Adding new macro & lookup exceptions

Author: ljstella

contentctl/objects/lookup.py

@@ -65,6 +65,13 @@
 # Special case for the Detection "Exploit Public Facing Application via Apache Commons Text"
 LOOKUPS_TO_IGNORE.add("=")
 LOOKUPS_TO_IGNORE.add("other_lookups")
+LOOKUPS_TO_IGNORE.add(
+    "asn_lookup_by_cidr"
+)  # Provided by SA-ThreatIntelligence, part of Enterprise Security
+
+LOOKUPS_TO_IGNORE.add(
+    "mitre_attack_lookup"
+)  # KVStore provided by SA-ThreatIntelligence, part of Enterprise Security
 
 
 class Lookup_Type(StrEnum):

contentctl/objects/macro.py

@@ -26,6 +26,7 @@
 )  # SA-ThreatIntelligence, part of Enterprise Security
 MACROS_TO_IGNORE.add("cim_corporate_web_domain_search")  # Part of CIM/Splunk_SA_CIM
 # MACROS_TO_IGNORE.add("prohibited_processes")
+MACROS_TO_IGNORE.add("globedistance")  # Part of SA-Utils, part of Enterprise Security
 
 
 class Macro(SecurityContentObject):