From 3c7e9f0cafd300819dbb8b2a57db5905edcb7428 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 17:54:17 -0500
Subject: [PATCH 01/11] docs: update CHANGELOG

---
 CHANGELOG.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a70a121..cda8ba8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+# Version 4.0.3
+* Fix - problem loading some inputs on Windows system. [Issue #8](https://github.com/splunk/splunk-add-on-microsoft-azure/issues/8) and [Issue #12](https://github.com/splunk/splunk-add-on-microsoft-azure/issues/12)
+* Added `name` parameter to the `[id]` stanza in `default/app.conf`
+* Bumped `splunktaucclib` to version `6.0.6` to address potential credential corruption issues
+* Fix - errant newline in `eventtypes.conf` for `azure_vuln` stanza. [Issue #19](https://github.com/splunk/splunk-add-on-microsoft-azure/issues/19)
+* Fix - nextLink parameter is different for consumption input causing limited results. [Issue #20](https://github.com/splunk/splunk-add-on-microsoft-azure/issues/20)
+* Increase REST request timeout to 60 seconds
+
 # Version 4.0.2
 * Bug fix - Problem creating new AAD Audit Input - [Issue #3](https://github.com/splunk/splunk-add-on-microsoft-azure/issues/3)
 * Bug fix - Azure AD User and Group pagination issue

From f4e72f4d4bb9fa7bd2a354d0b1cbbe2c09a8e50b Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 17:54:38 -0500
Subject: [PATCH 02/11] build: bump version to 4.0.3

---
 globalConfig.json    | 2 +-
 package/app.manifest | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/globalConfig.json b/globalConfig.json
index 5aff6fb..4b94bb0 100644
--- a/globalConfig.json
+++ b/globalConfig.json
@@ -2,7 +2,7 @@
     "meta": {
         "name": "TA-MS-AAD",
         "displayName": "Splunk Add-on for Microsoft Azure",
-        "version": "4.0.2",
+        "version": "4.0.3",
         "apiVersion": "3.0.0",
         "restRoot": "TA_MS_AAD",
         "schemaVersion": "0.0.3"
diff --git a/package/app.manifest b/package/app.manifest
index bef4d85..1b53e41 100644
--- a/package/app.manifest
+++ b/package/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "TA-MS-AAD",
-      "version": "4.0.2"
+      "version": "4.0.3"
     },
     "author": [
       {

From f53f9c01ff5dc2001dd91cd8432111a08698aefc Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 17:58:34 -0500
Subject: [PATCH 03/11] fix: consumption pagination

The nextLink parameter can be different in the consumption API.  Check for both @odata.nextLink and nextLink parameters.  Addresses #20
---
 package/bin/azure_consumption.py    | 2 +-
 package/bin/ta_azure_utils/utils.py | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/package/bin/azure_consumption.py b/package/bin/azure_consumption.py
index ed46274..6ad41ec 100755
--- a/package/bin/azure_consumption.py
+++ b/package/bin/azure_consumption.py
@@ -52,7 +52,7 @@ def get_start_date(helper, check_point_key):
         start_date = helper.get_arg("start_date")
         if (start_date not in [None,'']):
             d = dateutil.parser.parse(start_date)
-            helper.log_debug("_Splunk_ input_name=%s Getting start date. input_name=%s Start date in stanza: %s" % (input_name, start_date))
+            helper.log_debug("_Splunk_ input_name=%s Getting start date. input_name=%s Start date in stanza: %s" % (input_name, input_name, start_date))
             return d.strftime('%Y-%m-%d')
         else:
             # If there was no start date specified, default to 90 day ago
diff --git a/package/bin/ta_azure_utils/utils.py b/package/bin/ta_azure_utils/utils.py
index babaab7..85efc2d 100755
--- a/package/bin/ta_azure_utils/utils.py
+++ b/package/bin/ta_azure_utils/utils.py
@@ -74,14 +74,19 @@ def get_items(helper, access_token, url, items=[]):
         response_json = json.loads(r.content)
         items += response_json['value']
 
+        nextLink = None
         if '@odata.nextLink' in response_json:
             nextLink = response_json['@odata.nextLink']
 
+        if 'nextLink' in response_json:
+            nextLink = response_json['nextLink']
+
+        if nextLink:
             # This should never happen, but just in case...
             if not is_https(nextLink):
                 raise ValueError("nextLink scheme is not HTTPS. nextLink URL: %s" % nextLink)
 
-            helper.log_debug("_Splunk_ nextLink URL (@odata.nextLink): %s" % nextLink)
+            helper.log_debug("_Splunk_ nextLink URL: %s" % nextLink)
             get_items(helper, access_token, nextLink, items)
         
     except Exception as e:

From db6f6ed4f252f4a6a9f9b44aee1b869e181d9cf2 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 17:59:18 -0500
Subject: [PATCH 04/11] fix: increase REST timeout to 60 seconds

Addresses #11 until parameter is exposed in the UI
---
 package/bin/ta_azure_utils/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/bin/ta_azure_utils/utils.py b/package/bin/ta_azure_utils/utils.py
index 85efc2d..fd97613 100755
--- a/package/bin/ta_azure_utils/utils.py
+++ b/package/bin/ta_azure_utils/utils.py
@@ -26,7 +26,7 @@
 from requests.packages.urllib3.util.retry import Retry
 import six
 
-TIMEOUT = 5 #seconds
+TIMEOUT = 60 #seconds
 
 def handle_nextLink(helper=None, response=None, session=None):
     if '@odata.nextLink' in response:

From 33fd048ea254920df6d03bd15fd848494fd775ae Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 18:00:55 -0500
Subject: [PATCH 05/11] fix: remove unnecessary pwd import

Addresses #8 and #12
---
 package/bin/import_declare_test.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/bin/import_declare_test.py b/package/bin/import_declare_test.py
index 181c233..22ee15c 100644
--- a/package/bin/import_declare_test.py
+++ b/package/bin/import_declare_test.py
@@ -17,7 +17,6 @@
 
 '''
 import os
-import pwd
 import sys
 
 import warnings

From fe2b52dcac8faca22d8d70336aead7995b7a74a8 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 18:01:49 -0500
Subject: [PATCH 06/11] build: add name parameter to the [id] stanza

Addresses a Splunk Cloud SSAI issue
---
 package/default/app.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package/default/app.conf b/package/default/app.conf
index 3e83d62..dacee7f 100644
--- a/package/default/app.conf
+++ b/package/default/app.conf
@@ -21,3 +21,5 @@ reload.ta_ms_aad_account = simple
 reload.ta_ms_aad_settings = simple
 reload.passwords = simple
 
+[id]
+name = TA-MS-AAD
\ No newline at end of file

From ec6b1650da7330e92b7f826404832d196e473bce Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 18:03:09 -0500
Subject: [PATCH 07/11] Remove prebuilt panels

---
 ...aad_audit_changes_made_by_applications.xml | 18 ---------
 .../aad_audit_changes_made_by_users.xml       | 18 ---------
 .../ui/panels/aad_audit_top_activities.xml    | 37 -------------------
 .../ui/panels/aad_signin_failed_signins.xml   | 18 ---------
 .../ui/panels/aad_signin_login_status.xml     | 37 -------------------
 .../panels/aad_signin_logins_by_geography.xml | 36 ------------------
 .../aad_signin_top_application_signins.xml    | 37 -------------------
 .../default/data/ui/views/configuration.xml   |  4 --
 package/default/data/ui/views/inputs.xml      |  4 --
 9 files changed, 209 deletions(-)
 delete mode 100644 package/default/data/ui/panels/aad_audit_changes_made_by_applications.xml
 delete mode 100644 package/default/data/ui/panels/aad_audit_changes_made_by_users.xml
 delete mode 100644 package/default/data/ui/panels/aad_audit_top_activities.xml
 delete mode 100644 package/default/data/ui/panels/aad_signin_failed_signins.xml
 delete mode 100644 package/default/data/ui/panels/aad_signin_login_status.xml
 delete mode 100644 package/default/data/ui/panels/aad_signin_logins_by_geography.xml
 delete mode 100644 package/default/data/ui/panels/aad_signin_top_application_signins.xml
 delete mode 100644 package/default/data/ui/views/configuration.xml
 delete mode 100644 package/default/data/ui/views/inputs.xml

diff --git a/package/default/data/ui/panels/aad_audit_changes_made_by_applications.xml b/package/default/data/ui/panels/aad_audit_changes_made_by_applications.xml
deleted file mode 100644
index e019130..0000000
--- a/package/default/data/ui/panels/aad_audit_changes_made_by_applications.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<panel>
-  <title>Azure AD Audit - Changes Made by Applications (Last 24 Hours)</title>
-  <table>
-    <search>
-      <query>sourcetype="ms:aad:audit" actorType=Application | stats count by activity actor.name "targets{}.modifiedProperties{}.oldValue" "targets{}.modifiedProperties{}.newValue" | fields - count | rename activity AS "Activity" actor.name AS "Application Name" "targets{}.name" AS "Target Name" "targets{}.modifiedProperties{}.oldValue" AS "Old Value" "targets{}.modifiedProperties{}.newValue" AS "New Value"</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="count">20</option>
-    <option name="dataOverlayMode">none</option>
-    <option name="drilldown">none</option>
-    <option name="percentagesRow">false</option>
-    <option name="rowNumbers">false</option>
-    <option name="totalsRow">false</option>
-    <option name="wrap">true</option>
-  </table>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/panels/aad_audit_changes_made_by_users.xml b/package/default/data/ui/panels/aad_audit_changes_made_by_users.xml
deleted file mode 100644
index 00f2f9a..0000000
--- a/package/default/data/ui/panels/aad_audit_changes_made_by_users.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<panel>
-  <title>Azure AD Audit - Changes Made by Users (Last 24 Hours)</title>
-  <table>
-    <search>
-      <query>sourcetype="ms:aad:audit" actorType=User | stats count by activity actor.userPrincipalName targets{}.name "targets{}.modifiedProperties{}.oldValue" "targets{}.modifiedProperties{}.newValue" | fields - count | rename activity AS "Activity" actor.userPrincipalName AS UPN "targets{}.name" AS "Target Name" "targets{}.modifiedProperties{}.oldValue" AS "Old Value" "targets{}.modifiedProperties{}.newValue" AS "New Value"</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="count">20</option>
-    <option name="dataOverlayMode">none</option>
-    <option name="drilldown">none</option>
-    <option name="percentagesRow">false</option>
-    <option name="rowNumbers">false</option>
-    <option name="totalsRow">false</option>
-    <option name="wrap">true</option>
-  </table>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/panels/aad_audit_top_activities.xml b/package/default/data/ui/panels/aad_audit_top_activities.xml
deleted file mode 100644
index 2f796a0..0000000
--- a/package/default/data/ui/panels/aad_audit_top_activities.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<panel>
-  <title>Azure AD Audit - Top Activities (Last 24 Hours)</title>
-  <chart>
-    <search>
-      <query>sourcetype="ms:aad:audit"| top limit=20 activity</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
-    <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
-    <option name="charting.axisTitleX.visibility">visible</option>
-    <option name="charting.axisTitleY.visibility">visible</option>
-    <option name="charting.axisTitleY2.visibility">visible</option>
-    <option name="charting.axisX.scale">linear</option>
-    <option name="charting.axisY.scale">linear</option>
-    <option name="charting.axisY2.enabled">0</option>
-    <option name="charting.axisY2.scale">inherit</option>
-    <option name="charting.chart">pie</option>
-    <option name="charting.chart.bubbleMaximumSize">50</option>
-    <option name="charting.chart.bubbleMinimumSize">10</option>
-    <option name="charting.chart.bubbleSizeBy">area</option>
-    <option name="charting.chart.nullValueMode">gaps</option>
-    <option name="charting.chart.showDataLabels">none</option>
-    <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
-    <option name="charting.chart.stackMode">default</option>
-    <option name="charting.chart.style">shiny</option>
-    <option name="charting.drilldown">none</option>
-    <option name="charting.layout.splitSeries">0</option>
-    <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
-    <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
-    <option name="charting.legend.placement">right</option>
-    <option name="trellis.enabled">0</option>
-    <option name="trellis.scales.shared">1</option>
-    <option name="trellis.size">medium</option>
-  </chart>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/panels/aad_signin_failed_signins.xml b/package/default/data/ui/panels/aad_signin_failed_signins.xml
deleted file mode 100644
index edb9d3f..0000000
--- a/package/default/data/ui/panels/aad_signin_failed_signins.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<panel>
-  <title>Azure AD Sing-Ins - Failed Sign-ins (Last 24 Hours)</title>
-  <table>
-    <search>
-      <query>sourcetype="ms:aad:signin" loginStatus=Failure | stats count by userPrincipalName userDisplayName appDisplayName failureReason deviceInformation | rename userPrincipalName AS UPN userDisplayName AS Name appDisplayName AS "Application" failureReason AS "Failure Reason" deviceInformation AS "Device Information" | fields - count</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="count">20</option>
-    <option name="dataOverlayMode">none</option>
-    <option name="drilldown">none</option>
-    <option name="percentagesRow">false</option>
-    <option name="rowNumbers">false</option>
-    <option name="totalsRow">false</option>
-    <option name="wrap">true</option>
-  </table>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/panels/aad_signin_login_status.xml b/package/default/data/ui/panels/aad_signin_login_status.xml
deleted file mode 100644
index 2ca1cd7..0000000
--- a/package/default/data/ui/panels/aad_signin_login_status.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<panel>
-  <title>Azure AD Sign-Ins - Login Status (Last 24 Hours)</title>
-  <chart>
-    <search>
-      <query>sourcetype="ms:aad:signin"| timechart count by loginStatus limit=10</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
-    <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
-    <option name="charting.axisTitleX.visibility">visible</option>
-    <option name="charting.axisTitleY.visibility">visible</option>
-    <option name="charting.axisTitleY2.visibility">visible</option>
-    <option name="charting.axisX.scale">linear</option>
-    <option name="charting.axisY.scale">linear</option>
-    <option name="charting.axisY2.enabled">0</option>
-    <option name="charting.axisY2.scale">inherit</option>
-    <option name="charting.chart">line</option>
-    <option name="charting.chart.bubbleMaximumSize">50</option>
-    <option name="charting.chart.bubbleMinimumSize">10</option>
-    <option name="charting.chart.bubbleSizeBy">area</option>
-    <option name="charting.chart.nullValueMode">gaps</option>
-    <option name="charting.chart.showDataLabels">none</option>
-    <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
-    <option name="charting.chart.stackMode">default</option>
-    <option name="charting.chart.style">shiny</option>
-    <option name="charting.drilldown">none</option>
-    <option name="charting.layout.splitSeries">0</option>
-    <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
-    <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
-    <option name="charting.legend.placement">bottom</option>
-    <option name="trellis.enabled">0</option>
-    <option name="trellis.scales.shared">1</option>
-    <option name="trellis.size">medium</option>
-  </chart>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/panels/aad_signin_logins_by_geography.xml b/package/default/data/ui/panels/aad_signin_logins_by_geography.xml
deleted file mode 100644
index 7e10031..0000000
--- a/package/default/data/ui/panels/aad_signin_logins_by_geography.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<panel>
-  <title>Azure AD Sign-Ins - Logins by Geography (Last 24 Hours)</title>
-  <map>
-    <search>
-      <query>sourcetype="ms:aad:signin" | geostats latfield=geoCoordinates.latitude longfield=geoCoordinates.longitude count by loginStatus</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="drilldown">none</option>
-    <option name="mapping.choroplethLayer.colorBins">5</option>
-    <option name="mapping.choroplethLayer.colorMode">auto</option>
-    <option name="mapping.choroplethLayer.maximumColor">0xDB5800</option>
-    <option name="mapping.choroplethLayer.minimumColor">0x2F25BA</option>
-    <option name="mapping.choroplethLayer.neutralPoint">0</option>
-    <option name="mapping.choroplethLayer.shapeOpacity">0.75</option>
-    <option name="mapping.choroplethLayer.showBorder">1</option>
-    <option name="mapping.data.maxClusters">100</option>
-    <option name="mapping.legend.placement">bottomright</option>
-    <option name="mapping.map.center">(0,0)</option>
-    <option name="mapping.map.panning">1</option>
-    <option name="mapping.map.scrollZoom">0</option>
-    <option name="mapping.map.zoom">2</option>
-    <option name="mapping.markerLayer.markerMaxSize">50</option>
-    <option name="mapping.markerLayer.markerMinSize">10</option>
-    <option name="mapping.markerLayer.markerOpacity">0.8</option>
-    <option name="mapping.showTiles">1</option>
-    <option name="mapping.tileLayer.maxZoom">7</option>
-    <option name="mapping.tileLayer.minZoom">0</option>
-    <option name="mapping.tileLayer.tileOpacity">1</option>
-    <option name="mapping.type">marker</option>
-    <option name="trellis.enabled">0</option>
-    <option name="trellis.scales.shared">1</option>
-    <option name="trellis.size">medium</option>
-  </map>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/panels/aad_signin_top_application_signins.xml b/package/default/data/ui/panels/aad_signin_top_application_signins.xml
deleted file mode 100644
index 89141c9..0000000
--- a/package/default/data/ui/panels/aad_signin_top_application_signins.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<panel>
-  <title>Azure AD Sign-Ins - Top Application Sign-ins (Last 24 Hours)</title>
-  <chart>
-    <search>
-      <query>sourcetype="ms:aad:signin"| top limit=20 appDisplayName</query>
-      <earliest>-24h@h</earliest>
-      <latest>now</latest>
-      <sampleRatio>1</sampleRatio>
-    </search>
-    <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
-    <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
-    <option name="charting.axisTitleX.visibility">visible</option>
-    <option name="charting.axisTitleY.visibility">visible</option>
-    <option name="charting.axisTitleY2.visibility">visible</option>
-    <option name="charting.axisX.scale">linear</option>
-    <option name="charting.axisY.scale">linear</option>
-    <option name="charting.axisY2.enabled">0</option>
-    <option name="charting.axisY2.scale">inherit</option>
-    <option name="charting.chart">pie</option>
-    <option name="charting.chart.bubbleMaximumSize">50</option>
-    <option name="charting.chart.bubbleMinimumSize">10</option>
-    <option name="charting.chart.bubbleSizeBy">area</option>
-    <option name="charting.chart.nullValueMode">gaps</option>
-    <option name="charting.chart.showDataLabels">none</option>
-    <option name="charting.chart.sliceCollapsingThreshold">0.01</option>
-    <option name="charting.chart.stackMode">default</option>
-    <option name="charting.chart.style">shiny</option>
-    <option name="charting.drilldown">none</option>
-    <option name="charting.layout.splitSeries">0</option>
-    <option name="charting.layout.splitSeries.allowIndependentYRanges">0</option>
-    <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option>
-    <option name="charting.legend.placement">right</option>
-    <option name="trellis.enabled">0</option>
-    <option name="trellis.scales.shared">1</option>
-    <option name="trellis.size">medium</option>
-  </chart>
-</panel>
\ No newline at end of file
diff --git a/package/default/data/ui/views/configuration.xml b/package/default/data/ui/views/configuration.xml
deleted file mode 100644
index 45b7be2..0000000
--- a/package/default/data/ui/views/configuration.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0"?>
-<view template="TA-MS-AAD:templates/base.html" type="html" isDashboard="False">
-    <label>Configuration</label>
-</view>
diff --git a/package/default/data/ui/views/inputs.xml b/package/default/data/ui/views/inputs.xml
deleted file mode 100644
index 6902efe..0000000
--- a/package/default/data/ui/views/inputs.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0"?>
-<view template="TA-MS-AAD:templates/base.html" type="html" isDashboard="False">
-    <label>Inputs</label>
-</view>

From a188c5e8f371b5bcff35c40a2508a380d81bf5c2 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 18:03:49 -0500
Subject: [PATCH 08/11] fix: remove errant line break in eventtypes.conf

Addresses #19
---
 package/default/eventtypes.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package/default/eventtypes.conf b/package/default/eventtypes.conf
index 47b046d..e62fd18 100644
--- a/package/default/eventtypes.conf
+++ b/package/default/eventtypes.conf
@@ -36,5 +36,4 @@ search = sourcetype="azure:vm:stop"
 search = sourcetype="m365:group:member:add"
 
 [azure_vuln]
-search = (sourcetype=azure:resourcegraph type="microsoft.security/assessments/subAssessments" "properties.additionalData.assessedResourceType"=ServerVulnerability 
-properties.additionalData.cve{}.title=*)
+search = (sourcetype=azure:resourcegraph type="microsoft.security/assessments/subAssessments" "properties.additionalData.assessedResourceType"=ServerVulnerability properties.additionalData.cve{}.title=*)
\ No newline at end of file

From 2d8209c63f75ef29f8e513ba780ff74bddf338d5 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 18:04:21 -0500
Subject: [PATCH 09/11] build: bump splunktaucclib version to 6.0.6

Addresses a passwords.conf issue for UCC framework apps
---
 package/lib/requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/lib/requirements.txt b/package/lib/requirements.txt
index d97e38d..b27b9a9 100644
--- a/package/lib/requirements.txt
+++ b/package/lib/requirements.txt
@@ -1,3 +1,3 @@
-splunktaucclib>=4.1.0
+splunktaucclib>=6.0.6
 python-dateutil>=2.8.2
 six>=1.16.0
\ No newline at end of file

From ecca69d98e21aeafe920de154640675b16da4c18 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Mon, 19 Sep 2022 18:04:39 -0500
Subject: [PATCH 10/11] docs: update README build example

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b2d4bd5..4bc2b8e 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ This add-on is built with Splunk's [UCC Generator](https://github.com/splunk/add
 
 Example:
 
-    ucc-gen --ta-version=4.0.2
+    ucc-gen --ta-version=4.0.3
 
 The add-on will be built in an `output` directory in the root of the repository.
 

From 9ffdf2f9b6afe0729aa31736c553b6c442183737 Mon Sep 17 00:00:00 2001
From: Jason Conger <jason@jasonconger.com>
Date: Tue, 20 Sep 2022 17:09:43 -0500
Subject: [PATCH 11/11] fix: add SSL verify option to KQL POST

---
 package/bin/ta_azure_utils/utils.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/bin/ta_azure_utils/utils.py b/package/bin/ta_azure_utils/utils.py
index fd97613..ec65c6a 100755
--- a/package/bin/ta_azure_utils/utils.py
+++ b/package/bin/ta_azure_utils/utils.py
@@ -128,11 +128,11 @@ def get_items_batch_session(helper=None, url=None, session=None):
 
     return response_json
 
-def post_items_batch_session(helper=None, url=None, headers=None, data=None, session=None):
+def post_items_batch_session(helper=None, url=None, headers=None, data=None, session=None, verify=False):
     
     t0 = time.time()
     try:
-        r = requests_retry_session(session=session).post(url=url, headers=headers, data=data, timeout=TIMEOUT)
+        r = requests_retry_session(session=session).post(url=url, headers=headers, data=data, timeout=TIMEOUT, verify=verify)
         r.raise_for_status()
         response_json = None
         response_json = json.loads(r.content)