Content export contains dependencies that shouldn't be required
I would like to export a collection of specific custom content for QRadar. The file I an using for the contentManagement.pl export package command ends up looking like:
installed_application, 1051
customrule, 100352,100357,100356,100358,100355
dashboard, 63
fgroup, 100074,100124
deviceextension, 2,1
sensordevice, 112,113
qidmap, 1002750005,1002500003
However, the resulting export seems to contain a lot of additional "dependencies" that I don't want. When I go to install the package on a new vanilla QRadar appliance, there are 77 included items marked REPLACE that shouldn't seem to be there. For example, it is including all 62 protocol configuration types, but I'm not sure why?
Is there any advice on how to do a content export that includes exactly what is needed and nothing else?
Thanks!
The ContentManagementTool(CMT) is aggressive that way. It will not leave out any dependencies that is associated with the content you are attempting to export. The dependencies that you are seeing, must be tied up with the content(and i am guessing as sensordevice). Sensordevice(or Log source) usually tends to have a number of dependencies associated with it.