v4.3.2

What's Changed

• add support for the entire mitre group metadata by @pyth0n1c in #253

Full Changelog: v4.3.1...v4.3.2

v4.3.1

Improve checking against observables. These changes ensure that Threat Objects and Risk Objects are created correctly.

What's Changed

• Threat objects by @ljstella in #234
• New observable role enum by @ljstella in #243
• Update setuptools requirement from >=69.5.1,<73.0.0 to >=69.5.1,<74.0.0 by @dependabot in #245

Full Changelog: v4.3.0...v4.3.1

v4.3.0

This change removes code and references to SSA as they are not applicable to external users.

What's Changed

• Update readme by @pyth0n1c in #244
• Remove SSA specific code by @P4T12ICK in #219

Full Changelog: v4.2.5...v4.3.0

v4.2.5

A number of small improvements from internal and community PRs. See the "What's Changed" below for details.

What's Changed

• Add a launcher to contentctl.py to allow easier debugging and launchi… by @Res260 in #212
• Update attackcti requirement from ^0.3.7 to >=0.3.7,<0.5.0 by @dependabot in #214
• Update on naming for the repo readme vs app readme by @pyth0n1c in #235
• Hotfix: Bumping integration testing timeout to compensate for recent bugfix by @cmcginley-splunk in #240

Full Changelog: v4.2.4...v4.2.5

v4.2.4

This change includes extended validation of the message: field of a detection when using --enable-integration-testing flag for contentctl test. This is mostly used for internal Splunk testing at this time.

It also now includes validation of DataSource Objects to ensure that the latest TA version is declared for each Data Source.

Finally, @Res260 made a contribution to get contentctl test working on Windows by fixing a path issue. Thanks!

What's Changed

• Update setuptools requirement from >=69.5.1,<71.0.0 to >=69.5.1,<73.0.0 by @dependabot in #215
• Tweaks to Data Source Validation by @pyth0n1c in #218
• Add latest TA version validation by @P4T12ICK in #216
• Allow contentctl test to work on Windows by fixing a path problem. by @Res260 in #217
• Addressed Casey's Feedback by @pyth0n1c in #222
• Adding risk message validation++ by @cmcginley-splunk in #92

New Contributors

• @Res260 made their first contribution in #217

Full Changelog: v4.2.2...v4.2.4

v4.2.2

This update adds a new "missing" lookup to ignore as it is used by some detections in the latest release of security_content / ESCU.
It also removes the optional words Deprecated/Experimental/RIR from action.correlationsearch.label field in savedsearches.conf. This could cause labels which are too long and provide poor experience in Enterprise Security.

What's Changed

• SA Admon lookup exclusion by @patel-bhavin in #210
• make labels a bit shorter by @pyth0n1c in #211

Full Changelog: v4.2.1...v4.2.2

v4.2.1

What's Changed

• updating error handling on selected testing by @patel-bhavin in #206

Full Changelog: v4.2.0...v4.2.1

v4.2.0

What's Changed

• Data Source Integration Improvements by @pyth0n1c in #203
• better data source handling by @P4T12ICK in #193

These changes now make use of the updates DataSource objects introduced in the follow PR: splunk/security_content#3049

Full Changelog: v4.1.5...v4.2.0

v4.1.5

This PR introduces a fix where unused files in the lookups directory, such as CSV or MLMODEL files that
are no longer referenced by a Lookup YML, could be included in the build of an app.
It also now ensures that CSV referenced by a lookup are syntactically valid CSV.

It also fixes a bug that caused contentctl test mode:changes to fail when an mlmodel file had been updated in the lookups directory.

What's Changed

• Fix mlmodel changes bug by @pyth0n1c in #199
• Parse and validate CSV files by @pyth0n1c in #200

Full Changelog: v4.1.4...v4.1.5

v4.1.4

What's Changed

• Removing usage_searches.conf by @ljstella in #197
• Remove extra field by @ljstella in #201

Full Changelog: v4.1.3...v4.1.4