pyth0n1c

We will still need to determine if we want to add the missing COUNT after it as well, but this will take a hands on test of the rule

These changes will not be ready until the following PR is ready and merged: https://github.com/splunk/contentctl/pull/146

Draft of new workflow to push compressed attack data archive to S3. Remove txt file that should not be in the root of the repo. This is useful in that...

Begin tracking the version of contentctl used to build a specific repo state and enforcing it so that builds and other operations are repeatable.

Enable throttling for all detections with default period of 3600s (1 hrs) and using risk_objects+threat_objects as the fields. Please note that this is a FULLY experimental PR that exists as...

DO NOT MERGE: include tests and their info in detections_v2.json

1

This is for experimental purposes and visibility. DO NOT MERGE See the instructions below. It is not meant to work as a bash script since it uses poetry shell -...

Please use with the following PR, which also assigns throttling https://github.com/splunk/contentctl/pull/422 This PR presently fails the appinspect check `check_for_gratuitous_cron_scheduling` - but this error should be ignored since it is being...