-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exception on extra fields #325
Conversation
… that was accidentally dropped. set extra='forbid' for SecurityContentObject
… should not be in the yml
to computed_field
field for investigation
pydantic object definitions.
Just updated this with main- if you want to temporarily run the Just pass it your security_content branch, and then after a full run of green, feel free to take it out. |
new template. Added drilldowns, if appropriate, and made the link to attack_data set invalid, so that if it is not updated it fails validation. This prevents an incorrect attack_data from failing silently.
temporarily, to test against relevant updated content
repo reference
Bump version of contentctl to v4.5.0 in prep for release.
repeatable value when a field has not been updated. Provide more context for enum fields as to what can be set. Finally, throw an error during YML read if an un-UPDATED field still exists in any of the YMLs.
Remove extra pair of quotes from new detection template
version to resolve bug in our code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for merging to a staging branch
Throw an exception if extra fields are included in YML files.
This results is much cleaner files and catching typos in field names.
Note that this removed
datamodel
field frmo some files in favor of making it a computed_field, as it has been for some time for detections.The following security_content PR fixes outstanding issues with content and should be merged first: splunk/security_content#3202
This PR also significantly cleans up the code for the
contentctl new
workflow.