Merge branch 'main' into init-bare

Author: pyth0n1c

contentctl/api.py

@@ -126,7 +126,7 @@ def update_config(config:Union[test,test_servers], **key_value_updates:dict[str,
 def content_to_dict(director:DirectorOutputDto)->dict[str,list[dict[str,Any]]]:
     output_dict:dict[str,list[dict[str,Any]]] = {}
     for contentType in ['detections','stories','baselines','investigations',
-                        'playbooks','macros','lookups','deployments','ssa_detections']:
+                        'playbooks','macros','lookups','deployments',]:
 
         output_dict[contentType] = []
         t:list[SecurityContentObject] = getattr(director,contentType)

contentctl/input/director.py

@@ -18,7 +18,6 @@
 from contentctl.objects.deployment import Deployment
 from contentctl.objects.macro import Macro
 from contentctl.objects.lookup import Lookup
-from contentctl.objects.ssa_detection import SSADetection
 from contentctl.objects.atomic import AtomicTest
 from contentctl.objects.security_content_object import SecurityContentObject
 from contentctl.objects.data_source import DataSource
@@ -33,10 +32,7 @@
 from contentctl.objects.enums import DetectionStatus
 from contentctl.helper.utils import Utils
 
-from contentctl.objects.enums import SecurityContentType
 
-from contentctl.objects.enums import DetectionStatus 
-from contentctl.helper.utils import Utils
 
 
 @dataclass
@@ -60,10 +56,7 @@ class DirectorOutputDto:
 
     def addContentToDictMappings(self, content: SecurityContentObject):
         content_name = content.name
-        if isinstance(content, SSADetection):
-            # Since SSA detections may have the same name as ESCU detection,
-            # for this function we prepend 'SSA ' to the name.
-            content_name = f"SSA {content_name}"
+        
 
         if content_name in self.name_to_content_map:
             raise ValueError(
@@ -149,7 +142,7 @@ def createSecurityContent(self, contentType: SecurityContentType) -> None:
                 os.path.join(self.input_dto.path, str(contentType.name))
             )
             security_content_files = [
-                f for f in files if not f.name.startswith("ssa___")
+                f for f in files 
             ]
         else:
             raise (Exception(f"Cannot createSecurityContent for unknown product."))

contentctl/objects/abstract_security_content_objects/detection_abstract.py

@@ -83,15 +83,13 @@ def validate_presence_of_filter_macro(cls, value:str, info:ValidationInfo)->str:
 
 
         Args:
-            value (Union[str, dict[str,Any]]): The search. It can either be a string (and should be
-                SPL or a dict, in which case it is Sigma-formatted.
+            value (str): The SPL search. It must be an SPL-formatted string.
             info (ValidationInfo): The validation info can contain a number of different objects.
                 Today it only contains the director.
 
         Returns:
-            Union[str, dict[str,Any]]: The search, either in sigma or SPL format.
-        """        
-        
+            str: The search, as an SPL formatted string.
+        """
 
         # Otherwise, the search is SPL.
 

contentctl/objects/config.py

@@ -234,9 +234,6 @@ def getPackageFilePath(self, include_version:bool=False)->pathlib.Path:
             return self.getBuildDir() / f"{self.app.appid}-{self.app.version}.tar.gz"
         else:
             return self.getBuildDir() / f"{self.app.appid}-latest.tar.gz"
-    
-    def getSSAPath(self)->pathlib.Path:
-        return self.getBuildDir() / "ssa"
 
     def getAPIPath(self)->pathlib.Path:
         return self.getBuildDir() / "api"

contentctl/objects/enums.py

@@ -54,7 +54,6 @@ class SecurityContentType(enum.Enum):
     deployments = 7
     investigations = 8
     unit_tests = 9
-    ssa_detections = 10
     data_sources = 11
 
 # Bringing these changes back in line will take some time after
@@ -69,7 +68,6 @@ class SecurityContentType(enum.Enum):
 
 class SecurityContentProduct(enum.Enum):
     SPLUNK_APP = 1
-    SSA = 2
     API = 3
     CUSTOM = 4