Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Forbid extra fields in YMLs #208

Open
wants to merge 108 commits into
base: release_v4.2.0
Choose a base branch
from
Open

Forbid extra fields in YMLs #208

wants to merge 108 commits into from

Conversation

pyth0n1c
Copy link
Contributor

@pyth0n1c pyth0n1c commented Jul 27, 2024
edited
Loading

Add an extra, missing field to the lookup.py model called max_matches that was accidentally dropped. set extra='forbid' for SecurityContentObject

This PR is on hold pending significant, structural changes to Detection YMLs with respect to Risk Based Alterting (RBA) content:
#263

pyth0n1c and others added 6 commits May 15, 2024 14:59
@pyth0n1c
Code which still needs testing
6f982e7 
to enable ACS deployment.
reduce non-blocking warnings
thrown by appinspect api by
updating some automatically
generated app files.
@pyth0n1c
add proper access for sc_admin
1f7afd7 
to default.meta
@josehelps
renamed acs_deploy to deploy_acs
9caf4f0
@pyth0n1c
Merge branch 'main' into enable_acs_deploy
1c2ef2f
@pyth0n1c
Re-enable acs deployment
d5b08d4 
in contentctl.py.
Print out what is returned from
ACS, even on success.
@pyth0n1c
Add an extra, missing field to the lookup.py model called max_matches…
60b6e1b 
… that was accidentally dropped. set extra='forbid' for SecurityContentObject
@pyth0n1c pyth0n1c mentioned this pull request Jul 27, 2024
Open
@pyth0n1c
Copy link
Contributor Author

pyth0n1c commented Jul 27, 2024
edited
Loading

Note that the groups and context fields were temporarily added to the detection_tags object and will require some discussion. We may also need to update the contentctl new command to make sure no erroneous fields are written, like risk_score.

pyth0n1c and others added 4 commits September 17, 2024 16:30
@pyth0n1c
Merge branch 'main' into add_drilldown_support
72e3354
@ryanplasma
Merge branch 'main' into add_explanation
34d0ff6
@pyth0n1c
Add the possibility
9ba9300 
to automatically create
drilldowns. We will
likely remove this, but let's
keep it now for purposes
of discussion.
@pyth0n1c
Merge branch 'main' into add_explanation
3c5f9f0
patel-bhavin and others added 30 commits October 21, 2024 13:28
@patel-bhavin
still optional
d12a173
@patel-bhavin
default to devleop
f7204a1
@patel-bhavin
updating config
cc84524
@patel-bhavin
udpating toml
3c884d9
@pyth0n1c
Merge pull request #311 from splunk/release_notes_udpate
d4d7d9d 
add --compare_against flag to release_notes action
@pyth0n1c
remove "cloud" from the security_domain
0dad956 
enum
@pyth0n1c
Fix path to fetch a saved
6bcb875 
search by name. Without
fixing this path, integration
testing fails to find the search
and errors out.
@pyth0n1c
Fix path that was updated incorrectly. This path is used to find a sa…
b580278 
…ved search for scheduling to run during integtration testing. This bad path causes every integration test to fail.
@pyth0n1c
forgot to save before
c9dfa84 
committing. see
previous commit message.
@pyth0n1c
Merge pull request #316 from splunk/fix_savedsearches_path
f9bcd7e 
Fix savedsearches path issue
@pyth0n1c
Merge branch 'main' into fix_security_domain
98f9921
@pyth0n1c
Merge pull request #314 from splunk/fix_security_domain
35d8b82 
remove "cloud" from the security_domain enum
@ljstella
Merge branch 'main' into test_on_app_change
825d854
@pyth0n1c
Update pyproject.toml
81fa46e 
just bumping version for release
@pyth0n1c
Update pyproject.toml
7f5319e
@ljstella
Merge branch 'main' into test_on_app_change
89b8ad3
@ljstella
Ensure we print the right field
34ae585
@pyth0n1c
Merge branch 'main' into enable_acs_deploy
dd77dc6
@pyth0n1c
Merge pull request #146 from splunk/enable_acs_deploy
59a3d1c 
Enable acs deploy + appinspect warnings
@pyth0n1c
Update pyproject.toml
81db497 
bump version in prep for release
@ljstella
Merge branch 'main' into data_sources_clarification
45b3a87
@pyth0n1c
Merge pull request #324 from splunk/data_sources_clarification
3c733f1 
Ensure we print the right field for data_source
@ljstella
Merge branch 'main' into test_on_app_change
af0ff41
@pyth0n1c
Merge branch 'main' into exception_on_extra_fields
bbe5da8
@ljstella
Typing
4d9a831
@ljstella
Version bump
3c9395c
@pyth0n1c
Merge pull request #301 from splunk/test_on_app_change
b8b5c2d 
Testing on Datasource changes
@pyth0n1c
Merge branch 'main' into exception_on_extra_fields
b4a9217
@pyth0n1c
Move Baseline datamodel from YML field
ef7784d 
to computed_field
@pyth0n1c
make datamodel a computed
a27f790 
field for investigation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
PENDING OTHER CHANGES
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@pyth0n1c @josehelps @mathieugonzales @ljstella @ryanplasma @ax-hsmith @cmcginley-splunk @patel-bhavin