change _UPDATE_ string to __UPDATE__

Remove extra pair of quotes
from new detection template

Author: pyth0n1c

contentctl/actions/new_content.py

@@ -12,7 +12,7 @@
 from contentctl.objects.enums import AssetType
 from contentctl.objects.constants import SES_OBSERVABLE_TYPE_MAPPING, SES_OBSERVABLE_ROLE_MAPPING
 class NewContent:
-    UPDATE_PREFIX = "_UPDATE_"
+    UPDATE_PREFIX = "__UPDATE__"
 
     DEFAULT_DRILLDOWN_DEF = [
         {
@@ -68,7 +68,7 @@ def buildDetection(self) -> tuple[dict[str, Any], str]:
             "type": answers["detection_type"],
             "description": f"{NewContent.UPDATE_PREFIX} by providing a description of your search",
             "data_source": data_source_field,
-            "search": f"{answers['detection_search']} | `{file_name}_filter`'",
+            "search": f"{answers['detection_search']} | `{file_name}_filter`",
             "how_to_implement": f"{NewContent.UPDATE_PREFIX} how to implement your search",
             "known_false_positives": f"{NewContent.UPDATE_PREFIX} known false positives for your search",
             "references": [f"{NewContent.UPDATE_PREFIX} zero or more http references to provide more information about your search"],

contentctl/input/new_content_questions.py

@@ -57,7 +57,7 @@ def get_questions_detection(cls) -> list[dict[str,Any]]:
                 "type": "text",
                 "message": "enter search (spl)",
                 "name": "detection_search",
-                "default": "| _UPDATE_ SPL",
+                "default": "| __UPDATE__ SPL",
             },
             {
                 "type": "text",

contentctl/input/yml_reader.py

@@ -29,7 +29,7 @@ def load_file(file_path: pathlib.Path, add_fields:bool=True, STRICT_YML_CHECKING
                 # and use NewContent.UPDATE_PREFIX, 
                 # but there is a circular dependency right now which makes that difficult.
                 # We have instead hardcoded UPDATE_PREFIX
-                UPDATE_PREFIX = "_UPDATE_"
+                UPDATE_PREFIX = "__UPDATE__"
                 data = file_handler.read()
                 if UPDATE_PREFIX in data:
                     raise Exception(f"The file {file_path} contains the value '{UPDATE_PREFIX}'. Please fill out any unpopulated fields as required.")