Skip to content

Commit adc88f8

Browse files
ljstellaljstella
committed
Removed extraneous fields
1 parent 52ccfe7 commit adc88f8

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

contentctl/actions/new_content.py

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,17 +19,21 @@ def buildDetection(self)->dict[str,Any]:
1919
answers = questionary.prompt(questions)
2020
answers.update(answers)
2121
answers['name'] = answers['detection_name']
22+
del answers['detection_name']
2223
answers['id'] = str(uuid.uuid4())
2324
answers['version'] = 1
2425
answers['date'] = datetime.today().strftime('%Y-%m-%d')
2526
answers['author'] = answers['detection_author']
27+
del answers['detection_author']
2628
answers['data_source'] = answers['data_source']
2729
answers['type'] = answers['detection_type']
30+
del answers['detection_type']
2831
answers['status'] = "production" #start everything as production since that's what we INTEND the content to become
2932
answers['description'] = 'UPDATE_DESCRIPTION'
3033
file_name = answers['name'].replace(' ', '_').replace('-','_').replace('.','_').replace('/','_').lower()
3134
answers['kind'] = answers['detection_kind']
3235
answers['search'] = answers['detection_search'] + ' | `' + file_name + '_filter`'
36+
del answers['detection_search']
3337
answers['how_to_implement'] = 'UPDATE_HOW_TO_IMPLEMENT'
3438
answers['known_false_positives'] = 'UPDATE_KNOWN_FALSE_POSITIVES'
3539
answers['references'] = ['REFERENCE']
@@ -66,32 +70,37 @@ def buildStory(self)->dict[str,Any]:
6670
questions = NewContentQuestions.get_questions_story()
6771
answers = questionary.prompt(questions)
6872
answers['name'] = answers['story_name']
73+
del answers['story_name']
6974
answers['id'] = str(uuid.uuid4())
7075
answers['version'] = 1
7176
answers['date'] = datetime.today().strftime('%Y-%m-%d')
7277
answers['author'] = answers['story_author']
78+
del answers['story_author']
7379
answers['description'] = 'UPDATE_DESCRIPTION'
7480
answers['narrative'] = 'UPDATE_NARRATIVE'
7581
answers['references'] = []
7682
answers['tags'] = dict()
7783
answers['tags']['analytic_story'] = answers['name']
7884
answers['tags']['category'] = answers['category']
85+
del answers['category']
7986
answers['tags']['product'] = ['Splunk Enterprise','Splunk Enterprise Security','Splunk Cloud']
8087
answers['tags']['usecase'] = answers['usecase']
88+
del answers['usecase']
8189
answers['tags']['cve'] = ['UPDATE WITH CVE(S) IF APPLICABLE']
90+
del answers['detection_kind']
8291
return answers
8392

8493

8594
def execute(self, input_dto: new) -> None:
8695
if input_dto.type == NewContentType.detection:
8796
content_dict = self.buildDetection()
88-
subdirectory = pathlib.Path('detections') / content_dict.get('detection_kind')
97+
subdirectory = pathlib.Path('detections') / content_dict.pop('detection_kind')
8998
elif input_dto.type == NewContentType.story:
9099
content_dict = self.buildStory()
91100
subdirectory = pathlib.Path('stories')
92101
else:
93102
raise Exception(f"Unsupported new content type: [{input_dto.type}]")
94-
103+
95104
full_output_path = input_dto.path / subdirectory / SecurityContentObject_Abstract.contentNameToFileName(content_dict.get('name'))
96105
YmlWriter.writeYmlFile(str(full_output_path), content_dict)
97106

0 commit comments

Comments
 (0)