[Feature Request] Update yaml schemas

**Is your feature request related to a problem? Please describe.**
1. The [detections .yml schema](https://github.com/splunk/security_content/blob/develop/docs/yaml-spec/detection_spec.yml) appears to be out of date. Fields that can be valid and used in detection content, specifically [drilldown_searches](https://github.com/splunk/contentctl/blob/09442c2cc848d76eda6348106d38f3978bce26ad/contentctl/objects/abstract_security_content_objects/detection_abstract.py#L148) and [rba](https://github.com/splunk/contentctl/blob/09442c2cc848d76eda6348106d38f3978bce26ad/contentctl/objects/rba.py), are not reflected in the schema.
2. `data_sources` and `response_templates` schemas are missing.

**Describe the solution you'd like**
Update the detection schema to include missing fields (drilldown_searches, rba, etc), add missing schemas (`data_sources` and `response_templates`) with appropriate types and constraints. This would bring the schema in sync with the actual capabilities supported by the detection .yaml format.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feature Request] Update yaml schemas #3995

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Feature Request] Update yaml schemas #3995

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions