Add optional explanation field to detections

ryanplasma · ryanplasma · commit 1e51d6d1776d · 2024-09-10T22:38:09.000-04:00
diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py
@@ -60,6 +60,7 @@ class Detection_Abstract(SecurityContentObject):
     search: str = Field(...)
     how_to_implement: str = Field(..., min_length=4)
     known_false_positives: str = Field(..., min_length=4)
+    explanation: Optional[str] = None
 
     enabled_by_default: bool = False
     file_path: FilePath = Field(...)
diff --git a/contentctl/output/templates/analyticstories_detections.j2 b/contentctl/output/templates/analyticstories_detections.j2
@@ -7,7 +7,7 @@
 type = detection
 asset_type = {{ detection.tags.asset_type.value }}
 confidence = medium
-explanation = {{ detection.description | escapeNewlines() }}
+explanation = {{ detection.explanation if detection.explanation else detection.description | escapeNewlines() }}
 {% if detection.how_to_implement is defined %}
 how_to_implement = {{ detection.how_to_implement | escapeNewlines() }}
 {% else %}
