v5.0.0

contentctl 5.0.0 initial release.
More details about this release will be published in the next 48 hours.

v5.0.0-alpha.3

Fixies a number of issues, most notably removing references to observables which are no longer used in the codebase. They have been superseded by the RBA object (which in turn has its own message, victim, and threat objects).
Some additional bugs were resolved around this removal and introduction of the new RBA field which happened in the first alpha.
Finally, some code cleanup (formatting and linting).

This is still a pre-release and not intended for public use at this time.

What's Changed

• lint fixes & formatting by @ljstella in #350
• removing code referencing observables by @ljstella in #352
• Fixes for 5.0.0a2 by @ljstella in #351
• Version bump for next alpha release by @ljstella in #354

Full Changelog: v5.0.0-alpha.2...v5.0.0-alpha.3

v5.0.0-alpha.2

This is still a prelease version and not intended for public use. It resolves :

1. issues around detecting lookups that have changed when running contentctl test mode:changes ...
2. resolves an error in the savedsearches_detections.j2 template where erroneous newlines may be inclued in savedsearches.conf
3. reverts to using splunk/splunk:9.3 (instead of splunk/splunk:latest, which presently installs splunk:9.4) due to an error in contentctl where contentctl test does not wait for all apps to install before beginning testing. This will be resolved in a future release.

What's Changed

• Bugfixes on 5.0.0-alpha by @ljstella in #349

Full Changelog: v5.0.0-alpha...v5.0.0-alpha.2

v5.0.0-alpha

There are a significant number of changes in this release and it is not intended for public use yet. This release is being done to enable testing of a number of different workflows in prep for a general release of contentctl 5.0. We DO NOT suggest using this release at this time.
When the non-alpha version of contentctl 5.0.0, we will give more detail about exactly what changes were made.

To indicate the state of this release, the following warning is printed every time contentctl is run:

WARNING - THIS IS AN ALPHA BUILD OF CONTENTCTL 5.
THERE HAVE BEEN NUMEROUS CHANGES IN CONTENTCTL (ESPECIALLY TO YML FORMATS).
YOU ALMOST CERTAINLY DO NOT WANT TO USE THIS BUILD.
IF YOU ENCOUNTER ERRORS, PLEASE USE THE LATEST CURRENTLY SUPPORTED RELEASE:

CONTENTCTL==4.4.7

YOU HAVE BEEN WARNED!

What's Changed

• Exception on extra fields by @pyth0n1c in #325
• Python 3.13 support by @ljstella in #302
• Remove use enum values by @pyth0n1c in #335
• GH Actions Matrix update by @ljstella in #340
• Update tyro requirement from ^0.8.3 to >=0.8.3,<0.10.0 by @dependabot in #341
• Improve lookup regex - Step 1 - ESCU 5.0 by @pyth0n1c in #274
• Migrate integration testing to RBA paradigm - Step 2 by @cmcginley-splunk in #345
• DRAFT: new RBA Object - Step 3 - ESCU 5.0 by @ljstella in #263
• First crack at default config for ruff - Step 3.5 - ESCU 5.0 by @ljstella in #254
• contentctl 5 - Step 4 - ESCU 5.0 by @pyth0n1c in #334

Full Changelog: v4.4.7...v5.0.0-alpha

v4.4.7

This resolves a bug which causes all contentctl operations to fail with Pydantic >= 2.10

What's Changed

• Pin Pydantic to Resolve Contentctl Bug by @pyth0n1c in #332

Full Changelog: v4.4.6...v4.4.7

v4.4.6

contentctl does not yet support Python 3.13. This was not reflected in the pyproject.toml and thus Pypi.
This release updates the compatibility here and on Pypi. At this time, contentctl supports Python 3.11 and 3.12.

Look for Python 3.13 support in an upcoming release!

What's Changed

• don't declare py3.13 compat by @ljstella in #329

Full Changelog: v4.4.5...v4.4.6

v4.4.5

Ensure that when testing using mode:changes, updates to an underlying data_source object used by a detection mean that the detections which reference it must be retested.

What's Changed

• Ensure we print the right field for data_source by @ljstella in #324
• Testing on Datasource changes by @ljstella in #301

Full Changelog: v4.4.4...v4.4.5

v4.4.4

This addresses a number of appinspect warnings and enables deploying via appinspect.

What's Changed

• Enable acs deploy + appinspect warnings by @pyth0n1c in #146

Full Changelog: v4.4.3...v4.4.4

v4.4.3

This fixes a serious problem that caused all integration testing to fail due to an incorrect path used for scheduling a savedsearch.
There may still be some testing issues with this release, but this is definitely more correct than previously.

This supercedes 4.4.2 which had a bug where the version was not updated in pyproject.toml, meaning that the upload to Pypi failed.

What's Changed

• Fix savedsearches path issue by @pyth0n1c in #316
• remove "cloud" from the security_domain enum by @pyth0n1c in #314

Full Changelog: v4.4.1...v4.4.3

v4.4.1

Update CLI release_notes workflow for a bit more control on the branch we diff against to generate those notes. Previously, we could only diff against a tag.

What's Changed

• add --compare_against flag to release_notes action by @patel-bhavin in #311

Full Changelog: v4.4.0...v4.4.1