contentctl icon indicating copy to clipboard operation
contentctl copied to clipboard
verified publisher icon splunk

Ensure detections show up in the ES app

Open linuxdaemon opened this issue 2 years ago • 2 comments

This ensures that detections show up as content in the Enterprise Security UI in Splunk

linuxdaemon avatar Aug 10 '23 18:08 linuxdaemon

@linuxdaemon , great catch! Instead of hardcoding this, do you the "app" field should be specifiable in the contentctl.yml file (or similarly on the command line) with a default of SplunkEnterpriseSecuritySuite ?
I anticipate there will be users of contentctl who do not have Enterprise Security and might want to create them in a different app (although I think this will be a less common use case). Any thoughts?

pyth0n1c avatar Nov 28 '23 02:11 pyth0n1c

Yeah that makes sense to me, I'll add that to my todo

linuxdaemon avatar Nov 28 '23 21:11 linuxdaemon

Lets build the config changes into another PR, for now this is perfect

josehelps avatar Jun 24 '24 17:06 josehelps