Merge branch 'main' into pydantic2.

resolve minor merge conflicts

Author: pyth0n1c

contentctl/objects/abstract_security_content_objects/detection_abstract.py

@@ -51,7 +51,6 @@ class Detection_Abstract(SecurityContentObject):
     # https://docs.pydantic.dev/latest/concepts/unions/#left-to-right-mode
     # https://github.com/pydantic/pydantic/issues/9101#issuecomment-2019032541
     tests: List[Annotated[Union[UnitTest, IntegrationTest], Field(union_mode='left_to_right')]] = []
-
     # A list of groups of tests, relying on the same data
     test_groups: Union[list[TestGroup], None] = Field(None,validate_default=True)
 
@@ -678,4 +677,13 @@ def get_summary(
             summary_dict["tests"].append(result)
 
         # Return the summary
-        return summary_dict
+
+        return summary_dict
+
+
+    def getMetadata(self)->dict[str,str]:
+        return {'detection_id':str(self.id),
+                'deprecated':'1' if self.status==DetectionStatus.deprecated.value else '0',
+                'detection_version':str(self.version)}
+
+

contentctl/output/templates/savedsearches_detections.j2

@@ -67,7 +67,7 @@ action.correlationsearch.label = {{APP_NAME}} - RIR - {{ detection.name }} - Rul
 action.correlationsearch.label = {{APP_NAME}} - {{ detection.name }} - Rule
 {% endif %}
 action.correlationsearch.annotations = {{ detection.annotations | tojson }}
-action.correlationsearch.metadata = {{ detection.metadata | tojson }}
+action.correlationsearch.metadata = {{ detection.getMetadata() | tojson }}
 {% if detection.deployment.scheduling.schedule_window is defined %}
 schedule_window = {{ detection.deployment.scheduling.schedule_window }}
 {% endif %}

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "contentctl"
-version = "3.5.0"
+version = "3.6.0"
 description = "Splunk Content Control Tool"
 authors = ["STRT <[email protected]>"]
 license = "Apache 2.0"