Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strict yml fields #3202

Open
wants to merge 16 commits into
base: develop
Choose a base branch
from
Open

Strict yml fields #3202

wants to merge 16 commits into from

Conversation

pyth0n1c
Copy link
Collaborator

@pyth0n1c pyth0n1c commented Nov 12, 2024
edited
Loading

Update content to begin enforcing STRICT YML fields in contentctl.
This means that we will throw errors when fields that are not defined in contentctl Pydantic Objects are included in YML files.

This reduces the chance that optional field names will be typo'd and cleans up a large number of YML files.

Note that the corresponding contentctl PR is here: splunk/contentctl#325

To summarize the fields that have been removed:
Detection Tags:

  • risk_score is no longer included in the YMLs. This is calculated from confidence and impact fields
  • required_fields have been removed
  • context has been removed
  • group has been removed

Baseline:

  • datamodel has been removed
  • required_fields has been removed

Investigation

  • datamodel has been removed

Many other unused fields have been removed (or, if they were misnamed, correctly to the proper name)

@pyth0n1c pyth0n1c mentioned this pull request Nov 12, 2024
Open
@pyth0n1c pyth0n1c marked this pull request as draft November 14, 2024 20:16
@patel-bhavin
Copy link
Contributor

These changes to the yamls look good. Also tested the associated contentctl PR to check for potential validation errors created - looking good!

image

Also confirmed that the removed fields are not used in the product.

@pyth0n1c pyth0n1c marked this pull request as ready for review November 19, 2024 23:34
@patel-bhavin patel-bhavin added this to the v4.44.0 milestone Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patel-bhavin patel-bhavin Awaiting requested review from patel-bhavin patel-bhavin is a code owner

@ljstella ljstella Awaiting requested review from ljstella ljstella is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Detections Lookups Stories
Projects
None yet
Milestone
v4.44.0
Development

Successfully merging this pull request may close these issues.
2 participants
@pyth0n1c @patel-bhavin