Add more fields to savedsearches.conf

pyth0n1c · pyth0n1c · commit 563336306646 · 2024-04-10T14:43:29.000-07:00
diff --git a/contentctl/objects/abstract_security_content_objects/detection_abstract.py b/contentctl/objects/abstract_security_content_objects/detection_abstract.py
@@ -57,6 +57,7 @@ class Detection_Abstract(SecurityContentObject):
     runtime: str = None
     enabled_by_default: bool = False
 
+
     class Config:
         use_enum_values = True
 
@@ -346,3 +347,10 @@ def get_summary(
 
         # Return the summary
         return summary_dict
+
+
+    def getMetadata(self)->dict[str,str]:
+        return {'detection_id':str(self.id),
+                'deprecated':'1' if self.status==DetectionStatus.deprecated.value else '0',
+                'detection_version':str(self.version)}
+
diff --git a/contentctl/output/templates/savedsearches_detections.j2 b/contentctl/output/templates/savedsearches_detections.j2
@@ -64,6 +64,7 @@ action.correlationsearch.label = {{APP_NAME}} - RIR - {{ detection.name }} - Rul
 action.correlationsearch.label = {{APP_NAME}} - {{ detection.name }} - Rule
 {% endif %}
 action.correlationsearch.annotations = {{ detection.annotations | tojson }}
+action.correlationsearch.metadata = {{ detection.getMetadata() | tojson }}
 {% if detection.deployment.scheduling.schedule_window is defined %}
 schedule_window = {{ detection.deployment.scheduling.schedule_window }}
 {% endif %}
