v4.3.5
In addition to some cleanup, this release includes two significant features:
- Versioning enforcement has been added to that when a Detection is updated in a new release, its
versionfield MUST be updated. This is important so that applications built with contentctl can take advantage of Splunk Enterprise Security 8's "Detection Versioning" feature! This enforcement has been added to theinspectworkflow. - The
enrichmentsworkflow has changed, When building withenrichments, both the Atomic Red Team and Mitre CTI repos must be checked out. This update was made because it results in faster builds (when enrichments are enabled) and more stable and reliable builds using the Mitre CTI repo. We previously used the MITRE TAXII server, which is accessed via API in theattackcticlient, but that API was frequently down, making us unable to build/test/release ESCU.
What's Changed
- Removal of more bits of SSA by @ljstella in #255
- Fix unintended whitespace by @pyth0n1c in #278
- Update bottle requirement from ^0.12.25 to >=0.12.25,<0.14.0 by @dependabot in #277
- Bareinit by @pyth0n1c in #288
- Update setuptools requirement from >=69.5.1,<75.0.0 to >=69.5.1,<76.0.0 by @dependabot in #290
- Feature: Adding version enforcement by @cmcginley-splunk in #280
- Require mitre/cti repo for enrichments by @pyth0n1c in #291
Full Changelog: v4.3.4...v4.3.5
Contributors
ljstella, dependabot, and 2 other contributors