Build constraints based on tags
schimpy opened this issue · comments
Is your feature request related to a problem? Please describe.
We would like to utilize one security content project/repo for multiple internal systems (2+) that have each separate Splunk ES.
Describe the solution you'd like
For that, we would suggest to add a tag to YAML object "system/environment/..." with list of system names where it should be used. It would be a custom-defined tag. The build routine in Python script would then take into consideration all objects where this tag value will be present. This value will be passed as a command line argument. Multiple builds will ensure that every system gets its own application.
Describe alternatives you've considered
Just reverse the Py code, understand it and make custom changes
Example
detection01 with tag "systems": [sys01, sys02]
detection02 with tag "systems": [sys02, sys03]
detection03 with tag "systems": [sys01]
python contentctl.py -p . generate -sys sys01 > detection01, detection03
python contentctl.py -p . generate -sys sys02 > detection01, detection02
python contentctl.py -p . generate -sys sys03 > detection02