Merge pull request #14 from splunk-soar-connectors/next

Merging next to main for release 2.2.0
splunk-soar-connectors · Jul 15, 2024 · 88f626a · 88f626a
2 parents 29162a4 + 638e4db
commit 88f626a
Show file tree

Hide file tree

Showing 42 changed files with 291 additions and 370 deletions.
diff --git a/.github/workflows/generate-doc.yml b/.github/workflows/generate-doc.yml
@@ -0,0 +1,20 @@
+name: Generate Readme Doc
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - '*.json'
+      - 'readme.html'
+      - 'manual_readme_content.md'
+    tags-ignore:
+      - '**'
+    branches-ignore:
+      - next
+      - main
+jobs:
+  generate-doc:
+    runs-on: ubuntu-latest
+    steps:
+     - uses: 'phantomcyber/dev-cicd-tools/github-actions/generate-doc@main'
+       with:
+         GITHUB_TOKEN: ${{ secrets.SOAR_APPS_TOKEN }}
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -1,7 +1,7 @@
 name: Linting
 on: [push, pull_request]
 jobs:
-  lint: 
+  lint:
     # Run per push for internal contributers. This isn't possible for forked pull requests,
     # so we'll need to run on PR events for external contributers.
     # String comparison below is case insensitive.

diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.9
+    rev: v1.18
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^symantecdlp.json$']
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2018-2022 Splunk Inc.
+   Copyright (c) 2018-2024 Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/README.md b/README.md
diff --git a/__init__.py b/__init__.py
@@ -1,6 +1,6 @@
 # File: __init__.py
 #
-# Copyright (c) 2018-2022 Splunk Inc.
+# Copyright (c) 2018-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/manual_readme_content.md b/manual_readme_content.md
@@ -0,0 +1,61 @@
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2018-2024 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## On Poll
+
+### Ingestion
+
+#### Schedule | Interval Polling
+
+-   During scheduled | interval polling, the app will start from the number of days specified in
+    **first_scheduled_ingestion_span** and will ingest up to the number of incidents specified in
+    the **max_containers** (Default value 10) in configuration parameter per cycle. Then it
+    remembers the last ingested 'incident_id' and stores it in the state file against the key
+    'last_incident_ingested'. For the next scheduled | interval cycles, ingestion will start from
+    the last_incident_ingested in the state file and will ingest up to the number of incidents
+    specified in the **max_containers** .
+-   The number of incidents ingested will depend on the specified **max_containers** and
+    **poll_now_ingestion_span** , whichever limit is hit first.
+
+#### Manual Polling
+
+-   During a **POLL NOW** , incidents will be ingested starting with the oldest first. The number of
+    incidents ingested will depend on the specified **max_containers** and
+    **poll_now_ingestion_span** , whichever limit is hit first.
+
+**Custom Severity Config Parameter**
+
+-   It is an optional parameter. Here the user needs to provide a JSON string in the following
+    format  
+    {'symantecdlp_severity': 'phantom_severity'}  
+    This parameter can be used to map the Symantec DLP incident severity to any of the custom
+    phantom severity.
+-   To configure a custom severity in the Phantom, go to Administrator → Event Settings → Severity.
+    Click on 'add item' and give an appropriate name for the severity and click on 'Done' button.
+-   By default, the severity is mapped in the following way:
+    -   For the incident having 'high' severity, the container's severity will be 'high'.
+    -   For the incident having 'medium' severity, the container's severity will be 'medium'.
+    -   For the incident having 'low' severity, the container's severity will be 'low'.
+    -   For the incident having severity other than 'high', 'low' or 'medium' the container's
+        severity will be 'medium'.
+
+## Port Information
+
+The app uses HTTP/ HTTPS protocol for communicating with the Mattermost server. Below are the
+default ports used by Splunk SOAR.
+
+|         Service Name | Transport Protocol | Port |
+|----------------------|--------------------|------|
+|         http         | tcp                | 80   |
+|         https        | tcp                | 443  |
diff --git a/parse_incidents.py b/parse_incidents.py
@@ -1,6 +1,6 @@
 # File: parse_incidents.py
 #
-# Copyright (c) 2018-2022 Splunk Inc.
+# Copyright (c) 2018-2024 Splunk Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/readme.html b/readme.html
diff --git a/release_notes/2.2.0.md b/release_notes/2.2.0.md
@@ -0,0 +1 @@
+* Updated lxml package due to vulnerability [PAPP-31092]
diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,4 @@
-beautifulsoup4==4.9.1
-python-magic==0.4.18
-pytz==2021.1
-requests==2.25.0
-zeep==3.4.0
+beautifulsoup4==4.12.2
+python-magic==0.4.24
+pytz==2023.3
+zeep==4.2.1
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		* Updated lxml package due to vulnerability [PAPP-31092]