Skip to content

Commit 5488ca6

Browse files
pyth0n1cpyth0n1c
authored
Merge pull request #297 from splunk/contentctl_data_source_from_enum
Fix datasource in contentctl new
2 parents dde564b + a609c03 commit 5488ca6

File tree

2 files changed

+19
-55
lines changed

2 files changed

+19
-55
lines changed

contentctl/input/new_content_questions.py

Lines changed: 4 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
from typing import Any
2+
from contentctl.objects.enums import DataSource
23

34

45
class NewContentQuestions:
@@ -48,46 +49,9 @@ def get_questions_detection(cls) -> list[dict[str,Any]]:
4849
'type': 'checkbox',
4950
'message': 'Your data source',
5051
'name': 'data_source',
51-
'choices': [
52-
"OSQuery ES Process Events",
53-
"Powershell 4104",
54-
"Sysmon Event ID 1",
55-
"Sysmon Event ID 3",
56-
"Sysmon Event ID 5",
57-
"Sysmon Event ID 6",
58-
"Sysmon Event ID 7",
59-
"Sysmon Event ID 8",
60-
"Sysmon Event ID 9",
61-
"Sysmon Event ID 10",
62-
"Sysmon Event ID 11",
63-
"Sysmon Event ID 13",
64-
"Sysmon Event ID 15",
65-
"Sysmon Event ID 20",
66-
"Sysmon Event ID 21",
67-
"Sysmon Event ID 22",
68-
"Sysmon Event ID 23",
69-
"Windows Security 4624",
70-
"Windows Security 4625",
71-
"Windows Security 4648",
72-
"Windows Security 4663",
73-
"Windows Security 4688",
74-
"Windows Security 4698",
75-
"Windows Security 4703",
76-
"Windows Security 4720",
77-
"Windows Security 4732",
78-
"Windows Security 4738",
79-
"Windows Security 4741",
80-
"Windows Security 4742",
81-
"Windows Security 4768",
82-
"Windows Security 4769",
83-
"Windows Security 4771",
84-
"Windows Security 4776",
85-
"Windows Security 4781",
86-
"Windows Security 4798",
87-
"Windows Security 5136",
88-
"Windows Security 5145",
89-
"Windows System 7045"
90-
]
52+
#In the future, we should dynamically populate this from the DataSource Objects we have parsed from the data_sources directory
53+
'choices': sorted(DataSource._value2member_map_ )
54+
9155
},
9256
{
9357
"type": "text",

contentctl/objects/enums.py

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -197,21 +197,21 @@ class KillChainPhase(str, enum.Enum):
197197
class DataSource(str,enum.Enum):
198198
OSQUERY_ES_PROCESS_EVENTS = "OSQuery ES Process Events"
199199
POWERSHELL_4104 = "Powershell 4104"
200-
SYSMON_EVENT_ID_1 = "Sysmon Event ID 1"
201-
SYSMON_EVENT_ID_10 = "Sysmon Event ID 10"
202-
SYSMON_EVENT_ID_11 = "Sysmon Event ID 11"
203-
SYSMON_EVENT_ID_13 = "Sysmon Event ID 13"
204-
SYSMON_EVENT_ID_15 = "Sysmon Event ID 15"
205-
SYSMON_EVENT_ID_20 = "Sysmon Event ID 20"
206-
SYSMON_EVENT_ID_21 = "Sysmon Event ID 21"
207-
SYSMON_EVENT_ID_22 = "Sysmon Event ID 22"
208-
SYSMON_EVENT_ID_23 = "Sysmon Event ID 23"
209-
SYSMON_EVENT_ID_3 = "Sysmon Event ID 3"
210-
SYSMON_EVENT_ID_5 = "Sysmon Event ID 5"
211-
SYSMON_EVENT_ID_6 = "Sysmon Event ID 6"
212-
SYSMON_EVENT_ID_7 = "Sysmon Event ID 7"
213-
SYSMON_EVENT_ID_8 = "Sysmon Event ID 8"
214-
SYSMON_EVENT_ID_9 = "Sysmon Event ID 9"
200+
SYSMON_EVENT_ID_1 = "Sysmon EventID 1"
201+
SYSMON_EVENT_ID_3 = "Sysmon EventID 3"
202+
SYSMON_EVENT_ID_5 = "Sysmon EventID 5"
203+
SYSMON_EVENT_ID_6 = "Sysmon EventID 6"
204+
SYSMON_EVENT_ID_7 = "Sysmon EventID 7"
205+
SYSMON_EVENT_ID_8 = "Sysmon EventID 8"
206+
SYSMON_EVENT_ID_9 = "Sysmon EventID 9"
207+
SYSMON_EVENT_ID_10 = "Sysmon EventID 10"
208+
SYSMON_EVENT_ID_11 = "Sysmon EventID 11"
209+
SYSMON_EVENT_ID_13 = "Sysmon EventID 13"
210+
SYSMON_EVENT_ID_15 = "Sysmon EventID 15"
211+
SYSMON_EVENT_ID_20 = "Sysmon EventID 20"
212+
SYSMON_EVENT_ID_21 = "Sysmon EventID 21"
213+
SYSMON_EVENT_ID_22 = "Sysmon EventID 22"
214+
SYSMON_EVENT_ID_23 = "Sysmon EventID 23"
215215
WINDOWS_SECURITY_4624 = "Windows Security 4624"
216216
WINDOWS_SECURITY_4625 = "Windows Security 4625"
217217
WINDOWS_SECURITY_4648 = "Windows Security 4648"

0 commit comments

Comments
 (0)