Merge pull request #28 from splunk-soar-connectors/next

Merging next to main for release 2.8.0
splunk-soar-connectors · Sep 27, 2022 · 915d6a7 · 915d6a7
2 parents 86607a0 + de91840
commit 915d6a7
Show file tree

Hide file tree

Showing 20 changed files with 260 additions and 253 deletions.
diff --git a/.github/workflows/review-release.yml b/.github/workflows/review-release.yml
@@ -0,0 +1,22 @@
+name: Review Release
+concurrency:
+  group: app-release
+  cancel-in-progress: true
+permissions:
+  contents: read
+  id-token: write
+  statuses: write
+on:
+  workflow_dispatch:
+    inputs:
+      task_token:
+        description: 'StepFunction task token'
+        required: true
+
+jobs:
+  review:
+    uses: 'phantomcyber/dev-cicd-tools/.github/workflows/review-release.yml@main'
+    with:
+      task_token: ${{ inputs.task_token }}
+    secrets:
+      resume_release_role_arn: ${{ secrets.RESUME_RELEASE_ROLE_ARN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.11
+    rev: v1.13
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.1.0
+    rev: v1.3.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^parser.json$']
diff --git a/README.md b/README.md
@@ -2,11 +2,11 @@
 # Parser
 
 Publisher: Splunk  
-Connector Version: 2\.7\.1  
+Connector Version: 2\.8\.0  
 Product Vendor: Splunk  
 Product Name: Parser  
 Product Version Supported (regex): "\.\*"  
-Minimum Product Version: 5\.1\.0  
+Minimum Product Version: 5\.3\.3  
 
 This app extracts IOCs from various files such as PDFs, emails, or raw text
 
@@ -39,7 +39,7 @@ This app uses the defusedxml module, which is licensed under the Python Software
 Create IOC artifacts from a file in the vault or raw text
 
 Type: **generic**  
-Read only: **True**
+Read only: **False**
 
 Specify either text or vault\_id\. If text is used only file\_types of csv, html, and txt can be selected\. <br/><br/>If vault\_id is used and the \[file\_type\] is left blank, the app will try to determine what type of file it is on its own\. <br/><br/> When parsing an email file \(\.eml\), the <b>file\_type</b> parameter must be set to <b>email</b>\. <br/> <br/> <b>Label</b> or <b>Container ID</b> is mandatory to run an action\. It will display an error message if both of them are not mentioned\. <br/> <br/> <b> Caveats\:</b> <ul><li>If the \[file\_type\] you chose related to \[vault\_id\] is incorrect, you will have an unexpected output scenario\.</li></ul>
 
@@ -51,7 +51,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **text** |  optional  | Raw text from which to extract IOCs | string | 
 **is\_structured** |  optional  | Use first row of CSV file as field names | boolean | 
 **label** |  optional  | Add container to this label | string | 
-**max\_artifacts** |  optional  | Maximum number of artifacts \(not applicable to \.eml filetype\) | numeric | 
+**max\_artifacts** |  optional  | Maximum number of artifacts | numeric | 
 **container\_id** |  optional  | Add created artifacts to this container | numeric | 
 **remap\_cef\_fields** |  optional  | Remap the CEF fields with new field names; Optionally, also apply an internal CEF \-> CIM field name mapping\. Note\: \(source\|destination\)Address will be mapped to \(src\|dest\)\_ip respectively instead of src\|dest \(not applicable to \.eml filetype\) | string | 
 **custom\_remap\_json** |  optional  | Custom set of CEF field name mappings\. This is a serialized json dictionary \(json\.dumps\) of Key/Value pairs where Key is an existing field name and Value is the resultant name \(not applicable to \.eml filetype\) | string | 
@@ -65,40 +65,40 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 DATA PATH | TYPE | CONTAINS
 --------- | ---- | --------
 action\_result\.status | string | 
+action\_result\.parameter\.artifact\_tags | string | 
 action\_result\.parameter\.container\_id | numeric | 
 action\_result\.parameter\.custom\_remap\_json | string | 
 action\_result\.parameter\.file\_type | string | 
 action\_result\.parameter\.is\_structured | boolean | 
+action\_result\.parameter\.keep\_raw | boolean | 
 action\_result\.parameter\.label | string | 
 action\_result\.parameter\.max\_artifacts | numeric | 
 action\_result\.parameter\.parse\_domains | boolean | 
-action\_result\.parameter\.keep\_raw | boolean | 
-action\_result\.parameter\.artifact\_tags | string | 
 action\_result\.parameter\.remap\_cef\_fields | string | 
 action\_result\.parameter\.run\_automation | boolean | 
 action\_result\.parameter\.severity | string | 
 action\_result\.parameter\.text | string | 
 action\_result\.parameter\.vault\_id | string |  `vault id` 
 action\_result\.data | string | 
-action\_result\.summary\.artifacts\_ingested | numeric | 
-action\_result\.summary\.artifacts\_found | numeric | 
-action\_result\.summary\.container\_id | numeric | 
-action\_result\.message | string | 
-summary\.total\_objects | numeric | 
-summary\.total\_objects\_successful | numeric | 
-action\_result\.data\.\*\.To | string | 
+action\_result\.data\.\*\.Content\-Language | string | 
+action\_result\.data\.\*\.Content\-Type | string | 
 action\_result\.data\.\*\.Date | string | 
 action\_result\.data\.\*\.From | string | 
-action\_result\.data\.\*\.Subject | string | 
-action\_result\.data\.\*\.Content\-Type | string | 
-action\_result\.data\.\*\.X\-MS\-Has\-Attach | string | 
-action\_result\.data\.\*\.Content\-Language | string | 
-action\_result\.data\.\*\.Message\-ID | string | 
+action\_result\.data\.\*\.In\-Reply\-To | string | 
 action\_result\.data\.\*\.MIME\-Version | string | 
+action\_result\.data\.\*\.Message\-ID | string | 
 action\_result\.data\.\*\.References | string | 
-action\_result\.data\.\*\.In\-Reply\-To | string | 
+action\_result\.data\.\*\.Subject | string | 
 action\_result\.data\.\*\.Thread\-Index | string | 
 action\_result\.data\.\*\.Thread\-Topic | string | 
-action\_result\.data\.\*\.X\-MS\-TNEF\-Correlator | string | 
+action\_result\.data\.\*\.To | string | 
+action\_result\.data\.\*\.X\-MS\-Exchange\-Organization\-RecordReviewCfmType | string | 
 action\_result\.data\.\*\.X\-MS\-Exchange\-Organization\-SCL | string | 
-action\_result\.data\.\*\.X\-MS\-Exchange\-Organization\-RecordReviewCfmType | string | 
+action\_result\.data\.\*\.X\-MS\-Has\-Attach | string | 
+action\_result\.data\.\*\.X\-MS\-TNEF\-Correlator | string | 
+action\_result\.summary\.artifacts\_found | numeric | 
+action\_result\.summary\.artifacts\_ingested | numeric | 
+action\_result\.summary\.container\_id | numeric | 
+action\_result\.message | string | 
+summary\.total\_objects | numeric | 
+summary\.total\_objects\_successful | numeric |