Merge pull request #102 from splunk/ba_finding_fix

BA finding fix
splunk · Feb 12, 2024 · 923e44c · 923e44c
2 parents 933aa33 + 860be59
commit 923e44c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/contentctl/output/templates/finding_report.j2 b/contentctl/output/templates/finding_report.j2
@@ -3,7 +3,7 @@
     time = timestamp,
     evidence = {{ detection.tags.evidence_str }},
     message = "{{ detection.name }} has been triggered on " + device_hostname + " by " + {{ actor_user_name }} + ".",
-    users = [{"name": {{ actor_user_name }}, "uid": actor_user.uid}],
+    users = [{"name": {{ actor_user_name }}, "uuid": actor_user.uuid, "uid": actor_user.uid}],
     activity_id = 1,
     cis_csc = [{"control": "CIS 10", "version": 8}], 
     analytic_stories = {{ detection.tags.analytics_story_str }},
@@ -27,4 +27,4 @@
     start_time = timestamp,
     end_time = timestamp
   | fields metadata, rule, activity_id, analytic_stories, cis_csc, category_uid, class_name, class_uid, confidence, confidence_id, devices, duration, time, evidence, impact, impact_id, kill_chain, message, nist, observables, risk_level, risk_level_id, risk_score, severity_id, type_uid, users, start_time, end_time 
-  | into sink; 
+  | into sink;