Skip to content

Commit

Permalink
Merge pull request #297 from splunk/contentctl_data_source_from_enum
Browse files Browse the repository at this point in the history
Fix datasource in contentctl new
  • Loading branch information
pyth0n1c authored Sep 26, 2024
2 parents dde564b + a609c03 commit 5488ca6
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 55 deletions.
44 changes: 4 additions & 40 deletions contentctl/input/new_content_questions.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from typing import Any
from contentctl.objects.enums import DataSource


class NewContentQuestions:
Expand Down Expand Up @@ -48,46 +49,9 @@ def get_questions_detection(cls) -> list[dict[str,Any]]:
'type': 'checkbox',
'message': 'Your data source',
'name': 'data_source',
'choices': [
"OSQuery ES Process Events",
"Powershell 4104",
"Sysmon Event ID 1",
"Sysmon Event ID 3",
"Sysmon Event ID 5",
"Sysmon Event ID 6",
"Sysmon Event ID 7",
"Sysmon Event ID 8",
"Sysmon Event ID 9",
"Sysmon Event ID 10",
"Sysmon Event ID 11",
"Sysmon Event ID 13",
"Sysmon Event ID 15",
"Sysmon Event ID 20",
"Sysmon Event ID 21",
"Sysmon Event ID 22",
"Sysmon Event ID 23",
"Windows Security 4624",
"Windows Security 4625",
"Windows Security 4648",
"Windows Security 4663",
"Windows Security 4688",
"Windows Security 4698",
"Windows Security 4703",
"Windows Security 4720",
"Windows Security 4732",
"Windows Security 4738",
"Windows Security 4741",
"Windows Security 4742",
"Windows Security 4768",
"Windows Security 4769",
"Windows Security 4771",
"Windows Security 4776",
"Windows Security 4781",
"Windows Security 4798",
"Windows Security 5136",
"Windows Security 5145",
"Windows System 7045"
]
#In the future, we should dynamically populate this from the DataSource Objects we have parsed from the data_sources directory
'choices': sorted(DataSource._value2member_map_ )

},
{
"type": "text",
Expand Down
30 changes: 15 additions & 15 deletions contentctl/objects/enums.py
Original file line number Diff line number Diff line change
Expand Up @@ -197,21 +197,21 @@ class KillChainPhase(str, enum.Enum):
class DataSource(str,enum.Enum):
OSQUERY_ES_PROCESS_EVENTS = "OSQuery ES Process Events"
POWERSHELL_4104 = "Powershell 4104"
SYSMON_EVENT_ID_1 = "Sysmon Event ID 1"
SYSMON_EVENT_ID_10 = "Sysmon Event ID 10"
SYSMON_EVENT_ID_11 = "Sysmon Event ID 11"
SYSMON_EVENT_ID_13 = "Sysmon Event ID 13"
SYSMON_EVENT_ID_15 = "Sysmon Event ID 15"
SYSMON_EVENT_ID_20 = "Sysmon Event ID 20"
SYSMON_EVENT_ID_21 = "Sysmon Event ID 21"
SYSMON_EVENT_ID_22 = "Sysmon Event ID 22"
SYSMON_EVENT_ID_23 = "Sysmon Event ID 23"
SYSMON_EVENT_ID_3 = "Sysmon Event ID 3"
SYSMON_EVENT_ID_5 = "Sysmon Event ID 5"
SYSMON_EVENT_ID_6 = "Sysmon Event ID 6"
SYSMON_EVENT_ID_7 = "Sysmon Event ID 7"
SYSMON_EVENT_ID_8 = "Sysmon Event ID 8"
SYSMON_EVENT_ID_9 = "Sysmon Event ID 9"
SYSMON_EVENT_ID_1 = "Sysmon EventID 1"
SYSMON_EVENT_ID_3 = "Sysmon EventID 3"
SYSMON_EVENT_ID_5 = "Sysmon EventID 5"
SYSMON_EVENT_ID_6 = "Sysmon EventID 6"
SYSMON_EVENT_ID_7 = "Sysmon EventID 7"
SYSMON_EVENT_ID_8 = "Sysmon EventID 8"
SYSMON_EVENT_ID_9 = "Sysmon EventID 9"
SYSMON_EVENT_ID_10 = "Sysmon EventID 10"
SYSMON_EVENT_ID_11 = "Sysmon EventID 11"
SYSMON_EVENT_ID_13 = "Sysmon EventID 13"
SYSMON_EVENT_ID_15 = "Sysmon EventID 15"
SYSMON_EVENT_ID_20 = "Sysmon EventID 20"
SYSMON_EVENT_ID_21 = "Sysmon EventID 21"
SYSMON_EVENT_ID_22 = "Sysmon EventID 22"
SYSMON_EVENT_ID_23 = "Sysmon EventID 23"
WINDOWS_SECURITY_4624 = "Windows Security 4624"
WINDOWS_SECURITY_4625 = "Windows Security 4625"
WINDOWS_SECURITY_4648 = "Windows Security 4648"
Expand Down

0 comments on commit 5488ca6

Please sign in to comment.