Merge pull request #370 from guilhemmarchand/version_1255

Version 1.2.55
guilhemmarchand · Oct 28, 2021 · b6e81ce · b6e81ce
2 parents fe478f9 + 39deb78
commit b6e81ce
Show file tree

Hide file tree

Showing 15 changed files with 649 additions and 194 deletions.
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
@@ -0,0 +1,29 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.9"
+    # You can also specify other tool versions:
+    # nodejs: "16"
+    # rust: "1.55"
+    # golang: "1.17"
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+   configuration: docs/conf.py
+
+# If using Sphinx, optionally build your docs in additional formats such as PDF
+# formats:
+#    - pdf
+
+# Optionally declare the Python requirements required to build your docs
+python:
+   install:
+   - requirements: docs/requirements.txt
diff --git a/docs/configuration.rst b/docs/configuration.rst
@@ -130,10 +130,11 @@ TrackMe Data Sources - Define what works for you
 
 The primary concept of TrackMe is called **data sources**, See :ref:`Data Sources tracking and features` in the User guide for more explanations.
 
-For the purposes of defining the best strategy that works for you, let's explain the 3 modes available, which you can configure via the ``Trackme manage and configure`` interface:
+For the purposes of defining the best strategy that works for you, let's explain the different modes available, which you can configure via the ``Trackme manage and configure`` interface:
 
 - Split mode (default)
-- Merge mode
+- Split custom mode
+- Merged mode
 - Cribl mode
 
 .. image:: img/step_by_step_configure/ui_data_sources_mode.png
@@ -162,10 +163,23 @@ On the other hand, would we index these 3 WinEventLogs into a unique index, we w
 
 Don't worry, TrackMe has plenty of features that allow you to cover any use cases (Elastic Sources, allow and block listing, etc), the Split mode is generally what covers most use cases, but this is very depending to your context.
 
+Trackme Data Sources - split custom mode
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The Split custom mode allows you to define an additional indexed field to be used when discovering and maintaining the data sources.
+
+Once you define the indexed field, entities are going to be created as following:
+
+``index + ":" + sourcetype + "|<keyName>:<keyValue>``
+
+Where ``keyName`` is the name of the indexed field, ``keyValue`` the value.
+
+.. hint:: Once enabled, any data source that does not include the indexed field will not be discovered any longer, you can handle any additional use cases as :ref:`Elastic Sources` or create custom trackers in hybrid mode.
+
 Trackme Data Sources - Merged mode
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-On the opposite, the Merged mode removes the concept of sourcetype and basically creates 1 entity per index, no matters what sourcetypes are indexed in it, entities are created as:
+The Merged mode removes the concept of sourcetype and basically creates 1 entity per index, no matters what sourcetypes are indexed in it, entities are created as:
 
 ``index + ":all"``
 

diff --git a/docs/img/step_by_step_configure/ui_data_sources_mode.png b/docs/img/step_by_step_configure/ui_data_sources_mode.png
diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
@@ -1,6 +1,18 @@
 Release notes
 #############
 
+Version 1.2.55
+==============
+
+.. warning:: **Splunk 8.x and Python3 support only**
+
+    - Starting from this release, only Splunk 8.x and Python3 are supported
+    - Some functions such as builtin alert actions are not compatible any longer with Python2 and Splunk 7.x
+    - For the latest version available for Splunk 7.x, see the release 1.2.51
+
+- Feature: Provides a new split by custom mode to allow defining a custom indexed field in the data source discovery and maintenance workflow
+- Feature: Notification bar and various UI improvements in the configuration UI
+
 Version 1.2.54
 ==============
 

diff --git a/globalConfig.json b/globalConfig.json
@@ -144,7 +144,7 @@
     "meta": {
         "name": "trackme",
         "restRoot": "trackme",
-        "version": "1.2.54",
+        "version": "1.2.55",
         "displayName": "TrackMe",
         "schemaVersion": "0.0.3"
     }

diff --git a/package/app.manifest b/package/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "trackme",
-      "version": "1.2.54"
+      "version": "1.2.55"
     },
     "author": [
       {

diff --git a/package/appserver/static/notifybar/img/bg.png b/package/appserver/static/notifybar/img/bg.png
diff --git a/package/appserver/static/notifybar/img/jq-notify-bar-icons.svg b/package/appserver/static/notifybar/img/jq-notify-bar-icons.svg
diff --git a/package/appserver/static/notifybar/jquery.notifyBar.css b/package/appserver/static/notifybar/jquery.notifyBar.css
@@ -0,0 +1,122 @@
+/*
+*  Notify Bar - jQuery plugin
+*
+*  Copyright (c) 2009-2015 Dmitri Smirnov
+*
+*  Licensed under the MIT license:
+*  http://www.opensource.org/licenses/mit-license.php
+*
+*  Project home:
+*  http://www.whoop.ee/posts/2013/04/05/the-resurrection-of-jquery-notify-bar.html
+*/
+
+/* Default bars' style */
+.jquery-notify-bar {
+  width: 100%;
+  position: fixed;
+  top: 0;
+  left: 0;
+  z-index: 32768;
+  background-color: #efefef;
+  font-size: 18px;
+  color: #000;
+  text-align: center;
+  font-family: Arial, Verdana, sans-serif;
+  padding: 20px 0px;
+  cursor: pointer;
+  border-bottom: 1px solid #ddd;
+  -webkit-box-shadow: inset 0 -1px 0 0 #fff;
+  -moz-box-shadow: inset 0 -1px 0 0 #fff;
+  box-shadow: inset 0 -1px 0 0 #fff;
+  background-image: -webkit-gradient(
+    linear,
+    0 0,
+    0 100%,
+    from(rgba(255, 255, 255, 0.5)),
+    to(rgba(255, 255, 255, 0))
+  );
+  background-image: -webkit-linear-gradient(
+    rgba(255, 255, 255, 0.5) 0%,
+    rgba(255, 255, 255, 0) 100%
+  );
+  background-image: -moz-linear-gradient(
+    rgba(255, 255, 255, 0.5) 0%,
+    rgba(255, 255, 255, 0) 100%
+  );
+  background-image: -o-linear-gradient(
+    rgba(255, 255, 255, 0.5) 0%,
+    rgba(255, 255, 255, 0) 100%
+  );
+  background-image: linear-gradient(
+    rgba(255, 255, 255, 0.5) 0%,
+    rgba(255, 255, 255, 0) 100%
+  );
+}
+.jquery-notify-bar.bottom {
+  bottom: 0;
+  top: auto;
+  border-top: 1px solid #ddd;
+  border-bottom: 1px solid #ddd;
+  -webkit-box-shadow: inset 0 1px 0 0 #fff;
+  -moz-box-shadow: inset 0 1px 0 0 #fff;
+  box-shadow: inset 0 1px 0 0 #fff;
+}
+
+.jquery-notify-bar.dark .notify-bar-text-wrapper,
+.jquery-notify-bar.error .notify-bar-text-wrapper,
+.jquery-notify-bar.warning .notify-bar-text-wrapper,
+.jquery-notify-bar.success .notify-bar-text-wrapper {
+  padding: 1px 0 1px 23px;
+}
+
+/* Style for errors */
+.jquery-notify-bar.error {
+  color: white;
+  background-color: #ba202f;
+}
+.jquery-notify-bar.error .notify-bar-text-wrapper {
+  background: transparent url("./img/jq-notify-bar-icons.svg") no-repeat 0 -62px;
+}
+
+/* Style for warning */
+.jquery-notify-bar.warning {
+  color: #000;
+  background-color: #ffc107;
+}
+.jquery-notify-bar.warning .notify-bar-text-wrapper {
+  background: transparent url("./img/jq-notify-bar-icons.svg") no-repeat 1px 1px;
+}
+
+/* Style for success */
+.jquery-notify-bar.success {
+  color: white;
+  background-color: #060;
+}
+.jquery-notify-bar.success .notify-bar-text-wrapper {
+  background: transparent url("./img/jq-notify-bar-icons.svg") no-repeat 2px -31px;
+}
+
+/* Style for info */
+.jquery-notify-bar.info {
+  color: white;
+  background-color: #138496;
+}
+
+/* Style for dark */
+.jquery-notify-bar.dark {
+  color: white;
+  background-color: #31373e;
+}
+
+/* Style for close button */
+.notify-bar-close {
+  position: absolute;
+  left: 97%;
+  top: 13px;
+  text-decoration: none;
+  color: #222;
+  font-size: 30px;
+}
+.notify-bar-close:hover {
+  color: #05f;
+}