Merge pull request #24 from splunk-soar-connectors/next

Merging next to main for release 2.11.0
splunk-soar-connectors · Sep 7, 2022 · 05972be · 05972be
2 parents 35e50da + 9b52b0a
commit 05972be
Show file tree

Hide file tree

Showing 14 changed files with 459 additions and 238 deletions.
diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/NOTICE b/NOTICE
@@ -10,13 +10,6 @@ Copyright 2004-2017 Leonard Richardson
 Copyright 2004-2019 Leonard Richardson
 Copyright 2018 Isaac Muse
 
-Library: future
-Version: 0.18.2
-License: MIT
-Copyright 2013-2019 Python Charmers Pty Ltd, Australia
-Copyright 2013-2019 Python Charmers Pty Ltd, Australia
-Copyright 2013-2019 Python Charmers Pty Ltd, Australia
-
 Library: python-dateutil
 Version: 2.8.1
 License: Apache 2.0

diff --git a/README.md b/README.md
@@ -2,11 +2,11 @@
 # Splunk
 
 Publisher: Splunk  
-Connector Version: 2\.10\.0  
+Connector Version: 2\.11\.0  
 Product Vendor: Splunk Inc\.  
 Product Name: Splunk Enterprise  
 Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.2\.0  
+Minimum Product Version: 5\.3\.0  
 
 This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions
 
@@ -24,6 +24,18 @@ This app integrates with Splunk to update data on the device, in addition to inv
 [comment]: # "either express or implied. See the License for the specific language governing permissions"
 [comment]: # "and limitations under the License."
 [comment]: # ""
+## App's Token-Based Authentication Workflow
+
+-   This app also supports API token based authentication.
+
+-   Please follow the steps mentioned in this
+    [documentation](https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/CreateAuthTokens) to
+    generate an API token.
+
+      
+    **NOTE -** If the username/password and API token are both provided then the API token will be
+    given preference and a token-based authentication workflow will be used.
+
 ## Splunk-SDK
 
 This app uses the Splunk-SDK module, which is licensed under the Apache Software License, Copyright
@@ -317,6 +329,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 **port** |  optional  | numeric | Port
 **username** |  optional  | string | Username
 **password** |  optional  | password | Password
+**api\_token** |  optional  | password | API token
 **splunk\_owner** |  optional  | string | The owner context of the namespace
 **splunk\_app** |  optional  | string | The app context of the namespace
 **timezone** |  required  | timezone | Splunk Server Timezone
@@ -325,7 +338,7 @@ VARIABLE | REQUIRED | TYPE | DESCRIPTION
 **on\_poll\_query** |  optional  | string | Query to use with On Poll
 **on\_poll\_display** |  optional  | string | Fields to save with On Poll
 **on\_poll\_parse\_only** |  optional  | boolean | Parse Only
-**max\_container** |  optional  | numeric | Max events to ingest for Scheduled Polling\(Default\: 100\)
+**max\_container** |  optional  | numeric | Max events to ingest for Scheduled Polling \(Default\: 100\)
 **container\_update\_state** |  optional  | numeric | Container count to update the state file
 **container\_name\_prefix** |  optional  | string | Name to give containers created via ingestion
 **container\_name\_values** |  optional  | string | Values to append to container name
@@ -370,6 +383,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 #### Action Output
 DATA PATH | TYPE | CONTAINS
 --------- | ---- | --------
+action\_result\.status | string | 
 action\_result\.parameter\.ip\_hostname | string |  `ip`  `host name` 
 action\_result\.parameter\.last\_n\_days | numeric | 
 action\_result\.data\.\*\.\_bkt | string | 
@@ -386,10 +400,9 @@ action\_result\.data\.\*\.linecount | string |
 action\_result\.data\.\*\.source | string | 
 action\_result\.data\.\*\.sourcetype | string | 
 action\_result\.data\.\*\.splunk\_server | string |  `host name` 
-action\_result\.status | string | 
-action\_result\.message | string | 
 action\_result\.summary\.sid | string | 
 action\_result\.summary\.total\_events | numeric | 
+action\_result\.message | string | 
 summary\.total\_objects | numeric | 
 summary\.total\_objects\_successful | numeric |   
 
@@ -435,6 +448,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 #### Action Output
 DATA PATH | TYPE | CONTAINS
 --------- | ---- | --------
+action\_result\.status | string | 
 action\_result\.parameter\.attach\_result | boolean | 
 action\_result\.parameter\.command | string | 
 action\_result\.parameter\.display | string | 
@@ -452,6 +466,7 @@ action\_result\.data\.\*\.\_si | string |
 action\_result\.data\.\*\.\_sourcetype | string | 
 action\_result\.data\.\*\.\_subsecond | string | 
 action\_result\.data\.\*\.\_time | string | 
+action\_result\.data\.\*\.\_value | string | 
 action\_result\.data\.\*\.a | string | 
 action\_result\.data\.\*\.content\.app | string | 
 action\_result\.data\.\*\.content\.host | string | 
@@ -487,10 +502,9 @@ action\_result\.data\.\*\.spent | string |
 action\_result\.data\.\*\.splunk\_server | string |  `host name` 
 action\_result\.data\.\*\.user | string | 
 action\_result\.data\.\*\.values\(source\) | string | 
-action\_result\.status | string | 
-action\_result\.message | string | 
 action\_result\.summary\.sid | string | 
 action\_result\.summary\.total\_events | numeric | 
+action\_result\.message | string | 
 summary\.total\_objects | numeric | 
 summary\.total\_objects\_successful | numeric |   
 
@@ -516,6 +530,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 #### Action Output
 DATA PATH | TYPE | CONTAINS
 --------- | ---- | --------
+action\_result\.status | string | 
 action\_result\.parameter\.comment | string | 
 action\_result\.parameter\.event\_ids | string |  `splunk notable event id` 
 action\_result\.parameter\.integer\_status | numeric | 
@@ -527,10 +542,9 @@ action\_result\.data\.\*\.failure\_count | numeric |
 action\_result\.data\.\*\.message | string | 
 action\_result\.data\.\*\.success | boolean | 
 action\_result\.data\.\*\.success\_count | numeric | 
-action\_result\.status | string | 
-action\_result\.message | string | 
 action\_result\.summary\.sid | string | 
 action\_result\.summary\.updated\_event\_id | string | 
+action\_result\.message | string | 
 summary\.total\_objects | numeric | 
 summary\.total\_objects\_successful | numeric |   
 
@@ -554,14 +568,14 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 #### Action Output
 DATA PATH | TYPE | CONTAINS
 --------- | ---- | --------
+action\_result\.status | string | 
 action\_result\.parameter\.data | string | 
 action\_result\.parameter\.host | string |  `ip`  `host name` 
 action\_result\.parameter\.index | string | 
 action\_result\.parameter\.source | string | 
 action\_result\.parameter\.source\_type | string | 
 action\_result\.data | string | 
-action\_result\.status | string | 
-action\_result\.message | string | 
 action\_result\.summary | string | 
+action\_result\.message | string | 
 summary\.total\_objects | numeric | 
 summary\.total\_objects\_successful | numeric | 
diff --git a/exclude_files.txt b/exclude_files.txt
diff --git a/readme.html b/readme.html
@@ -15,6 +15,15 @@
 <html>
   <head></head>
   <body>
+
+    <p><h2>App&#39;s Token-Based Authentication Workflow</p></h2>
+    <ul>
+        <li> This app also supports API token based authentication.</li>
+        <li> Please follow the steps mentioned in this <a href="https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/CreateAuthTokens" target="_blank">documentation</a> to generate an API token.</li>
+        <b>NOTE -</b>
+        If the username/password and API token are both provided then the API token will be given preference and a token-based authentication workflow will be used.
+    </ul>
+
     <p>
       <h2>Splunk-SDK</h2>
       This app uses the Splunk-SDK module, which is licensed under the Apache Software License, Copyright (c) 2011-2019 Splunk, Inc.

diff --git a/release_notes/2.11.0.md b/release_notes/2.11.0.md
@@ -0,0 +1,3 @@
+* Added token-based authentication workflow
+* Replaced an endpoint for test connectivity action
+* Fixed miscellaneous proxy-related issues
diff --git a/requirements.txt b/requirements.txt
@@ -1,7 +1,7 @@
 beautifulsoup4==4.9.1
-future==0.18.2
 python-dateutil==2.8.1
 pytz==2021.1
 requests==2.25.0
 simplejson==3.17.2
 splunk-sdk==1.6.18
+xmltodict==0.13.0