You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been working on creating a custom Splunk app using the contentctl.py -p . generate command. Following the documentation, I created a configuration file 00_enterprise_security_deployment_configuration.yml with the appropriate precedence. However, I'm running into an issue where the generate command doesn't seem to take my configuration file into account. Instead, it seems to generate all the detection rules using the 00_default_ttp.yml.
What I aim to achieve is generating an app with a specific list of use cases and the rules that pertain to my interest. I don't need all the rules.
I noticed that the configuration files for specific rules in deployments directory were removed from the repository. Does this mean they're deprecated?
How do I correctly generate an app with only some detection rules?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello community,
I've been working on creating a custom Splunk app using the
contentctl.py -p . generatecommand. Following the documentation, I created a configuration file00_enterprise_security_deployment_configuration.ymlwith the appropriate precedence. However, I'm running into an issue where the generate command doesn't seem to take my configuration file into account. Instead, it seems to generate all the detection rules using the 00_default_ttp.yml.What I aim to achieve is generating an app with a specific list of use cases and the rules that pertain to my interest. I don't need all the rules.
I noticed that the configuration files for specific rules in deployments directory were removed from the repository. Does this mean they're deprecated?
How do I correctly generate an app with only some detection rules?
I'd greatly appreciate any guidance or pointers.
Beta Was this translation helpful? Give feedback.
All reactions