splunk
Documentation Request
I am new to using ContentCTL, and other than what is in the Readme, I've been unable to find any more documentation to help.
For example, how do I configure the contentctl.yml file, what are the permitted options?
Another example: How would I configure contentctl to push individual detections to a Cloud Splunk server via the deploy_api option. I'm not sure if that would require an app to already be on there, or if it's even possible. Looking at the readme doesn't help here:
"Deploy via API - Using the REST API, individual pieces of content are deployed to a running server. This is a great way to deploy all of the content in a content pack, but can also be used to deploy individual peices of content."
Unfortunately this doesn't go into any depth of how I might be able to do this.
Perhaps I'm missing something, if there is some documentation would someone mind pointing me to it?
As a side point - I want to join the Slack Channel to ask these questions, but it seems to be limited to certain companies?
and how to create new deployments? if we need to set different schedules, but built-in is not enough?
