SplunkPy - add support in credential store (#23441)

* SplunkPy * Added "HEC" word to known_words
demisto · Jan 9, 2023 · d2bb27a · d2bb27a
1 parent 1e8c9d7
commit d2bb27a
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 17 deletions.
diff --git a/Packs/SplunkPy/.pack-ignore b/Packs/SplunkPy/.pack-ignore
@@ -1,5 +1,5 @@
 [file:SplunkPy.yml]
-ignore=IN126,IN135,IN145
+ignore=IN126,IN135
 
 [file:README.md]
 ignore=RM106
@@ -29,6 +29,7 @@ ignore=IM111
 [known_words]
 Splunk
 SplunkPy
+HEC
 
 [file:classifier-SplunkPy.json]
 ignore=BA101
diff --git a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py
@@ -2251,7 +2251,7 @@ def splunk_submit_event_hec(
 
 
 def splunk_submit_event_hec_command():
-    hec_token = demisto.params().get('hec_token')
+    hec_token = demisto.params().get('cred_hec_token', {}).get('password') or demisto.params().get('hec_token')
     baseurl = demisto.params().get('hec_url')
     if baseurl is None:
         raise Exception('The HEC URL was not provided.')

diff --git a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml
@@ -146,12 +146,20 @@ configuration:
   type: 0
   section: Collect
   advanced: true
-- display: HEC Token (HTTP Event Collector)
+- name: cred_hec_token
+  required: false
+  type: 9
+  section: Collect
+  advanced: true
+  displaypassword: HEC Token (HTTP Event Collector)
+  hiddenusername: true
+- display: 'HEC Token (HTTP Event Collector)'
   name: hec_token
   required: false
   type: 4
   section: Collect
   advanced: true
+  hidden: true
 - display: 'HEC BASE URL (e.g: https://localhost:8088 or https://example.splunkcloud.com/).'
   name: hec_url
   required: false
@@ -161,14 +169,14 @@ configuration:
 - additionalinfo: Enrichment types to enrich each fetched notable. If none are selected, the integration will fetch notables as usual (without enrichment). For more info about enrichment types see the integration additional info.
   display: Enrichment Types
   name: enabled_enrichments
-  options:
-  - Drilldown
-  - Asset
-  - Identity
   required: false
   type: 16
   section: Collect
   advanced: true
+  options:
+  - Drilldown
+  - Asset
+  - Identity
 - additionalinfo: When the selected timeout was reached, notable events that were not enriched will be saved without the enrichment.
   defaultvalue: '5'
   display: Enrichment Timeout (Minutes)
@@ -177,35 +185,35 @@ configuration:
   type: 0
   section: Collect
   advanced: true
-- additionalinfo: The limit of how many events to retrieve per each one of the enrichment types (Drilldown, Asset, and Identity). To retrieve all events, enter "0" (not recommended).
-  defaultvalue: '20'
-  display: Number of Events Per Enrichment Type
+- display: 'Number of Events Per Enrichment Type'
   name: num_enrichment_events
   required: false
   type: 0
   section: Collect
   advanced: true
+  additionalinfo: The limit of how many events to retrieve per each one of the enrichment types (Drilldown, Asset, and Identity). To retrieve all events, enter "0" (not recommended).
+  defaultvalue: '20'
 - display: 'Advanced: Extensive logging (for debugging purposes). Do not use this option unless advised otherwise.'
   name: extensive_logs
   required: false
   type: 8
   section: Collect
   advanced: true
 - additionalinfo: The fetch time range will be at least the size specified here. This will support events that have a gap between their occurrence time and their index time in Splunk. To decide how long the backwards window should be, you need to determine the average time between them both in your Splunk environment.
-  defaultvalue: '15'
   display: 'Advanced: Fetch backwards window for the events occurrence time (minutes)'
   name: occurrence_look_behind
   required: false
   type: 0
   section: Collect
   advanced: true
-- additionalinfo: A comma-separated list of fields, which together are a unique identifier for the events to fetch in order to avoid fetching duplicates incidents.
-  display: 'Advanced: Unique ID fields'
+  defaultvalue: '15'
+- display: 'Advanced: Unique ID fields'
   name: unique_id_fields
   required: false
   type: 0
   section: Collect
   advanced: true
+  additionalinfo: A comma-separated list of fields, which together are a unique identifier for the events to fetch in order to avoid fetching duplicates incidents.
 - defaultvalue: 'false'
   display: Enable user mapping
   name: userMapping
@@ -229,14 +237,14 @@ configuration:
   type: 0
   section: Connect
   advanced: true
-- additionalinfo: The name of the lookup table containing the Splunk username.
-  defaultvalue: splunk_username
+- defaultvalue: 'splunk_username'
   display: SPLUNK user key
   name: splunk_user_field
   required: false
   type: 0
   section: Connect
   advanced: true
+  additionalinfo: The name of the lookup table containing the Splunk username.
 - defaultvalue: '1'
   display: Incidents Fetch Interval
   name: incidentFetchInterval
@@ -575,7 +583,7 @@ script:
     - contextPath: Splunk.UserMapping.SplunkUser
       description: Splunk user mapping.
       type: String
-  dockerimage: demisto/splunksdk-py3:1.0.0.42294
+  dockerimage: demisto/splunksdk-py3:1.0.0.42962
   isfetch: true
   ismappable: true
   isremotesyncin: true

diff --git a/Packs/SplunkPy/ReleaseNotes/3_0_2.md b/Packs/SplunkPy/ReleaseNotes/3_0_2.md
@@ -0,0 +1,5 @@
+
+#### Integrations
+##### SplunkPy
+- Updated the Docker image to: *demisto/splunksdk-py3:1.0.0.42962*.
+- Added the *HEC Token* integration parameter to support credentials fetching object.
diff --git a/Packs/SplunkPy/pack_metadata.json b/Packs/SplunkPy/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Splunk",
     "description": "Run queries on Splunk servers.",
     "support": "xsoar",
-    "currentVersion": "3.0.1",
+    "currentVersion": "3.0.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",