From 46c6a9adef1810b5bf0d9f89eaf7737c9c32f94d Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Wed, 24 Jan 2024 11:50:35 -0600
Subject: [PATCH 1/2] bug: changing templatized user ID field

---
 contentctl/output/templates/finding_report.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contentctl/output/templates/finding_report.j2 b/contentctl/output/templates/finding_report.j2
index feff0520..8c399ee5 100644
--- a/contentctl/output/templates/finding_report.j2
+++ b/contentctl/output/templates/finding_report.j2
@@ -3,7 +3,7 @@
     time = timestamp,
     evidence = {{ detection.tags.evidence_str }},
     message = "{{ detection.name }} has been triggered on " + device_hostname + " by " + {{ actor_user_name }} + ".",
-    users = [{"name": {{ actor_user_name }}, "uid": actor_user.uid}],
+    users = [{"name": {{ actor_user_name }}, "uuid": actor_user.uuid}],
     activity_id = 1,
     cis_csc = [{"control": "CIS 10", "version": 8}], 
     analytic_stories = {{ detection.tags.analytics_story_str }},
@@ -27,4 +27,4 @@
     start_time = timestamp,
     end_time = timestamp
   | fields metadata, rule, activity_id, analytic_stories, cis_csc, category_uid, class_name, class_uid, confidence, confidence_id, devices, duration, time, evidence, impact, impact_id, kill_chain, message, nist, observables, risk_level, risk_level_id, risk_score, severity_id, type_uid, users, start_time, end_time 
-  | into sink; 
\ No newline at end of file
+  | into sink; 

From df45adfd5b8c1ee570d1604f526bf9cc111151a9 Mon Sep 17 00:00:00 2001
From: ljstella <lstella@splunk.com>
Date: Fri, 9 Feb 2024 08:36:18 -0600
Subject: [PATCH 2/2] adding both UID & UUID

---
 contentctl/output/templates/finding_report.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contentctl/output/templates/finding_report.j2 b/contentctl/output/templates/finding_report.j2
index 8c399ee5..e965946a 100644
--- a/contentctl/output/templates/finding_report.j2
+++ b/contentctl/output/templates/finding_report.j2
@@ -3,7 +3,7 @@
     time = timestamp,
     evidence = {{ detection.tags.evidence_str }},
     message = "{{ detection.name }} has been triggered on " + device_hostname + " by " + {{ actor_user_name }} + ".",
-    users = [{"name": {{ actor_user_name }}, "uuid": actor_user.uuid}],
+    users = [{"name": {{ actor_user_name }}, "uuid": actor_user.uuid, "uid": actor_user.uid}],
     activity_id = 1,
     cis_csc = [{"control": "CIS 10", "version": 8}], 
     analytic_stories = {{ detection.tags.analytics_story_str }},