contentctl icon indicating copy to clipboard operation
contentctl copied to clipboard
verified publisher icon splunk

Forbid extra fields in YMLs

Open pyth0n1c opened this issue 1 year ago • 1 comments

Add an extra, missing field to the lookup.py model called max_matches that was accidentally dropped. set extra='forbid' for SecurityContentObject

This PR is on hold pending significant, structural changes to Detection YMLs with respect to Risk Based Alterting (RBA) content: https://github.com/splunk/contentctl/pull/263

pyth0n1c avatar Jul 27 '24 00:07 pyth0n1c

Note that the groups and context fields were temporarily added to the detection_tags object and will require some discussion. We may also need to update the contentctl new command to make sure no erroneous fields are written, like risk_score.

pyth0n1c avatar Jul 27 '24 02:07 pyth0n1c

This PR has been open for a long time and, as such, has been deprecated in favor of the following PR with similar changes: https://github.com/splunk/contentctl/pull/325

This PR is being closed out.

pyth0n1c avatar Nov 18 '24 22:11 pyth0n1c