diff --git a/contentctl/input/new_content_questions.py b/contentctl/input/new_content_questions.py index 0bd227d4..02b20f46 100644 --- a/contentctl/input/new_content_questions.py +++ b/contentctl/input/new_content_questions.py @@ -1,4 +1,5 @@ from typing import Any +from contentctl.objects.enums import DataSource class NewContentQuestions: @@ -48,46 +49,9 @@ def get_questions_detection(cls) -> list[dict[str,Any]]: 'type': 'checkbox', 'message': 'Your data source', 'name': 'data_source', - 'choices': [ - "OSQuery ES Process Events", - "Powershell 4104", - "Sysmon Event ID 1", - "Sysmon Event ID 3", - "Sysmon Event ID 5", - "Sysmon Event ID 6", - "Sysmon Event ID 7", - "Sysmon Event ID 8", - "Sysmon Event ID 9", - "Sysmon Event ID 10", - "Sysmon Event ID 11", - "Sysmon Event ID 13", - "Sysmon Event ID 15", - "Sysmon Event ID 20", - "Sysmon Event ID 21", - "Sysmon Event ID 22", - "Sysmon Event ID 23", - "Windows Security 4624", - "Windows Security 4625", - "Windows Security 4648", - "Windows Security 4663", - "Windows Security 4688", - "Windows Security 4698", - "Windows Security 4703", - "Windows Security 4720", - "Windows Security 4732", - "Windows Security 4738", - "Windows Security 4741", - "Windows Security 4742", - "Windows Security 4768", - "Windows Security 4769", - "Windows Security 4771", - "Windows Security 4776", - "Windows Security 4781", - "Windows Security 4798", - "Windows Security 5136", - "Windows Security 5145", - "Windows System 7045" - ] + #In the future, we should dynamically populate this from the DataSource Objects we have parsed from the data_sources directory + 'choices': sorted(DataSource._value2member_map_ ) + }, { "type": "text", diff --git a/contentctl/objects/enums.py b/contentctl/objects/enums.py index d7072ecc..f4a7822e 100644 --- a/contentctl/objects/enums.py +++ b/contentctl/objects/enums.py @@ -197,21 +197,21 @@ class KillChainPhase(str, enum.Enum): class DataSource(str,enum.Enum): OSQUERY_ES_PROCESS_EVENTS = "OSQuery ES Process Events" POWERSHELL_4104 = "Powershell 4104" - SYSMON_EVENT_ID_1 = "Sysmon Event ID 1" - SYSMON_EVENT_ID_10 = "Sysmon Event ID 10" - SYSMON_EVENT_ID_11 = "Sysmon Event ID 11" - SYSMON_EVENT_ID_13 = "Sysmon Event ID 13" - SYSMON_EVENT_ID_15 = "Sysmon Event ID 15" - SYSMON_EVENT_ID_20 = "Sysmon Event ID 20" - SYSMON_EVENT_ID_21 = "Sysmon Event ID 21" - SYSMON_EVENT_ID_22 = "Sysmon Event ID 22" - SYSMON_EVENT_ID_23 = "Sysmon Event ID 23" - SYSMON_EVENT_ID_3 = "Sysmon Event ID 3" - SYSMON_EVENT_ID_5 = "Sysmon Event ID 5" - SYSMON_EVENT_ID_6 = "Sysmon Event ID 6" - SYSMON_EVENT_ID_7 = "Sysmon Event ID 7" - SYSMON_EVENT_ID_8 = "Sysmon Event ID 8" - SYSMON_EVENT_ID_9 = "Sysmon Event ID 9" + SYSMON_EVENT_ID_1 = "Sysmon EventID 1" + SYSMON_EVENT_ID_3 = "Sysmon EventID 3" + SYSMON_EVENT_ID_5 = "Sysmon EventID 5" + SYSMON_EVENT_ID_6 = "Sysmon EventID 6" + SYSMON_EVENT_ID_7 = "Sysmon EventID 7" + SYSMON_EVENT_ID_8 = "Sysmon EventID 8" + SYSMON_EVENT_ID_9 = "Sysmon EventID 9" + SYSMON_EVENT_ID_10 = "Sysmon EventID 10" + SYSMON_EVENT_ID_11 = "Sysmon EventID 11" + SYSMON_EVENT_ID_13 = "Sysmon EventID 13" + SYSMON_EVENT_ID_15 = "Sysmon EventID 15" + SYSMON_EVENT_ID_20 = "Sysmon EventID 20" + SYSMON_EVENT_ID_21 = "Sysmon EventID 21" + SYSMON_EVENT_ID_22 = "Sysmon EventID 22" + SYSMON_EVENT_ID_23 = "Sysmon EventID 23" WINDOWS_SECURITY_4624 = "Windows Security 4624" WINDOWS_SECURITY_4625 = "Windows Security 4625" WINDOWS_SECURITY_4648 = "Windows Security 4648"