v5.0.5

Fix appinspect issue caused by spaces in dashboard filenames

What's Changed

• fix dashboard file names by @pyth0n1c in #373

Full Changelog: v5.0.4...v5.0.5

v5.0.4

Create a new Dropdown menu called Dashboards showing dashboard objects that are part of your app

What's Changed

• Dashboards dropdown by @pyth0n1c in #372

Full Changelog: v5.0.3...v5.0.4

v5.0.3

This PR introduces new validation enforcements on tags.mitre_attack_id field. It is not longer possible to declare overlapping techniques and sub-techniques. For example, both T1000 and T1000.001 cannot be defined.
However, any combination of non-overlapping techniques and sub-techniques remains valid.

What's Changed

• Cleanup mitre actors and techniques by @pyth0n1c in #363

Full Changelog: v5.0.2...v5.0.3

v5.0.2

The following are some minor patch updates that improve output of appinspect (which now includes cloud, victoria, and classic tags) and adds a new optional field to data_source objects.

What's Changed

• Update appinspect flags by @pyth0n1c in #365
• Recognize by @josehelps in #366
• Adding output fields to data_source by @ljstella in #368

Full Changelog: v5.0.1...v5.0.2

v5.0.1

Because Risk and Threat Objects in the new "rba" section of detections are a set, and not a list, their serialization order to conf files was non-deterministic. contentctl build MUST produce deterministic outputs into conf files. This is important for enforcing versioning compliance.

We still treat these objects as a set internally, but when serializing we now sort the objects by a custom sort function to ensure that the serialization order does not change between invocations.

What's Changed

• deterministic output for rba dict by @pyth0n1c in #362

Full Changelog: v5.0.0...v5.0.1

v5.0.0

contentctl 5.0.0 initial release.
More details about this release will be published in the next 48 hours.

v5.0.0-alpha.3

Fixies a number of issues, most notably removing references to observables which are no longer used in the codebase. They have been superseded by the RBA object (which in turn has its own message, victim, and threat objects).
Some additional bugs were resolved around this removal and introduction of the new RBA field which happened in the first alpha.
Finally, some code cleanup (formatting and linting).

This is still a pre-release and not intended for public use at this time.

What's Changed

• lint fixes & formatting by @ljstella in #350
• removing code referencing observables by @ljstella in #352
• Fixes for 5.0.0a2 by @ljstella in #351
• Version bump for next alpha release by @ljstella in #354

Full Changelog: v5.0.0-alpha.2...v5.0.0-alpha.3

v5.0.0-alpha.2

This is still a prelease version and not intended for public use. It resolves :

1. issues around detecting lookups that have changed when running contentctl test mode:changes ...
2. resolves an error in the savedsearches_detections.j2 template where erroneous newlines may be inclued in savedsearches.conf
3. reverts to using splunk/splunk:9.3 (instead of splunk/splunk:latest, which presently installs splunk:9.4) due to an error in contentctl where contentctl test does not wait for all apps to install before beginning testing. This will be resolved in a future release.

What's Changed

• Bugfixes on 5.0.0-alpha by @ljstella in #349

Full Changelog: v5.0.0-alpha...v5.0.0-alpha.2

v5.0.0-alpha

There are a significant number of changes in this release and it is not intended for public use yet. This release is being done to enable testing of a number of different workflows in prep for a general release of contentctl 5.0. We DO NOT suggest using this release at this time.
When the non-alpha version of contentctl 5.0.0, we will give more detail about exactly what changes were made.

To indicate the state of this release, the following warning is printed every time contentctl is run:

WARNING - THIS IS AN ALPHA BUILD OF CONTENTCTL 5.
THERE HAVE BEEN NUMEROUS CHANGES IN CONTENTCTL (ESPECIALLY TO YML FORMATS).
YOU ALMOST CERTAINLY DO NOT WANT TO USE THIS BUILD.
IF YOU ENCOUNTER ERRORS, PLEASE USE THE LATEST CURRENTLY SUPPORTED RELEASE:

CONTENTCTL==4.4.7

YOU HAVE BEEN WARNED!

What's Changed

• Exception on extra fields by @pyth0n1c in #325
• Python 3.13 support by @ljstella in #302
• Remove use enum values by @pyth0n1c in #335
• GH Actions Matrix update by @ljstella in #340
• Update tyro requirement from ^0.8.3 to >=0.8.3,<0.10.0 by @dependabot in #341
• Improve lookup regex - Step 1 - ESCU 5.0 by @pyth0n1c in #274
• Migrate integration testing to RBA paradigm - Step 2 by @cmcginley-splunk in #345
• DRAFT: new RBA Object - Step 3 - ESCU 5.0 by @ljstella in #263
• First crack at default config for ruff - Step 3.5 - ESCU 5.0 by @ljstella in #254
• contentctl 5 - Step 4 - ESCU 5.0 by @pyth0n1c in #334

Full Changelog: v4.4.7...v5.0.0-alpha

v4.4.7

This resolves a bug which causes all contentctl operations to fail with Pydantic >= 2.10

What's Changed

• Pin Pydantic to Resolve Contentctl Bug by @pyth0n1c in #332

Full Changelog: v4.4.6...v4.4.7