Deploy Resilient/resilient-community-apps to github.ibm.com/Resilient…

…/resilient-community-apps.git:gh-pages

_downloads/2a0fda0a4ac6ae7a4ed4764b8e60d0e8/LICENSE

@@ -1,4 +1,4 @@
-Copyright © IBM Corporation 2010, 2019
+Copyright © IBM Corporation 2010, 2024
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to

_sources/rc_data_feed_plugin_elasticfeed/README.md.txt

@@ -10,6 +10,7 @@ Refer to the documentation on the Data Feed extension for uses cases support and
 ## History
 | Version | Date | Notes |
 | ------- | ---- | ----- |
+| 1.2.0   | 09/2024 | Support for time series data |
 | 1.1.1   | 01/2024 | Updated base image rc_data_feed to 3.0.0 |
 | 1.1.0   | 07/2022 | New base images and functionality for attachments |
 | 1.0.1   | 08/2020 | App Host support |
@@ -25,11 +26,21 @@ This release modified the base portion of the Data Feeder which is controlled by
 | workspaces | "Default Workspace": ["sqlserver_feed"], "workspace A": ["kafka_feed", "resilient_feed"] | This setting allows for the partitioning of Data Feeder execution among different workspaces. The format is to specify the workspace name with the data feeder components to associated with it: "workspace": ["app.config section_name"]. If unused, data from all workspaces is accessed. |
 | include_attachment_data | true/false | set to true if attachment data should be part of the sent payload. When 'true', the attachment's byte data is saved in base64 format. |
 
-## Compatibility
+### 1.2.0 Changes
+Version 1.2.0 introduces incident timeseries data fields. These are custom select or boolean fields, as well as incident `Owner`, `Phase` and `Severity` fields, which record the duration in seconds each field contains a particular value.
+For instance, how many seconds `Severity` has a value of `Low` and `Medium`, etc.
+
+To use this capability, add the following app.config settings to the `[feeds]` configuration section. 
 
-SOAR Compatibilty: 30.0 or higher
+| Key | Values | Description |
+| :-- | :----- | :---------- |
+| timeseries | always \| onclose \| never | When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to 'always'. default is 'never' |
+| timeseries_fields | owner_id, phase_id, severity_code, <custom_field> | A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with '?' or '*'. ex. ts_* will collect all time-series fields starting with "ts_". default is all timeseries fields |
+
+## Compatibility
+SOAR Compatibilty: 51.0.0 or higher
 
-CP4S Compatibility: 1.4 or higher
+CP4S Compatibility: 1.10 or higher
 
 
 ## License

_sources/rc_data_feed_plugin_odbcfeed/README.md.txt

@@ -1,6 +1,7 @@
 # Data Feeder for ODBC Databases
 
 ## Release Notes
+* v1.2.0 Support for incident timeseries data
 * v1.1.1 Refactored exclusion list logic
 * v1.1.0 Bug fixes for database re-connections attempts. Sync Incident function is now interruptible if the playbook/workflow is cancelled. Added ability to exclude fields from incident database table.
 * v1.0.8 Allow Data Sync function to continue without failing a workflow/playbook
@@ -30,6 +31,17 @@ Unless otherwise specified, contents of this repository are published under the
 [LICENSE](LICENSE).
 
 ## Change log
+### Version 1.2.0 changes
+Version 1.2.0 introduces incident timeseries data fields. These custom select or boolean fields, as well as incident `Owner`, `Phase` and `Severity` fields which record the duration in seconds each field contains a particular value.
+For instance, how many seconds `Severity` has a value of `Low` and `Medium`, etc.
+
+To use this capability, add the following app.config settings to the `[feeds]` configuration section.
+
+| Key | Values | Description |
+| :-- | :----- | :---------- |
+| timeseries | always \| onclose \| never | When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to 'always'. default is 'never' |
+| timeseries_fields | owner_id, phase_id, severity_code, <custom_field> | A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with '?' or '*'. ex. ts_* will collect all time-series fields starting with "ts_". default is all time-series fields |
+
 ### Version 1.1.0 changes
 Version 1.1.0 introduces the ability to exclude incident fields from the created `incident` database table.  Wildcards can be used to remove fields following a pattern. Ex. gdpr*.
 To use this capability, add the following app.config setting,exclude_incident_fields_file, to the particular database configuration section. 

_sources/rc_data_feed_plugin_splunkfeed/README.md.txt

@@ -16,6 +16,7 @@ Unless otherwise specified, contents of this repository are published under the
 
 | Version | Date | Notes |
 | ------- | ---- | ----- |
+| 1.3.0   | 09/2024 | Updated base rc_data_feed to 3.3.0. Support for time-series data. |
 | 1.2.0   | 04/2024 | Updated base rc_data_feed to 3.1.0. Added parallel execution. Added ability to exclude selective incident fields. |
 | 1.1.2   | 01/2024 | Updated base rc_data_feed to 3.0.0 |
 | 1.1.1   | 10/2022 | Fix to handle rare corrupt event.message |
@@ -42,6 +43,17 @@ To use this capability, add the following app.config setting, exclude_incident_f
 | parallel_execution | True, False | parallel execution for faster ingestion to Splunk |
 | exclude_incident_fields_file | /path/to/exclusion_file.txt | Specify incident fields, one per line, to exclude from the incident data sent to Splunk. Use wildcards such as '*' (multiple characters) or '?' (single character) to exclude patterns of fields. Ex. gdpr_*, custom_field_int |
 
+### 1.3.0 Changes
+Version 1.3.0 introduces incident time-series data fields. These custom select or boolean fields, as well as incident `Owner`, `Phase` and `Severity` fields which record the duration in seconds each field contains a particular value.
+For instance, how many seconds `Severity` has a value of `Low` and `Medium`, etc.
+
+To use this capability, add the following app.config settings to the `[feeds]` configuration section.
+
+| Key | Values | Description |
+| :-- | :----- | :---------- |
+| timeseries | always \| onclose \| never | When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to 'always'. default is 'never' |
+| timeseries_fields | owner_id, phase_id, severity_code, <custom_field> | A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with '?' or '*'. ex. ts_* will collect all time-series fields starting with "ts_". default is all time-series fields |
+
 ## Compatibility
 SOAR: 45.0 or higher
 
@@ -65,7 +77,7 @@ Simply install the .zip file into the app. It includes:
 ```
 * Run the following commands to install the package:
 ```
-  unzip rc_data_feed-<version>.zip (must be at least version 2.1.0)
+  unzip rc_data_feed-<version>.zip (must be at least version 3.3.0)
   [sudo] pip install --upgrade rc_data_feed-<version>.tar.gz
   unzip rc_data_feed-plugin-splunkfeed-<version>.zip
   [sudo] pip install --upgrade rc_data_feed-plugin-splunkfeed-<version>.tar.gz
@@ -152,6 +164,7 @@ port | Ex. 8088 | The default is 8088 |
 
 ### Considerations
 * Enable the HTTP Event Collector within Splunk ES before using this data feed.
+* Do not use indexer acknowledgement
 * Splunk events are immutable. IBM SOAR object changes are represented as new events. No event deletion is possible.
 * Be aware that when using `reload=True`, all IBM SOAR records will be duplicated in Splunk each time resilient-circuits is re-started. Use the app.config setting `reload_types` to specify the data sent if you want to either limit the object types or to also include datatables.
 

rc_data_feed_plugin_elasticfeed/README.html

@@ -430,19 +430,23 @@ <h2>History<a class="headerlink" href="#history" title="Link to this heading">¶
 </tr>
 </thead>
 <tbody>
-<tr class="row-even"><td><p>1.1.1</p></td>
+<tr class="row-even"><td><p>1.2.0</p></td>
+<td><p>09/2024</p></td>
+<td><p>Support for time series data</p></td>
+</tr>
+<tr class="row-odd"><td><p>1.1.1</p></td>
 <td><p>01/2024</p></td>
 <td><p>Updated base image rc_data_feed to 3.0.0</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.1.0</p></td>
+<tr class="row-even"><td><p>1.1.0</p></td>
 <td><p>07/2022</p></td>
 <td><p>New base images and functionality for attachments</p></td>
 </tr>
-<tr class="row-even"><td><p>1.0.1</p></td>
+<tr class="row-odd"><td><p>1.0.1</p></td>
 <td><p>08/2020</p></td>
 <td><p>App Host support</p></td>
 </tr>
-<tr class="row-odd"><td><p>1.0.0</p></td>
+<tr class="row-even"><td><p>1.0.0</p></td>
 <td><p>12/2019</p></td>
 <td><p>Initial release</p></td>
 </tr>
@@ -477,11 +481,37 @@ <h3>1.1.0 Changes<a class="headerlink" href="#changes" title="Link to this headi
 </table>
 </div>
 </section>
+<section id="id1">
+<h3>1.2.0 Changes<a class="headerlink" href="#id1" title="Link to this heading">¶</a></h3>
+<p>Version 1.2.0 introduces incident timeseries data fields. These are custom select or boolean fields, as well as incident <code class="docutils literal notranslate"><span class="pre">Owner</span></code>, <code class="docutils literal notranslate"><span class="pre">Phase</span></code> and <code class="docutils literal notranslate"><span class="pre">Severity</span></code> fields, which record the duration in seconds each field contains a particular value.
+For instance, how many seconds <code class="docutils literal notranslate"><span class="pre">Severity</span></code> has a value of <code class="docutils literal notranslate"><span class="pre">Low</span></code> and <code class="docutils literal notranslate"><span class="pre">Medium</span></code>, etc.</p>
+<p>To use this capability, add the following app.config settings to the <code class="docutils literal notranslate"><span class="pre">[feeds]</span></code> configuration section.</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head text-left"><p>Key</p></th>
+<th class="head text-left"><p>Values</p></th>
+<th class="head text-left"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td class="text-left"><p>timeseries</p></td>
+<td class="text-left"><p>always | onclose | never</p></td>
+<td class="text-left"><p>When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to ‘always’. default is ‘never’</p></td>
+</tr>
+<tr class="row-odd"><td class="text-left"><p>timeseries_fields</p></td>
+<td class="text-left"><p>owner_id, phase_id, severity_code, &lt;custom_field&gt;</p></td>
+<td class="text-left"><p>A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with ‘?’ or ‘<em>’. ex. ts_</em> will collect all time-series fields starting with “ts_”. default is all timeseries fields</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
 </section>
 <section id="compatibility">
 <h2>Compatibility<a class="headerlink" href="#compatibility" title="Link to this heading">¶</a></h2>
-<p>SOAR Compatibilty: 30.0 or higher</p>
-<p>CP4S Compatibility: 1.4 or higher</p>
+<p>SOAR Compatibilty: 51.0.0 or higher</p>
+<p>CP4S Compatibility: 1.10 or higher</p>
 </section>
 <section id="license">
 <h2>License<a class="headerlink" href="#license" title="Link to this heading">¶</a></h2>
@@ -696,6 +726,7 @@ <h3>Considerations<a class="headerlink" href="#considerations" title="Link to th
 <li><a class="reference internal" href="#introduction">Introduction</a></li>
 <li><a class="reference internal" href="#history">History</a><ul>
 <li><a class="reference internal" href="#changes">1.1.0 Changes</a></li>
+<li><a class="reference internal" href="#id1">1.2.0 Changes</a></li>
 </ul>
 </li>
 <li><a class="reference internal" href="#compatibility">Compatibility</a></li>

rc_data_feed_plugin_odbcfeed/README.html

@@ -416,6 +416,7 @@ <h1>Data Feeder for ODBC Databases<a class="headerlink" href="#data-feeder-for-o
 <section id="release-notes">
 <h2>Release Notes<a class="headerlink" href="#release-notes" title="Link to this heading">¶</a></h2>
 <ul class="simple">
+<li><p>v1.2.0 Support for incident timeseries data</p></li>
 <li><p>v1.1.1 Refactored exclusion list logic</p></li>
 <li><p>v1.1.0 Bug fixes for database re-connections attempts. Sync Incident function is now interruptible if the playbook/workflow is cancelled. Added ability to exclude fields from incident database table.</p></li>
 <li><p>v1.0.8 Allow Data Sync function to continue without failing a workflow/playbook</p></li>
@@ -449,6 +450,32 @@ <h2>License<a class="headerlink" href="#license" title="Link to this heading">¶
 </section>
 <section id="change-log">
 <h2>Change log<a class="headerlink" href="#change-log" title="Link to this heading">¶</a></h2>
+<section id="version-1-2-0-changes">
+<h3>Version 1.2.0 changes<a class="headerlink" href="#version-1-2-0-changes" title="Link to this heading">¶</a></h3>
+<p>Version 1.2.0 introduces incident timeseries data fields. These custom select or boolean fields, as well as incident <code class="docutils literal notranslate"><span class="pre">Owner</span></code>, <code class="docutils literal notranslate"><span class="pre">Phase</span></code> and <code class="docutils literal notranslate"><span class="pre">Severity</span></code> fields which record the duration in seconds each field contains a particular value.
+For instance, how many seconds <code class="docutils literal notranslate"><span class="pre">Severity</span></code> has a value of <code class="docutils literal notranslate"><span class="pre">Low</span></code> and <code class="docutils literal notranslate"><span class="pre">Medium</span></code>, etc.</p>
+<p>To use this capability, add the following app.config settings to the <code class="docutils literal notranslate"><span class="pre">[feeds]</span></code> configuration section.</p>
+<div class="table-wrapper colwidths-auto docutils container">
+<table class="docutils align-default">
+<thead>
+<tr class="row-odd"><th class="head text-left"><p>Key</p></th>
+<th class="head text-left"><p>Values</p></th>
+<th class="head text-left"><p>Description</p></th>
+</tr>
+</thead>
+<tbody>
+<tr class="row-even"><td class="text-left"><p>timeseries</p></td>
+<td class="text-left"><p>always | onclose | never</p></td>
+<td class="text-left"><p>When to collect time-series data. Because of the extra API call needed to collect this data, it could be more impactful on SOAR when set to ‘always’. default is ‘never’</p></td>
+</tr>
+<tr class="row-odd"><td class="text-left"><p>timeseries_fields</p></td>
+<td class="text-left"><p>owner_id, phase_id, severity_code, &lt;custom_field&gt;</p></td>
+<td class="text-left"><p>A comma separated list of time-series fields to collect. Custom select and boolean fields are also possible. Specify wildcard fields with ‘?’ or ‘<em>’. ex. ts_</em> will collect all time-series fields starting with “ts_”. default is all time-series fields</p></td>
+</tr>
+</tbody>
+</table>
+</div>
+</section>
 <section id="version-1-1-0-changes">
 <h3>Version 1.1.0 changes<a class="headerlink" href="#version-1-1-0-changes" title="Link to this heading">¶</a></h3>
 <p>Version 1.1.0 introduces the ability to exclude incident fields from the created <code class="docutils literal notranslate"><span class="pre">incident</span></code> database table.  Wildcards can be used to remove fields following a pattern. Ex. gdpr*.
@@ -951,6 +978,7 @@ <h4>Modifying dialect reserved words<a class="headerlink" href="#modifying-diale
 <li><a class="reference internal" href="#introduction">Introduction</a></li>
 <li><a class="reference internal" href="#license">License</a></li>
 <li><a class="reference internal" href="#change-log">Change log</a><ul>
+<li><a class="reference internal" href="#version-1-2-0-changes">Version 1.2.0 changes</a></li>
 <li><a class="reference internal" href="#version-1-1-0-changes">Version 1.1.0 changes</a></li>
 <li><a class="reference internal" href="#version-1-0-5-changes">Version 1.0.5 changes</a></li>
 </ul>