This repository has been archived by the owner on Aug 8, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated Documentation url from readthedocs
- Loading branch information
1 parent
19cd9d2
commit 646ff84
Showing
6 changed files
with
14 additions
and
13,595 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| Changelog available at http://pansplunk.readthedocs.io/en/latest/release_notes.html | ||
| Changelog available at http://splunk.paloaltonetworks.com/release-notes.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"data_input_builder": {"datainputs": [{"uuid": "31640f18575f431f8c7b2e997b81e16c", "title": "MineMeld Feed", "description": "Collects indicators from a MineMeld output node.", "sourcetype": "minemeld:indicator", "data_inputs_options": [{"type": "customized_var", "title": "Output Node Feed URL", "description": "", "required_on_create": true, "format_type": "text", "required_on_edit": false, "placeholder": "https://your-minemeld-server/feeds/your-feed", "default_value": "", "name": "feed_url"}, {"type": "customized_var", "name": "credentials", "title": "Feed Credentials", "description": "", "required_on_create": false, "format_type": "global_account", "required_on_edit": false, "placeholder": "", "default_value": "", "possible_values": []}], "customized_options": [{"name": "feed_url", "value": ""}, {"name": "credentials", "value": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\n\n'''\n IMPORTANT\n Edit only the validate_input and collect_events functions.\n Do not edit any other part in this file.\n This file is generated only once when creating the modular input.\n'''\n'''\n# For advanced users, if you want to create single instance mod input, uncomment this method.\ndef use_single_instance_mode():\n return True\n'''\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # feed_url = definition.parameters.get('feed_url', None)\n # credentials = definition.parameters.get('credentials', None)\n pass\n\ndef collect_events(helper, ew):\n \"\"\"Implement your data collection logic here\n\n # The following examples get the arguments of this input.\n # Note, for single instance mod input, args will be returned as a dict.\n # For multi instance mod input, args will be returned as a single value.\n opt_feed_url = helper.get_arg('feed_url')\n opt_credentials = helper.get_arg('credentials')\n # In single instance mode, to get arguments of a particular input, use\n opt_feed_url = helper.get_arg('feed_url', stanza_name)\n opt_credentials = helper.get_arg('credentials', stanza_name)\n\n # get input type\n helper.get_input_type()\n\n # The following examples get input stanzas.\n # get all detailed input stanzas\n helper.get_input_stanza()\n # get specific input stanza with stanza name\n helper.get_input_stanza(stanza_name)\n # get all stanza names\n helper.get_input_stanza_names()\n\n # The following examples get options from setup page configuration.\n # get the loglevel from the setup page\n loglevel = helper.get_log_level()\n # get proxy setting configuration\n proxy_settings = helper.get_proxy()\n # get account credentials as dictionary\n account = helper.get_user_credential_by_username(\"username\")\n account = helper.get_user_credential_by_id(\"account id\")\n # get global variable configuration\n global_userdefined_global_var = helper.get_global_setting(\"userdefined_global_var\")\n\n # The following examples show usage of logging related helper functions.\n # write to the log for this modular input using configured global log level or INFO as default\n helper.log(\"log message\")\n # write to the log using specified log level\n helper.log_debug(\"log message\")\n helper.log_info(\"log message\")\n helper.log_warning(\"log message\")\n helper.log_error(\"log message\")\n helper.log_critical(\"log message\")\n # set the log level for this modular input\n # (log_level can be \"debug\", \"info\", \"warning\", \"error\" or \"critical\", case insensitive)\n helper.set_log_level(log_level)\n\n # The following examples send rest requests to some endpoint.\n response = helper.send_http_request(url, method, parameters=None, payload=None,\n headers=None, cookies=None, verify=True, cert=None,\n timeout=None, use_proxy=True)\n # get the response headers\n r_headers = response.headers\n # get the response body as text\n r_text = response.text\n # get response body as json. If the body text is not a json string, raise a ValueError\n r_json = response.json()\n # get response cookies\n r_cookies = response.cookies\n # get redirect history\n historical_responses = response.history\n # get response status code\n r_status = response.status_code\n # check the response status, if the status is not sucessful, raise requests.HTTPError\n response.raise_for_status()\n\n # The following examples show usage of check pointing related helper functions.\n # save checkpoint\n helper.save_check_point(key, state)\n # delete checkpoint\n helper.delete_check_point(key)\n # get checkpoint\n state = helper.get_check_point(key)\n\n # To create a splunk event\n helper.new_event(data, time=None, host=None, index=None, source=None, sourcetype=None, done=True, unbroken=True)\n \"\"\"\n\n '''\n # The following example writes a random number as an event. (Multi Instance Mode)\n # Use this code template by default.\n import random\n data = str(random.randint(0,100))\n event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)\n ew.write_event(event)\n '''\n\n '''\n # The following example writes a random number as an event for each input config. (Single Instance Mode)\n # For advanced users, if you want to create single instance mod input, please use this code template.\n # Also, you need to uncomment use_single_instance_mode() above.\n import random\n input_type = helper.get_input_type()\n for stanza_name in helper.get_input_stanza_names():\n data = str(random.randint(0,100))\n event = helper.new_event(source=input_type, index=helper.get_output_index(stanza_name), sourcetype=helper.get_sourcetype(stanza_name), data=data)\n ew.write_event(event)\n '''\n", "parameters": [{"type": "text", "format_type": "text", "help_string": "", "name": "feed_url", "label": "Output Node Feed URL", "placeholder": "https://your-minemeld-server/feeds/your-feed", "required": true, "default_value": "", "value": ""}, {"type": "global_account", "format_type": "global_account", "help_string": "", "possible_values": [], "label": "Feed Credentials", "placeholder": "", "required": false, "default_value": "", "value": "", "name": "credentials"}], "interval": "30", "type": "customized", "use_external_validation": true, "name": "minemeld_feed", "streaming_mode_xml": true, "index": "default"}]}, "global_settings_builder": {"global_settings": {"proxy_settings": {"proxy_type": "http"}, "credential_settings": [{"username": "", "password": ""}], "log_settings": {}}}, "sourcetype_builder": {"minemeld:indicator": {"conf_data": {"pulldown_type": "1", "SHOULD_LINEMERGE": "0", "category": "Splunk App Add-on Builder"}, "metadata": {"data_input_name": "minemeld_feed", "event_count": 0, "cims_count": 0, "extractions_count": 0}}}, "basic_builder": {"author": "Palo Alto Networks", "small_icon": "iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAADZUlEQVRYR+2Wy08TURTGvzO0BQlaoEGmxAfBGJCiFiHRRBONipGqbSfRroya+Fj4F7gz0YUr10aNumAnailIq8YoatTgAkhgJEQSJTFUDQ9B3o97zVimDIV2JkCjJsxqZu695/zO9517Zwj/2EX/GA9WgPQcWVHoryoUlL0MIIJlzOraHBrUg1HGk2ZZUJamAQhKEksKxg8W+dOWFSjU7s3njD4rQQWiU4eLH1UlShCUJa6O21cxlBYEDBVvaJISWJtAeXY5/HHXBj9VpmIibUwFKrIyFKxLIlBuGkfZppq4QE/kYx4GU40KVGpj+IHRjO3is2E92wwp9KhdsqUx9KjBtmUzvHsTMPl8UPpk3hWSpR4O2LRA4Pyi3V57Y1mAgm3SeRBuqcGc2Qyplon1Nlvo60IJYu1VFALwwS4Gdi4PkOxtBsg5p2LwV3axdp8eUJaFI391pL/ton4fGbJMWzGBw2mLn+C+fMKSgalxFbTQypBuijwlBSjdxFFojQA19VA7EW1R7odkk8nnq54Oyp5iQJC19tJM2UkBKsliMP857oDm3pkbABxs1xFHoLFelpTt55lrb+SJMzqel1fzMFEf6VoWbPUegkBPYxOMTAIdg7NA6rkUp6EjQOCBPLHWuySgetlbRaCTsUBt/YRJNltPHKAuZ/b0GiLKUtfr2aavkOYTAGCy1MbMSvCWXgHRb4Pm5NYqxBjbXZbDrwK0P0lA/OMOG7vOQXe0/QPghcvhP/D4o1QicLSqyYfQv3pPlrWUBLxODhDhtDNz6gEJwrAWiDGcPbrVfzckS5c4cE1NrtoY/uaJislTWFleTl1TvD5KaFnsFlYTdIfdvKUvJRpTfV/f6q4gIeXZzECTy+EvU+61QATUimIgugtjwRIChdqk25xwLrbixk4v7x2f39Dxqp4DRBgQcwOZi1RI+gJg43wgz/vecWGX8p6Al5UOf7RpF0oUDrsbQLTXSB/pWDb7kwXwDpejpkgN+rbz0Nq+n6lDx8rrRhKdK8pY93f3BeJ0c3mBOK64SvyX9ZIbsU3MHTATNUwtNNewQkMwpfoc1ROLBgq7u0C0QVmf6HCMC1Qve88Q6F5s/ywWyOi6xAq1SRMgmM2jvzIryp8PGA26lHm6n46lBF/M2hUgPdVWFPrvFPoNu2pONNyS/dQAAAAASUVORK5CYII=", "visible": true, "tab_version": "2.1.2", "large_icon": "iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAKwUlEQVR4Xu2bC3BU1RnH/9/dDUkwCeQhuXeTwKg8s4GAbzq1lVrFbEJ2L50w1s7U2lqrrbbOaOtMH4q2nVpb6WBbW/sQ0T6mtGUfyW7QWkGn9YkgsjcBheqIZhckBMIrJLvn69zIhk1yLmQfAXT2zDDD7Dnne/zOd77zuiHkykkJUI7PyQnkAJ0iQnKAcoAySyK5CMpFUC6CMiOQi6DM+OVyUC6CchGUGYGPawT9c0tDdWFewT1gzCHBj7+8d//q5Ys2xLJN6yOZg57b7uk4HKM5yTDsCr+9X7w1e5nT6M8mpI8coA2d+n1HBO6RQSi2i6VXzPJ7PzKAWjcumQg7ly6Z3/Z+Noxes6bFVuSMWU6j0oL4rQsvCPw2G7oSMsYlgp7aok8Rdl7FIJepiIGjNuKvXVvrezIT49fsaiks6o0dsZIxo1ismjHV/+VMdIzsm3VAra83Vdny8jYDOHeksgFbvMQ9O3AwXQfWbPzspKLC4v2y/qYj88rjO6rUwIx05VvJzaY8hDo8vwDTHTKh5fni+5dN9/84XYVtRnOLAtsaaf7JA6aXCPQfi5VNmxbsSVfHuEdQ0PD0EqhYZmBdWfz5qVrg0+kaHzL0DQCk/bVChjqRERvA5TU1/pfT1TGugNZtXKyJwoldVsbNKxOoUv02Ioh0HAgZOlv1O79YYNIEgCBuUtXWP6Yjf9ynWPsb+kK24QUr4+aXCQz0pzcF1hstRUcRs8xfcyYLFNhMQHhUVf23nJWAQp36VyHwO5lxCgH1ZQJ59nh1RUXqy/66jqWaYLaOzlIBmwIw4xWH5r/s7AQU9jwKoptlxp2bz6guYnPN/4am+R9J1YHWrZ4rbQqtl/XLU4C60qFZO3DoYH/xjBntx1LVMe5TLGR4NgG0QKZo9iSBQjtAhGfUSv/VqRrfbugrGfimrF9FPqPGhH+8sBAXORytm1LVMa6AQm81lKC/4ICVUQvKT+Tlfd078p0pnplChv4egCqZ/GlFAmX5STUsbtS01sfPKkDBrc0Xk2J7VT4KjPnlJ0aYoFSqqnfPWB0wjyy2Qvthq/YzSwTOyTtRK5h/VaUFbh+r/JO1y9pOOhh2X0+k/FmeoBn1ZcmAYnNVNRgeqwNPbXXXxBXlXav2Zv4x89CJOYb1mub/zFjlnxZAbYbn5wroTpmykgmMC4qTtjDMd2la4KGxOhAymhcANsuckjx9j8s8oKn+yWOVf1oABcP6s0RYJFM2tUigPDlHAC9qqv8TZtug4VKZ8ivsIt7X27Hz3WXLRt/nhAzP7QA9LIWfx7igZPT+kUWs1uEIdmYKKWtTLBTWD4JQJDNIMsIweg5V9IviPwDkGVp9mN8+FqfLl9YPz0/tHfoLzFgok10zkVFROBqQgLi+Sm3961kBqH1L8yy227ZJ8w8Y9UkJOtFm6z7aFWOqGdmHWTzRWOe/IfH7Gm6xFXVY3wGNTNCJfgReqaoB6aE5FWhZiaB2Q29hQHrKthNjblKCNo07PAC82ZucVYeZ/JLL6R2KltaNSypshfYPrJyqnSyQbxtdy8AzDjX1/dZISVkBFAp77gfRD2ROnGNnzJw0fAq8d5jwQZ+FauK/uWp91yVktXY0zbBx3ptWgOrL4lBIKusdTfWfl0q0yNpmBVAwrLcSoUmmIHENkVzXuZ/QF5erZvB3G52+nyTaB99wX082+faBgfCF5WIKAPPfqNKnDGjnTQlFM4GUJUCe/xGRdLQSR4xkI7fuI8TYSjW7XE5fe6J9W9jziEJ0q3x0eXl9udAJVC+rF3F2V1UFAmcU0NrOq8oLRMleCyOOLCgX5gI/LEts6VYsL4QKJ3LpovN8Q9eqIUOPAFBl8uOM+RdXCHM/dZWsnplXOLSAdG82VmgZR1Bbx9JGhblNqpDwfn2p2KQQliTqj8aAbQcsE/ROl9M7PdF2nbG4TGBit5UzNlvs/LmTFQ8BKyzyx9Oq6l88VhjjkoPawu67FVIekI4gEK4v5QdtCj+RqI8cIUSPWk6vkMvpa0y0bd/WPIvj8u2D2WagJ16ycCYq44LekkPgHVqGl/gZR1DI0M3lvUVqIGNlfal4SLFh6By1/QDhSMwyQd/X6PQtT8gKGbp5nvq3Bfx9jU5vuVkXibrNm8ZRm1QijlVO6S0kSv9JOmNAQUPfSkCd1AkRv2be5GOv2fMKhqbJyRK0EPhc01zv2iRAPwLwPTkgfrLR6fvicUAdAIY9RSf6KISrKyv9z6Q7zTIGFDI8fQANP2l9+FgoXt3Tk99UfJCqqquH3stf7yaweXMsKRSLz26oD2xPVAUNz0sEsrg+jblcztbB1S4SdQcBDD5SjirE92iVgR+eEUDrwk2XCsqzeGLhvS6nb/DxsCvavJlA883/b+62SNCEAw1zvKVk8gOwav2VBZVTSo9aOaYQOa6tXWuucIjsXvIAWLlbPs15naYFGs4IoOBW/duk4EGrBOly+gZfOSO7PT8F83d6jhHeOWS1g8bTrlrv0IoT7NRnksBQNI3SMaFvkmtGe6/5ezTquYrB8mnE6NQ0f+0ZARTq0B8HY+hgmWwEA8FGp3dwd/1+t7tGGcC7O3oJBwesErR4uNHp/1ZCxodLfOHewVvs0eUxl9P7leSfI9FmIW/LvZoamHRGALUb+gsM+TWEEHxT01zf4ANeNHrNOYzCQ1v2EYTVDprFDa46/9B2wOwXMtx3AcrPTjjHDIGXXqnzfXL5iMfHroh7FxGqZSBY8CUOR2BjOpAyStKhsN4NQplUseDprrm+nWadYTgnlJVPP3ayBA3EL3Q5A+ZHD8PKunDzdEH0JQINxBBftcTZKr167Yq6/0vA4CXcyMKC73A4AitPK6BTPDPvdzm9pSOmwIHN3bYSCyMHbLHDpYvrn7a8mD+Vc12R5tVENLjsjwIE/pdDDVxzKhmy+rQjKBj2fJ6I/iJXyttdTt/s5LquLrf+eo8ytMdJriPCrxtqvbel40CiTyTivhGEx6SAGJ2ONBN12oBCHfpqMKQjBub/uOp8V4w09tlt+p6++IjvhojbbANHrsskekw93d1Lq/sH4rssIHdrqr8inQFIH5ChPwfgU1KlCu51zfHeP7Ju48aL8o6U1NzSL+jOuKBNgnnFwVr7i8vo7/F0jB/ZJxJt/gAgOQjun6Jp7ZY3k1b6MwH0DoBpMsEi3n9x07zga9lwOhUZkWjzKwBdIs8lfLOqBn6fijyzbVqAli+HcmmLbjXqwuX0Sm6JUzUt9fZd0eY/EegL8jzE/3BoAfmh+iSq0gLUZrivUKA8b2HI2411vvNTdy/zHpE9zbdB0C+lkgjbtUr/sIVjLBrTAtRueO5l0NC1xLAVCVjf4PRm5dl3LA4kt2FumRDd3b8DwKjnJAAbNNUvfdg8mZ60AIUMTxDHP/EdJZz5N64639dTdS5b7bu6lkwlRTFP+cnnr30ijvlVVX6rVc5SfXqAOjxvgGmuPJRZd9X6fNlyOB05zC22SKRvIZFiXubvZhYhh6PV8vvqrEdQ0PC8TKBLJYJ3HjLss5Yty86ynQ6cbPdJL4IMTwNAoWHzH9zT348L9QU+c/n/2JS0AJner92iT8lX+A4oqFaA1QV79j+3aBz+HOlMk04b0Jk2/HTpzwE6BekcoBygzCZjLoJyEZSLoMwI5CIoM365HJSLoFwEZUYgF0GZ8fs/0tTCdqST6DQAAAAASUVORK5CYII=", "appname": "TA-minemeld", "theme": "#316989", "build_no": 1, "tab_build_no": "23", "version": "1.0.0", "friendly_name": "MineMeld Add-on", "description": "Collect data from MineMeld output node feeds to find threat indicators across all Splunk events. Supports Splunk Enterprise Security Threat Intelligence feature."}} |
Oops, something went wrong.
646ff84There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any reason app_list.csv and threat_list.csv were emptied out? I think the dashboards relied on these being populated and some users coming from previous versions don't have pancontentpack configured properly.