Skip to content

v5.3.0

Choose a tag to compare

View all tags
@pyth0n1c pyth0n1c released this 18 Apr 20:18
· 237 commits to main since this release
v5.3.0
7e5d21d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

There are a number of new changes in 5.3.0. Most notably, we have now included formal support for content deprecation and removal via the new command line argument (to contentctl validate/build/test/inspect) --enable_deprecation_mapping_requirement. This new argument allows fine-grained control and validations of what detections have been marked as deprecated/removed and scheduling for when that content MUST be removed from your app. You can see an example of that file here: https://github.com/splunk/security_content/blob/develop/removed/deprecation_mapping.YML
It is used in the https://github.com/splunk/security_content/ repo and ES Content Update App to power the Deprecation Assistant Dashboard. As part of this, it will automatically generate a deprecation_mapping_DDDDMMDD.csv file and corresponding lookup deprecation_mapping to expose this deprecation information in your app.
If you do not explicitly pass the --enable_deprecation_mapping_requirement argument on the command line (or in your contentctl.yml), you should not notice any new behavior or requirments.

Other notable improvements include improved testing of ESCU content when using Splunk Enterprise Security 8 Content Versioning, better errors when attempting to parse malformed or empty YML files, and updated structure for detections in the detections.json api objects.

What's Changed

Full Changelog: v5.2.0...v5.3.0

Contributors

ljstella, dependabot, and 2 other contributors
Assets 2
Loading