  0

• Tune and complete risk/observable matching feature

  #231 opened 4 months ago by cmcginley-splunk
  0

• Add more testing metrics in test results summary

  #230 opened 4 months ago by cmcginley-splunk
  0

• Make risk/notable cleanup happen after interactive pausing

  #229 opened 4 months ago by cmcginley-splunk
  0

• Consider reusing instances of CorrelationSearch across multiple tests for the same detection

  #228 opened 4 months ago by cmcginley-splunk
  0

• Consolidate duplicate code between unit and integration testing routines

  #227 opened 4 months ago by cmcginley-splunk
  0

• Investigate better defaults for earliest/latest for integration testing

  #226 opened 4 months ago by cmcginley-splunk
  0

• Add validation which enforces the presence of an exception when status is `ERROR`

  #225 opened 4 months ago by cmcginley-splunk
  0

• Enforce distinct test names

  #224 opened 4 months ago by cmcginley-splunk
  0

• Investigate better ways to handle the typing of `baseline.tags.detections`

  #223 opened 4 months ago by cmcginley-splunk
  0

• Create a model for OCSF mappings in detection_tags

  #221 opened 4 months ago by cmcginley-splunk
  0

• Breakup Lookup into two separate classes

  #220 opened 4 months ago by cmcginley-splunk
  0

• Updated security domains

  #195 opened 4 months ago by dluxtron
  0

• [small issue] dead links in README

  #186 opened 5 months ago by Res260
  2

• Enterprise Security Roles Do not Exist Error

  #184 opened 5 months ago by pyth0n1c
  0

• Ability to Build a Set of Detections Filtered by Tag

  #182 opened 5 months ago by ryanplasma
  0

• Deployment and Feature Questions

  #181 opened 5 months ago by bg-csaa
  0