From f71dc5268784b5d14dde70e0e49ae7ef1c85282f Mon Sep 17 00:00:00 2001 From: Florian Utz Date: Mon, 24 Nov 2025 20:18:27 +0100 Subject: [PATCH] Add dnslookup to list of ignored lookups The 'dnslookup' command is a standard external lookup provided by default in Splunk Enterprise. This commit adds it to the LOOKUPS_TO_IGNORE set in 'contentctl/objects/lookup.py'. This prevents validation errors during the build process when detections reference this lookup, as it does not need to be packaged with the app. --- contentctl/objects/lookup.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/contentctl/objects/lookup.py b/contentctl/objects/lookup.py index 93f38033..daa25d7d 100644 --- a/contentctl/objects/lookup.py +++ b/contentctl/objects/lookup.py @@ -73,6 +73,9 @@ "mitre_attack_lookup" ) # KVStore provided by SA-ThreatIntelligence, part of Enterprise Security +LOOKUPS_TO_IGNORE.add( + "dnslookup" +) # Standard Splunk external lookup provided by default class Lookup_Type(StrEnum): csv = auto()