Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v4.1.0 #172

Merged
merged 42 commits into from
Jul 2, 2024
Merged

Release v4.1.0 #172

merged 42 commits into from
Jul 2, 2024

Conversation

pyth0n1c
Copy link
Contributor

@pyth0n1c pyth0n1c commented Jun 25, 2024
edited
Loading

Collect PRs to merge into main for release 4.1.0
This includes a number of updates:

  • a new workflow is included that tests contentctl by ensuring that the github.com/splunk/security_content repo can be contentctl build correctly without errors. Since this content should all be "correct" this is a good test of the contentctl tool
  • a simple API is included so that objects can be parsed+loaded and tests can be run without needing to go through the command line interface.
  • API Deploy functionality, which was experimental and allowed individual pieces of content to be deployed to an on-premises instance using the Splunk REST API, has been removed. This is because it ONLY supported deploying searches and macros. Since we cannot deploy other content, such as lookups or stories, we cannot guarantee that content will work as expected. This may be recreated with more robust, scalable support at a later date as it is a popular user request.
  • Improved contentctl new workflow to fix errors and ensure that fields are written in the correct order.
  • "CVE Enrichment" now only populates the url field of the CVE. This is used to link directly to the relevant NIST page and supports faster site build time. It also avoids using the CVESearch tool (and the circl.lu API which is frequently down or has extremely slow, multi-minute response times).
  • Better filter_macro validation and detection of macros used in searches missing from the macros/ folder

linuxdaemon and others added 30 commits October 11, 2023 12:44
@linuxdaemon
Ensure detections show up in the ES app
5384b05 
This ensures that detections show up as
content in the Enterprise Security UI in Splunk
@pyth0n1c
Update deps to latest to resolve dependabot prs
5ed7858
@dependabot
Update setuptools requirement from ^69.5.1 to >=69.5.1,<71.0.0
d38b3de 
Updates the requirements on [setuptools](/~https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](/~https://github.com/pypa/setuptools/releases)
- [Changelog](/~https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v69.5.1...v70.0.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljstella
changing stanza name
0c5e335
@ljstella
Removing file entirely from default init build
6668e9e
@ljstella
Cleaning up output order
20c9b57
@pyth0n1c
Create branch with better filter macro-checking.
072e0f3
@pyth0n1c
Merge branch 'main' into improve_filter_macro_checking
74b829e
@pyth0n1c
Relax need for filter macro to occur at VERY END of a search. It stil…
039cf01 
…l must occur somewhere in the search.
@pyth0n1c
Downgrade to python3.9 as a requirement.
5cf7f5b 
Add testing against 3.9 and 3.10 to the
github actions test workflow.
@pyth0n1c
Add verbose comments as to
cbaa222 
WHY certain macros are excluded
when we look for them.
@pyth0n1c
Add option to enable/disable
9db2b46 
verbose error printing
to the terminal. This should
make most operations
easier to understand since
the vast majority of errors are due
to bad yml fields (or missing).
@pyth0n1c
better description on error when
a16e88a 
verbose logging is not enabled.
@pyth0n1c
Merge pull request #166 from splunk/add_verbose_error_option
eb9e2f4 
Add verbose error option
@pyth0n1c
Merge pull request #164 from splunk/update-new-output
28219ea 
Cleaning up output order
@pyth0n1c
Merge branch 'update_deps_4.1' into dependabot/pip/setuptools-gte-69.…
abe2246 
…5.1-and-lt-71.0.0
@pyth0n1c
Force Python3.11+ as a system requirement
0a05958
@pyth0n1c
remove 3.9 and 3.10 from test workflow
9bb4575
@pyth0n1c
Merge pull request #163 from splunk/bias_language
bfe98c9 
Removing Bias Language and updating templates
@pyth0n1c
add testing against security_content
9ff0bc6 
repo to catch additonal errors with more
content
@pyth0n1c
fix syntax of repo checkout command
3d18a24
@pyth0n1c
Merge pull request #151 from splunk/dependabot/pip/setuptools-gte-69.…
18b2c67 
…5.1-and-lt-71.0.0

Update setuptools requirement from ^69.5.1 to >=69.5.1,<71.0.0
@pyth0n1c
Merge branch 'release_v4.1.0' into update_deps_4.1
1f52c7d
@dependabot
Update setuptools requirement from ^69.5.1 to >=69.5.1,<71.0.0
9738e88 
Updates the requirements on [setuptools](/~https://github.com/pypa/setuptools) to permit the latest version.
- [Release notes](/~https://github.com/pypa/setuptools/releases)
- [Changelog](/~https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v69.5.1...v70.0.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@ljstella
Merge pull request #167 from splunk/test_against_escu
893725a 
add testing against security_content repo
@pyth0n1c
Add simple API for a more
1ffa9e5 
direct interface to contentctl
functions!
@josehelps
Merge pull request #38 from linuxdaemon/sec-app
a6db215 
Ensure detections show up in the ES app
@pyth0n1c
Check references field no longer used.
59d1c4c 
Remove it
@pyth0n1c
Enable CVE Enrichment.
308ba71 
However, there are issues with the API
availability/stability that we must overcome.
@pyth0n1c
Fix missing parenthesis
9747de4
pyth0n1c and others added 12 commits June 25, 2024 12:24
@pyth0n1c
Remove dynamic CVE enrichment.
0f15968 
Now only the CVE id and
the url, a new field, will be populated
with the aniticpated values. We have retained
the legacy fields to support future
enrichment development.
@josehelps
removing apav_deploy since it is not used either
0938b42
@pyth0n1c
Merge pull request #175 from splunk/removing_rest_deploy
68d3d42 
Removing rest_deploy, apav_deploy
@pyth0n1c
Add a function to generate
ced6164 
JSON objects in the API
library.
@pyth0n1c
Merge pull request #168 from splunk/dependabot/pip/setuptools-gte-69.…
8f16f1f 
…5.1-and-lt-71.0.0

Update setuptools requirement from ^69.5.1 to >=69.5.1,<71.0.0
@pyth0n1c
define simple repr and str
9862e48 
function on security_content_object
so that they can be printed out
without cycle/recursion issues
@pyth0n1c
make sure the cve enrichment skeleton works
97f0fa9
@pyth0n1c
Implement suggestions from
bf63cdd 
casey on PR. Improve naming,
address other PEP8 concerns,
and move some logic
from contentctl.main
into contentctl.test_common_func
@pyth0n1c
Merge pull request #170 from splunk/simple_api_features
05f4db9 
Add simple API for a more
@pyth0n1c
Merge branch 'release_v4.1.0' into improve_filter_macro_checking
abdf2a5
@pyth0n1c
Merge pull request #165 from splunk/improve_filter_macro_checking
de2ab17 
Improve filter macro checking
@pyth0n1c
Merge pull request #144 from splunk/update_deps_4.1
4d2f4fd 
Update deps in prep for 4.1
@ljstella ljstella self-requested a review July 2, 2024 19:14
ljstella
ljstella approved these changes Jul 2, 2024
View reviewed changes
Copy link
Contributor

@ljstella ljstella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@pyth0n1c pyth0n1c merged commit 904ed46 into main Jul 2, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljstella ljstella ljstella approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pyth0n1c @ljstella @linuxdaemon @josehelps