forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Splunk mirroring comments (demisto#28198)
* mirror in and out * layout * comments script * tests * release notes * rn * readme * layout * release notes * rn incident fields * new unit test and remove debug logs * comment to table test * convert comment to table test * rn * rename test * fix unit test * rn * fix * new rn * fix test * docker update * comments * Bump pack from version SplunkPy to 3.1.3. * change the mirror in query * tests * Apply suggestions from doc review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * change docker image and releasenotes --------- Co-authored-by: Content Bot <bot@demisto.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
- Loading branch information
1 parent
8c2289b
commit 4117cff
Showing
16 changed files
with
523 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 33 additions & 0 deletions
33
Packs/SplunkPy/IncidentFields/incidentfiels-Notable_Comments.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
{ | ||
"associatedToAll": false, | ||
"associatedTypes": [ | ||
"Splunk Notable Generic" | ||
], | ||
"caseInsensitive": true, | ||
"cliName": "splunkcomments", | ||
"closeForm": false, | ||
"content": true, | ||
"description": "the notable comments", | ||
"editForm": true, | ||
"group": 0, | ||
"hidden": false, | ||
"id": "incident_splunkComments", | ||
"isReadOnly": false, | ||
"locked": false, | ||
"name": "Splunk Comments", | ||
"neverSetAsRequired": false, | ||
"ownerOnly": false, | ||
"propagationLabels": [ | ||
"all" | ||
], | ||
"required": false, | ||
"sla": 0, | ||
"system": false, | ||
"threshold": 72, | ||
"type": "multiSelect", | ||
"unmapped": false, | ||
"unsearchable": true, | ||
"useAsKpi": false, | ||
"version": -1, | ||
"fromVersion": "6.0.0" | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
|
||
#### Incident Fields | ||
|
||
- New: **Splunk Comments** | ||
|
||
#### Integrations | ||
|
||
##### SplunkPy | ||
|
||
- Added a *comments* to the mirror in/out functionality. | ||
|
||
#### Layouts | ||
|
||
##### Splunk Notable Generic | ||
|
||
- Added a table to show the comments of the Splunk notable. | ||
- Added a button that enables the user to create a note and tag it, without the need of going to the War Room to tag it. | ||
|
||
#### Mappers | ||
|
||
##### Splunk - Notable Generic Incoming Mapper | ||
|
||
- Added the following new fields to the integration incoming mapper: | ||
- **dbotMirrorTags** | ||
- **Splunk Comments** | ||
|
||
#### Scripts | ||
|
||
##### New: SplunkAddComment | ||
|
||
- New: Use this script to add a comment with a tag (the "Comment tag to Splunk" defined in the instance configuration) as an entry in Cortex XSOAR, which will then be mirrored as a comment to a Splunk issue. This script should be run within an incident. (Available from Cortex XSOAR 6.0.0). | ||
##### New: SplunkConvertCommentsToTable | ||
|
||
- New: This script is used to convert Splunk comments to a table. (Available from Cortex XSOAR 6.0.0). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
Use this script to add a comment with a tag (the "Comment tag to Splunk" defined in the instance configuration) as an entry in Cortex XSOAR, which will then be mirrored as a comment to a Splunk issue. This script should be run within an incident. | ||
|
||
## Script Data | ||
|
||
--- | ||
|
||
| **Name** | **Description** | | ||
| --- | --- | | ||
| Script Type | python3 | | ||
| Cortex XSOAR Version | 6.0.0 | | ||
|
||
## Inputs | ||
|
||
--- | ||
|
||
| **Argument Name** | **Description** | | ||
| --- | --- | | ||
| comment | Comment to be added to the Splunk issue. | | ||
| tag | The comment tag. Use the comment entry tag \(defined in your instance configuration\) to mirror the comment to splunk. | | ||
|
||
## Outputs | ||
|
||
--- | ||
There are no outputs for this script. |
26 changes: 26 additions & 0 deletions
26
Packs/SplunkPy/Scripts/SplunkAddComment/SplunkAddComment.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
import demistomock as demisto # noqa: F401 | ||
from CommonServerPython import * # noqa: F401 | ||
|
||
|
||
def add_comment(args: Dict[str, Any]) -> CommandResults: | ||
demisto.debug("adding comment") | ||
tags = argToList(args.get('tags', 'FROM XSOAR')) | ||
comment_body = args.get('comment', '') | ||
|
||
return CommandResults( | ||
readable_output=comment_body, mark_as_note=True, tags=tags | ||
) | ||
|
||
|
||
def main(): # pragma: no cover | ||
try: | ||
demisto.debug('SplunkAddComment is being called') | ||
res = add_comment(demisto.args()) | ||
return_results(res) | ||
|
||
except Exception as ex: | ||
return_error(f'Failed to execute SplunkAddComment. Error: {str(ex)}') | ||
|
||
|
||
if __name__ in ["__builtin__", "builtins", '__main__']: | ||
main() |
Oops, something went wrong.