Merge pull request #160 from splunk/ssa_build_improvements

Improved SSA build process

contentctl/output/finding_report_writer.py

@@ -59,9 +59,9 @@ def writeFindingReport(detection : SSADetection) -> None:
             detection.tags.risk_level = "Critical"  
 
         evidence_str = "{"
-        for i in range(len(detection.tags.observable)):            
-            evidence_str = evidence_str + '"' + detection.tags.observable[i]["name"] + '": ' + detection.tags.observable[i]["name"].replace(".", "_")
-            if not i == (len(detection.tags.observable) - 1):
+        for i in range(len(detection.tags.required_fields)):            
+            evidence_str = evidence_str + '"' + detection.tags.required_fields[i] + '": ' + detection.tags.required_fields[i].replace(".", "_")
+            if not i == (len(detection.tags.required_fields) - 1):
                 evidence_str = evidence_str + ', '
 
         evidence_str = evidence_str + ', "sourceType": metadata.source_type, "source": metadata.source}'        

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "contentctl"
-version = "4.0.3"
+version = "4.0.4"
 description = "Splunk Content Control Tool"
 authors = ["STRT <[email protected]>"]
 license = "Apache 2.0"