Merge remote-tracking branch 'github_origin/develop' into gitlab_release_v4.35.0

Author: research bot

.github/workflows/validate-and-build.yml

@@ -16,7 +16,7 @@ jobs:
 
       - uses: actions/setup-python@v4
         with:
-          python-version: '3.9' #Available versions here - https://github.com/actions/python-versions/releases  easy to change/make a matrix/use pypy
+          python-version: '3.11' #Available versions here - https://github.com/actions/python-versions/releases  easy to change/make a matrix/use pypy
           architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified
 
       - name: Install System Packages
@@ -25,24 +25,22 @@ jobs:
           sudo apt install jq -qq
       
 
-      - name: Install Python Dependencies and ContentCTL
+      - name: Install Python Dependencies and ContentCTL and Atomic Red Team
         run: |
-          pip3 install poetry
-          git submodule update --init contentctl
-          cd contentctl
-          git checkout main
-          poetry install
+          python3.11 -m venv .venv
+          source .venv/bin/activate
+          pip install contentctl
+          git clone --depth=1 --single-branch --branch=master https://github.com/redcanaryco/atomic-red-team.git
       
       - name: content_ctl validate
         run: |
-          cd contentctl
-          poetry run contentctl -p ../ validate 
+          source .venv/bin/activate
+          contentctl validate 
 
       - name: contentctl generate
         run: |
-          cd contentctl
-          poetry run contentctl -p ../ build
-          cd ..
+          source .venv/bin/activate
+          contentctl build --enrichments
           mkdir artifacts
           mv dist/DA-ESS-ContentUpdate-latest.tar.gz artifacts/
 

CODEOWNERS

@@ -99,4 +99,4 @@ Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
-limitations under the License.
+limitations under the License.

README.md

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:44 UTC
+# On Date: 2024-06-26T20:16:58 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############

dist/DA-ESS-ContentUpdate/default/analyticstories.conf

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:44 UTC
+# On Date: 2024-06-26T20:16:58 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############
@@ -11,7 +11,7 @@
 is_configured = false
 state = enabled
 state_change_requires_restart = false
-build = 20240626201214
+build = 20240626201627
 
 [triggers]
 reload.analytic_stories = simple

dist/DA-ESS-ContentUpdate/default/app.conf

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:44 UTC
+# On Date: 2024-06-26T20:16:58 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############

dist/DA-ESS-ContentUpdate/default/collections.conf

@@ -1,7 +1,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:44 UTC
+# On Date: 2024-06-26T20:16:58 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############

dist/DA-ESS-ContentUpdate/default/content-version.conf

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:45 UTC
+# On Date: 2024-06-26T20:16:59 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_all_backup_logs_for_host___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:45 UTC
+# On Date: 2024-06-26T20:16:59 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############

dist/DA-ESS-ContentUpdate/default/data/ui/panels/workbench_panel_amazon_eks_kubernetes_activity_by_src_ip___response_task.xml

@@ -2,7 +2,7 @@
 #############
 # Automatically generated by 'contentctl build' from 
 # https://github.com/splunk/contentctl
-# On Date: 2024-06-26T20:12:45 UTC
+# On Date: 2024-06-26T20:16:59 UTC
 # Author: Splunk Threat Research Team - Splunk
 # Contact: [email protected]
 #############