diff --git a/contentctl/output/templates/savedsearches_detections.j2 b/contentctl/output/templates/savedsearches_detections.j2 index d1ef66b9..8c800d72 100644 --- a/contentctl/output/templates/savedsearches_detections.j2 +++ b/contentctl/output/templates/savedsearches_detections.j2 @@ -1,10 +1,15 @@ ### {{app.label}} DETECTIONS ### +[default] +disabled = 1 +description = "This search was removed in a previous release, or is otherwise not present." +search = | makeresults | eval text = "This search was removed in a previous release, or is otherwise not present." + {% for detection in objects %} [{{ detection.get_conf_stanza_name(app) }}] action.escu = 0 action.escu.enabled = 1 -description = {{ detection.status_aware_description | escapeNewlines() }} +description = {{ detection.status_aware_description | escapeNewlines() }} action.escu.mappings = {{ detection.mappings | tojson }} action.escu.data_models = {{ detection.datamodel | tojson }} action.escu.eli5 = {{ detection.status_aware_description | escapeNewlines() }} diff --git a/contentctl/templates/app_template/metadata/default.meta b/contentctl/templates/app_template/metadata/default.meta index 7d137480..51a8cf5c 100644 --- a/contentctl/templates/app_template/metadata/default.meta +++ b/contentctl/templates/app_template/metadata/default.meta @@ -6,18 +6,9 @@ export = system [savedsearches] owner = admin -## Correlation Searches -[correlationsearches] -access = read : [ * ], write : [ * ] - -[governance] -access = read : [ * ], write : [ * ] - -## Managed Configurations -[managed_configurations] -access = read : [ * ], write : [ * ] - -## Postprocess -[postprocess] -access = read : [ * ], write : [ * ] - +## DO NOT EXPORT THE [default] stanza, and the [default] stanza alone. +## Because this comes later in the default.meta file, it overrides the +## export = system for [] above. +## We MAY want to consider change the access, like making this stanza read-only or similar +[savedsearches/default] +export = none diff --git a/pyproject.toml b/pyproject.toml index 9c051121..7bcca192 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [tool.poetry] name = "contentctl" -version = "5.5.10" +version = "5.5.11" description = "Splunk Content Control Tool" authors = ["STRT "]