Build Support to Validate Reference Lists and Data Tables

[JohnPortClear]

Hello!

Content Manager does not support the ability to validate that reference lists and/or data tables are actually valid; The functionality to validate rule text is built into the tool already, making use of the verifyRuleText API endpoint, and there is a verifyReferenceList API endpoint as well.

For customers looking to build comprehensive detection as code CICD pipelines, it is imperative that we ensure that the files we are pushing into the SecOps platform are valid and do not fail syntax checks so that we do not break detections.

[threat-punter]

Thanks for opening this issue. I'll take a look when I'm back from leave next week.

[threat-punter]

Hi @JohnPortClear. There is some schema validation that's built into Content Manager for reference lists that will raise an error if there's an issue with one of your reference lists such as an invalid syntax type. If there's an issue with one of your reference lists, your unit tests should raise an error that someone will need to fix before the changes can be pushed to Google SecOps.

Are you seeing any misses in terms of Content Manager validating your reference lists or their associated config entries? If so, I can look at utilizing the verifyReferenceList API method.

I've asked internally if we'll be providing a verifyDataTable API method. I'll let you know when I hear back on that. There is some schema validation that happens for data tables in Content Manager.

I learned today that reference lists will be deprecated in June 2026 in favor of using data tables. I thought I'd share that with you in case you're not already aware.