convert plain enums, or enums with

multiple inheritance, to StrEnum
or IntEnum

Author: pyth0n1c

contentctl/actions/build.py

@@ -4,7 +4,7 @@
 
 from dataclasses import dataclass
 
-from contentctl.objects.enums import SecurityContentProduct, SecurityContentType
+from contentctl.objects.enums import SecurityContentType
 from contentctl.input.director import Director, DirectorOutputDto
 from contentctl.output.conf_output import ConfOutput
 from contentctl.output.conf_writer import ConfWriter

contentctl/actions/detection_testing/DetectionTestingManager.py

@@ -5,7 +5,6 @@
 from contentctl.actions.detection_testing.infrastructures.DetectionTestingInfrastructureServer import DetectionTestingInfrastructureServer
 from urllib.parse import urlparse
 from copy import deepcopy
-from contentctl.objects.enums import DetectionTestingTargetInfrastructure
 import signal
 import datetime
 # from queue import Queue

contentctl/objects/enums.py

@@ -1,15 +1,15 @@
 from __future__ import annotations
 from typing import List
-import enum
+from enum import StrEnum, IntEnum
 
 
-class AnalyticsType(str, enum.Enum):
+class AnalyticsType(StrEnum):
     TTP = "TTP"
     Anomaly = "Anomaly"
     Hunting = "Hunting"
     Correlation = "Correlation"
 
-class DeploymentType(str, enum.Enum):
+class DeploymentType(StrEnum):
     TTP = "TTP"
     Anomaly = "Anomaly"
     Hunting = "Hunting"
@@ -18,7 +18,7 @@ class DeploymentType(str, enum.Enum):
     Embedded = "Embedded"
 
 
-class DataModel(str,enum.Enum):
+class DataModel(StrEnum):
     ENDPOINT = "Endpoint"
     NETWORK_TRAFFIC  = "Network_Traffic"
     AUTHENTICATION = "Authentication"
@@ -40,11 +40,11 @@ class DataModel(str,enum.Enum):
     SPLUNK_AUDIT = "Splunk_Audit"
 
 
-class PlaybookType(str, enum.Enum):
+class PlaybookType(StrEnum):
     INVESTIGATION = "Investigation"
     RESPONSE = "Response"
 
-class SecurityContentType(enum.Enum):
+class SecurityContentType(IntEnum):
     detections = 1
     baselines = 2
     stories = 3
@@ -68,20 +68,15 @@ class SecurityContentType(enum.Enum):
 #     json_objects = "json_objects"
 
 
-class SecurityContentProduct(enum.Enum):
-    SPLUNK_APP = 1
-    API = 3
-    CUSTOM = 4
 
-
-class SecurityContentProductName(str, enum.Enum):
+class SecurityContentProductName(StrEnum):
     SPLUNK_ENTERPRISE = "Splunk Enterprise"
     SPLUNK_ENTERPRISE_SECURITY = "Splunk Enterprise Security"
     SPLUNK_CLOUD = "Splunk Cloud"
     SPLUNK_SECURITY_ANALYTICS_FOR_AWS = "Splunk Security Analytics for AWS"
     SPLUNK_BEHAVIORAL_ANALYTICS = "Splunk Behavioral Analytics"
 
-class SecurityContentInvestigationProductName(str, enum.Enum):
+class SecurityContentInvestigationProductName(StrEnum):
     SPLUNK_ENTERPRISE = "Splunk Enterprise"
     SPLUNK_ENTERPRISE_SECURITY = "Splunk Enterprise Security"
     SPLUNK_CLOUD = "Splunk Cloud"
@@ -90,33 +85,20 @@ class SecurityContentInvestigationProductName(str, enum.Enum):
     SPLUNK_PHANTOM = "Splunk Phantom"
 
 
-class DetectionStatus(enum.Enum):
-    production = "production"
-    deprecated = "deprecated"
-    experimental = "experimental"
-    validation = "validation"
-
-
-class DetectionStatusSSA(enum.Enum):
+class DetectionStatus(StrEnum):
     production = "production"
     deprecated = "deprecated"
     experimental = "experimental"
     validation = "validation"
 
 
-class LogLevel(enum.Enum):
+class LogLevel(StrEnum):
     NONE = "NONE"
     ERROR = "ERROR"
     INFO = "INFO"
 
 
-class AlertActions(enum.Enum):
-    notable = "notable"
-    rba = "rba"
-    email = "email"
-
-
-class StoryCategory(str, enum.Enum):
+class StoryCategory(StrEnum):
     ABUSE = "Abuse"
     ADVERSARY_TACTICS = "Adversary Tactics"
     BEST_PRACTICES = "Best Practices"
@@ -139,37 +121,18 @@ class StoryCategory(str, enum.Enum):
     UNAUTHORIZED_SOFTWARE = "Unauthorized Software"
 
 
-class PostTestBehavior(str, enum.Enum):
+class PostTestBehavior(StrEnum):
     always_pause = "always_pause"
     pause_on_failure = "pause_on_failure"
     never_pause = "never_pause"
 
 
-class DetectionTestingMode(str, enum.Enum):
+class DetectionTestingMode(StrEnum):
     selected = "selected"
     all = "all"
     changes = "changes"
 
 
-class DetectionTestingTargetInfrastructure(str, enum.Enum):
-    container = "container"
-    server = "server"
-
-
-class InstanceState(str, enum.Enum):
-    starting = "starting"
-    running = "running"
-    error = "error"
-    stopping = "stopping"
-    stopped = "stopped"
-
-
-class SigmaConverterTarget(enum.Enum):
-    CIM = 1
-    RAW = 2
-    OCSF = 3
-    ALL = 4
-
 # It's unclear why we use a mix of constants and enums. The following list was taken from:
 # contentctl/contentctl/helper/constants.py.
 # We convect it to an enum here
@@ -183,7 +146,7 @@ class SigmaConverterTarget(enum.Enum):
 #     "Command And Control": 6,
 #     "Actions on Objectives": 7
 # }
-class KillChainPhase(str, enum.Enum):
+class KillChainPhase(StrEnum):
     UNKNOWN ="Unknown"
     RECONNAISSANCE = "Reconnaissance"
     WEAPONIZATION = "Weaponization"
@@ -194,7 +157,7 @@ class KillChainPhase(str, enum.Enum):
     ACTIONS_ON_OBJECTIVES = "Actions on Objectives"
 
 
-class DataSource(str,enum.Enum):
+class DataSource(StrEnum):
     OSQUERY_ES_PROCESS_EVENTS = "OSQuery ES Process Events"
     POWERSHELL_4104 = "Powershell 4104"
     SYSMON_EVENT_ID_1 = "Sysmon EventID 1"
@@ -234,7 +197,7 @@ class DataSource(str,enum.Enum):
     WINDOWS_SECURITY_5145 = "Windows Security 5145"
     WINDOWS_SYSTEM_7045 = "Windows System 7045"
 
-class ProvidingTechnology(str, enum.Enum):
+class ProvidingTechnology(StrEnum):
     AMAZON_SECURITY_LAKE = "Amazon Security Lake"
     AMAZON_WEB_SERVICES_CLOUDTRAIL = "Amazon Web Services - Cloudtrail"
     AZURE_AD = "Azure AD"
@@ -302,7 +265,7 @@ def getProvidingTechFromSearch(search_string:str)->List[ProvidingTechnology]:
         return sorted(list(matched_technologies))
 
 
-class Cis18Value(str,enum.Enum):
+class Cis18Value(StrEnum):
     CIS_0 = "CIS 0"
     CIS_1 = "CIS 1"
     CIS_2 = "CIS 2"
@@ -323,15 +286,15 @@ class Cis18Value(str,enum.Enum):
     CIS_17 = "CIS 17"
     CIS_18 = "CIS 18"
 
-class SecurityDomain(str, enum.Enum):
+class SecurityDomain(StrEnum):
     ENDPOINT = "endpoint"
     NETWORK = "network"
     THREAT = "threat"
     IDENTITY = "identity"
     ACCESS = "access"
     AUDIT = "audit"
 
-class AssetType(str, enum.Enum):
+class AssetType(StrEnum):
     AWS_ACCOUNT = "AWS Account"
     AWS_EKS_KUBERNETES_CLUSTER = "AWS EKS Kubernetes cluster"
     AWS_FEDERATED_ACCOUNT = "AWS Federated Account"
@@ -382,7 +345,7 @@ class AssetType(str, enum.Enum):
     WEB_APPLICATION = "Web Application"
     WINDOWS = "Windows"
 
-class NistCategory(str, enum.Enum):
+class NistCategory(StrEnum):
     ID_AM = "ID.AM"
     ID_BE = "ID.BE"
     ID_GV = "ID.GV"
@@ -406,7 +369,7 @@ class NistCategory(str, enum.Enum):
     RC_IM = "RC.IM"
     RC_CO = "RC.CO"
 
-class RiskSeverity(str,enum.Enum):
+class RiskSeverity(StrEnum):
     # Levels taken from the following documentation link
     # https://docs.splunk.com/Documentation/ES/7.3.2/User/RiskScoring
     # 20 - info (0-20 for us)