Deploy Resilient/resilient-community-apps to github.ibm.com/Resilient…

…/resilient-community-apps.git:gh-pages
ibmresilient · Nov 12, 2024 · 3dbdff5 · 3dbdff5
1 parent bd8a5e8
commit 3dbdff5
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 53 deletions.
diff --git a/.doctrees/environment.pickle b/.doctrees/environment.pickle
diff --git a/.doctrees/rc_data_feed_plugin_splunkfeed/README.doctree b/.doctrees/rc_data_feed_plugin_splunkfeed/README.doctree
diff --git a/_sources/rc_data_feed_plugin_splunkfeed/README.md.txt b/_sources/rc_data_feed_plugin_splunkfeed/README.md.txt
@@ -16,7 +16,6 @@ Unless otherwise specified, contents of this repository are published under the
 
 | Version | Date | Notes |
 | ------- | ---- | ----- |
-| 1.3.0   | 09/2024 | Updated base rc_data_feed to 3.3.0. Support for time-series data. |
 | 1.2.0   | 04/2024 | Updated base rc_data_feed to 3.1.0. Added parallel execution. Added ability to exclude selective incident fields. |
 | 1.1.2   | 01/2024 | Updated base rc_data_feed to 3.0.0 |
 | 1.1.1   | 10/2022 | Fix to handle rare corrupt event.message |
@@ -43,17 +42,6 @@ To use this capability, add the following app.config setting, exclude_incident_f
 | parallel_execution | True, False | parallel execution for faster ingestion to Splunk |
 | exclude_incident_fields_file | /path/to/exclusion_file.txt | Specify incident fields, one per line, to exclude from the incident data sent to Splunk. Use wildcards such as '*' (multiple characters) or '?' (single character) to exclude patterns of fields. Ex. gdpr_*, custom_field_int |
 
-### 1.3.0 Changes
-Version 1.3.0 introduces incident time-series data fields. These custom select or boolean fields, as well as incident `Owner`, `Phase` and `Severity` fields which record the duration in seconds each field contains a particular value.
-For instance, how many seconds `Severity` has a value of `Low` and `Medium`, etc.
-
-To use this capability, add the following app.config settings to the `[feeds]` configuration section.
-
-| Key | Values | Description |
-| :-- | :----- | :---------- |
-| timeseries | always \| onclose \| never | When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to 'always'. default is 'never' |
-| timeseries_fields | owner_id, phase_id, severity_code, <custom_field> | A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with '?' or '*'. ex. ts_* will collect all time-series fields starting with "ts_". default is all time-series fields |
-
 ## Compatibility
 SOAR: 45.0 or higher
 
@@ -77,7 +65,7 @@ Simply install the .zip file into the app. It includes:
 ```
 * Run the following commands to install the package:
 ```
-  unzip rc_data_feed-<version>.zip (must be at least version 3.3.0)
+  unzip rc_data_feed-<version>.zip (must be at least version 2.1.0)
   [sudo] pip install --upgrade rc_data_feed-<version>.tar.gz
   unzip rc_data_feed-plugin-splunkfeed-<version>.zip
   [sudo] pip install --upgrade rc_data_feed-plugin-splunkfeed-<version>.tar.gz
@@ -164,7 +152,6 @@ port | Ex. 8088 | The default is 8088 |
 
 ### Considerations
 * Enable the HTTP Event Collector within Splunk ES before using this data feed.
-* Do not use indexer acknowledgement
 * Splunk events are immutable. IBM SOAR object changes are represented as new events. No event deletion is possible.
 * Be aware that when using `reload=True`, all IBM SOAR records will be duplicated in Splunk each time resilient-circuits is re-started. Use the app.config setting `reload_types` to specify the data sent if you want to either limit the object types or to also include datatables.
 

diff --git a/rc_data_feed_plugin_splunkfeed/README.html b/rc_data_feed_plugin_splunkfeed/README.html
@@ -435,27 +435,23 @@ <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p>1.3.0</p></td>
-<td><p>09/2024</p></td>
-<td><p>Updated base rc_data_feed to 3.3.0. Support for time-series data.</p></td>
-</tr>
-<tr class="row-odd"><td><p>1.2.0</p></td>
+<tr class="row-even"><td><p>1.2.0</p></td>
 <td><p>04/2024</p></td>
 <td><p>Updated base rc_data_feed to 3.1.0. Added parallel execution. Added ability to exclude selective incident fields.</p></td>
 </tr>
-<tr class="row-even"><td><p>1.1.2</p></td>
+<tr class="row-odd"><td><p>1.1.2</p></td>
 <td><p>01/2024</p></td>
 <td><p>Updated base rc_data_feed to 3.0.0</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.1.1</p></td>
+<tr class="row-even"><td><p>1.1.1</p></td>
 <td><p>10/2022</p></td>
 <td><p>Fix to handle rare corrupt event.message</p></td>
 </tr>
-<tr class="row-even"><td><p>1.1.0</p></td>
+<tr class="row-odd"><td><p>1.1.0</p></td>
 <td><p>5/2022</p></td>
 <td><p>Replaced base component, adding attachment content, workspace separation, more control over auto data reload.</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.0.3</p></td>
+<tr class="row-even"><td><p>1.0.3</p></td>
 <td><p>9/2020</p></td>
 <td><p>App Host and Proxy Support</p></td>
 </tr>
@@ -516,32 +512,6 @@ <h3>1.2.0 Changes<a class="headerlink" href="#id1" title="Link to this heading">
 </table>
 </div>
 </section>
-<section id="id2">
-<h3>1.3.0 Changes<a class="headerlink" href="#id2" title="Link to this heading">¶</a></h3>
-<p>Version 1.3.0 introduces incident time-series data fields. These custom select or boolean fields, as well as incident <code class="docutils literal notranslate"><span class="pre">Owner</span></code>, <code class="docutils literal notranslate"><span class="pre">Phase</span></code> and <code class="docutils literal notranslate"><span class="pre">Severity</span></code> fields which record the duration in seconds each field contains a particular value.
-For instance, how many seconds <code class="docutils literal notranslate"><span class="pre">Severity</span></code> has a value of <code class="docutils literal notranslate"><span class="pre">Low</span></code> and <code class="docutils literal notranslate"><span class="pre">Medium</span></code>, etc.</p>
-<p>To use this capability, add the following app.config settings to the <code class="docutils literal notranslate"><span class="pre">[feeds]</span></code> configuration section.</p>
-<div class="table-wrapper colwidths-auto docutils container">
-<table class="docutils align-default">
-<thead>
-<tr class="row-odd"><th class="head text-left"><p>Key</p></th>
-<th class="head text-left"><p>Values</p></th>
-<th class="head text-left"><p>Description</p></th>
-</tr>
-</thead>
-<tbody>
-<tr class="row-even"><td class="text-left"><p>timeseries</p></td>
-<td class="text-left"><p>always | onclose | never</p></td>
-<td class="text-left"><p>When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to ‘always’. default is ‘never’</p></td>
-</tr>
-<tr class="row-odd"><td class="text-left"><p>timeseries_fields</p></td>
-<td class="text-left"><p>owner_id, phase_id, severity_code, &lt;custom_field&gt;</p></td>
-<td class="text-left"><p>A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with ‘?’ or ‘<em>’. ex. ts_</em> will collect all time-series fields starting with “ts_”. default is all time-series fields</p></td>
-</tr>
-</tbody>
-</table>
-</div>
-</section>
 </section>
 <section id="compatibility">
 <h2>Compatibility<a class="headerlink" href="#compatibility" title="Link to this heading">¶</a></h2>
@@ -574,7 +544,7 @@ <h4>Install the Python components<a class="headerlink" href="#install-the-python
 <ul class="simple">
 <li><p>Run the following commands to install the package:</p></li>
 </ul>
-<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>  <span class="n">unzip</span> <span class="n">rc_data_feed</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;.</span><span class="n">zip</span> <span class="p">(</span><span class="n">must</span> <span class="n">be</span> <span class="n">at</span> <span class="n">least</span> <span class="n">version</span> <span class="mf">3.3.0</span><span class="p">)</span>
+<div class="highlight-default notranslate"><div class="highlight"><pre><span></span>  <span class="n">unzip</span> <span class="n">rc_data_feed</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;.</span><span class="n">zip</span> <span class="p">(</span><span class="n">must</span> <span class="n">be</span> <span class="n">at</span> <span class="n">least</span> <span class="n">version</span> <span class="mf">2.1.0</span><span class="p">)</span>
   <span class="p">[</span><span class="n">sudo</span><span class="p">]</span> <span class="n">pip</span> <span class="n">install</span> <span class="o">--</span><span class="n">upgrade</span> <span class="n">rc_data_feed</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span>
   <span class="n">unzip</span> <span class="n">rc_data_feed</span><span class="o">-</span><span class="n">plugin</span><span class="o">-</span><span class="n">splunkfeed</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;.</span><span class="n">zip</span>
   <span class="p">[</span><span class="n">sudo</span><span class="p">]</span> <span class="n">pip</span> <span class="n">install</span> <span class="o">--</span><span class="n">upgrade</span> <span class="n">rc_data_feed</span><span class="o">-</span><span class="n">plugin</span><span class="o">-</span><span class="n">splunkfeed</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;.</span><span class="n">tar</span><span class="o">.</span><span class="n">gz</span>
@@ -712,7 +682,6 @@ <h2>SplunkHECFeed Class<a class="headerlink" href="#splunkhecfeed-class" title="
 <h3>Considerations<a class="headerlink" href="#considerations" title="Link to this heading">¶</a></h3>
 <ul class="simple">
 <li><p>Enable the HTTP Event Collector within Splunk ES before using this data feed.</p></li>
-<li><p>Do not use indexer acknowledgement</p></li>
 <li><p>Splunk events are immutable. IBM SOAR object changes are represented as new events. No event deletion is possible.</p></li>
 <li><p>Be aware that when using <code class="docutils literal notranslate"><span class="pre">reload=True</span></code>, all IBM SOAR records will be duplicated in Splunk each time resilient-circuits is re-started. Use the app.config setting <code class="docutils literal notranslate"><span class="pre">reload_types</span></code> to specify the data sent if you want to either limit the object types or to also include datatables.</p></li>
 </ul>
@@ -800,7 +769,6 @@ <h2>Additional Data Feed Documentation<a class="headerlink" href="#additional-da
 <li><a class="reference internal" href="#release-notes">Release Notes</a><ul>
 <li><a class="reference internal" href="#changes">1.1.0 Changes</a></li>
 <li><a class="reference internal" href="#id1">1.2.0 Changes</a></li>
-<li><a class="reference internal" href="#id2">1.3.0 Changes</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#compatibility">Compatibility</a></li>

diff --git a/searchindex.js b/searchindex.js