Merge pull request #415 from splunk/macro_additions

pyth0n1c · web-flow · commit 06d84c1d5240 · 2025-06-13T08:57:08.000-07:00
Adding new macro &amp; lookup exceptions
diff --git a/contentctl/objects/lookup.py b/contentctl/objects/lookup.py
@@ -65,6 +65,13 @@
 # Special case for the Detection "Exploit Public Facing Application via Apache Commons Text"
 LOOKUPS_TO_IGNORE.add("=")
 LOOKUPS_TO_IGNORE.add("other_lookups")
+LOOKUPS_TO_IGNORE.add(
+    "asn_lookup_by_cidr"
+)  # Provided by SA-ThreatIntelligence, part of Enterprise Security
+
+LOOKUPS_TO_IGNORE.add(
+    "mitre_attack_lookup"
+)  # KVStore provided by SA-ThreatIntelligence, part of Enterprise Security
 
 
 class Lookup_Type(StrEnum):
diff --git a/contentctl/objects/macro.py b/contentctl/objects/macro.py
@@ -26,6 +26,7 @@
 )  # SA-ThreatIntelligence, part of Enterprise Security
 MACROS_TO_IGNORE.add("cim_corporate_web_domain_search")  # Part of CIM/Splunk_SA_CIM
 # MACROS_TO_IGNORE.add("prohibited_processes")
+MACROS_TO_IGNORE.add("globedistance")  # Part of SA-Utils, part of Enterprise Security
 
 
 class Macro(SecurityContentObject):
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 [tool.poetry]
 name = "contentctl"
 
-version = "5.5.4"
+version = "5.5.5"
 
 description = "Splunk Content Control Tool"
 authors = ["STRT <research@splunk.com>"]
