Releases: splunk/contentctl
v3.1.0
Add Integration Testing
Integration Testing has been added to ensure proper creation of notables/observables in Splunk Enterprise Security.
This is an advanced feature which can be enabled with on the command line via contentctl test --enable_integration_testing. If doing so, please ensure that Splunk Enterprise Security is installed in your environment.
A number of additional stability and internal improvements were made to enable this change. Each test now runs a UNIT TEST and an INTEGRATION TEST. In the default behavior (without using --enable_integration_testing) these tests will appear as skipped.
In the near future, more verbose documentation will be published around the use of this feature.
Thank you to @cmcginley-splunk for his excellent work on these updates!
Contributors
Assets 2
v3.0.2
v3.0.1
contentctl new support
In addition to a handful of bugfixes, we are introducing support for creating NEW detections and stories automatically at the command line. This resolves the following issue reported by @m0n3yspider :
#66
These changes are based on a PR by @0xC0FFEEEE - thank you for your support!
#83
Contributors
Assets 2
v3.0.0
Release v3.0.0 brings the output of contentctl into parity with the legacy tooling in https://github.com/splunk/security_content
This version of contentctl is now used to generate the Enterprise Security Content Update App (ESCU) for Public Release!
https://splunkbase.splunk.com/app/3449
v2.0.1
This release removes splunk-appinspect from the tool in order to fix a bug with an issue with an underlying library (PyYAML):
yaml/pyyaml#724
v2.0.0
Version 2.0.0 In preparation for .conf23
Includes a large number of changes. Most notably, this changes moves toward security_content_4.0 format which moves tests into detections. There is no longer a tests folder, just detections (and tests appear at the end).
There were also updates to contentctl.yml and the creation of a contentctl_test.yml that allows significant customization of test workflow.