Rule: 'Config' object has no attribute 'detection_configuration'

[shaygrantt]

Hi team I am unable to deploy any content pack via api_deploy command. contentctl api_deploy will produces the following errors below. If I do contentctl build command and manually upload the output of dist it does installed on the splunk instance. Any reason for this error? Tested this on both splunk installed on windows machine and linux machine

Error deploying saved search ContentPack - Investigate Failed Logins for Multiple Destinations - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Network Traffic From src ip - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Okta Activity by app - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Okta Activity by IP Address - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Pass the Hash Attempts - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Pass the Ticket Attempts - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Previous Unseen User - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Successful Remote Desktop Authentications - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Suspicious Strings in HTTP Header - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate User Activities In Okta - Response Task: 'Config' object has no attribute 'detection_configuration'
Error deploying saved search ContentPack - Investigate Web POSTs From src - Response Task: 'Config' object has no attribute 'detection_configuration'

Splunk Version

Config file

[vikasverma-pol]

I am also having the similar issue. Do we have any update on how this can be resolved? I tried manual upload of app and test it that way and I found it works but api_deploy commands returns these errors. Also, I can see that contentpack contains statements related to Enterprise security specific features such as correaltion searches etc. (in savedsearch.conf file there are many references to that). So does that mean these can only be deployed on ES search heads? If not, how can we remove those sort of settings from the app during build? How can we add customer alert actions from the repo? such as trigger action to snow to raise ticket? I am sorry if I am misunderstanding something but I am quite new to this and I am trying to get my head around how we can use this. Also, a detailed readme guide would help a lot to answer all these questions. I think there is an open issue request for the same as well. :)

Thanks

[shaygrantt]

@vikasverma-pol did you ever find the fix for this?