This repository has been archived by the owner on Aug 8, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 12
/
Splunk_TA_paloalto.aob_meta
1 lines (1 loc) · 12.3 KB
/
Splunk_TA_paloalto.aob_meta
1
{"data_input_builder": {"datainputs": [{"uuid": "31640f18575f431f8c7b2e997b81e16c", "title": "MineMeld Feed", "description": "Collects indicators from a MineMeld output node.", "sourcetype": "minemeld:indicator", "data_inputs_options": [{"type": "customized_var", "title": "Output Node Feed URL", "description": "", "required_on_create": true, "format_type": "text", "required_on_edit": false, "placeholder": "https://your-minemeld-server/feeds/your-feed", "default_value": "", "name": "feed_url"}, {"type": "customized_var", "name": "credentials", "title": "Feed Credentials", "description": "", "required_on_create": false, "format_type": "global_account", "required_on_edit": false, "placeholder": "", "default_value": "", "possible_values": []}], "customized_options": [{"name": "feed_url", "value": ""}, {"name": "credentials", "value": ""}], "code": "\n# encoding = utf-8\n\nimport os\nimport sys\nimport time\nimport datetime\n\n'''\n IMPORTANT\n Edit only the validate_input and collect_events functions.\n Do not edit any other part in this file.\n This file is generated only once when creating the modular input.\n'''\n'''\n# For advanced users, if you want to create single instance mod input, uncomment this method.\ndef use_single_instance_mode():\n return True\n'''\n\ndef validate_input(helper, definition):\n \"\"\"Implement your own validation logic to validate the input stanza configurations\"\"\"\n # This example accesses the modular input variable\n # feed_url = definition.parameters.get('feed_url', None)\n # credentials = definition.parameters.get('credentials', None)\n pass\n\ndef collect_events(helper, ew):\n \"\"\"Implement your data collection logic here\n\n # The following examples get the arguments of this input.\n # Note, for single instance mod input, args will be returned as a dict.\n # For multi instance mod input, args will be returned as a single value.\n opt_feed_url = helper.get_arg('feed_url')\n opt_credentials = helper.get_arg('credentials')\n # In single instance mode, to get arguments of a particular input, use\n opt_feed_url = helper.get_arg('feed_url', stanza_name)\n opt_credentials = helper.get_arg('credentials', stanza_name)\n\n # get input type\n helper.get_input_type()\n\n # The following examples get input stanzas.\n # get all detailed input stanzas\n helper.get_input_stanza()\n # get specific input stanza with stanza name\n helper.get_input_stanza(stanza_name)\n # get all stanza names\n helper.get_input_stanza_names()\n\n # The following examples get options from setup page configuration.\n # get the loglevel from the setup page\n loglevel = helper.get_log_level()\n # get proxy setting configuration\n proxy_settings = helper.get_proxy()\n # get account credentials as dictionary\n account = helper.get_user_credential_by_username(\"username\")\n account = helper.get_user_credential_by_id(\"account id\")\n # get global variable configuration\n global_userdefined_global_var = helper.get_global_setting(\"userdefined_global_var\")\n\n # The following examples show usage of logging related helper functions.\n # write to the log for this modular input using configured global log level or INFO as default\n helper.log(\"log message\")\n # write to the log using specified log level\n helper.log_debug(\"log message\")\n helper.log_info(\"log message\")\n helper.log_warning(\"log message\")\n helper.log_error(\"log message\")\n helper.log_critical(\"log message\")\n # set the log level for this modular input\n # (log_level can be \"debug\", \"info\", \"warning\", \"error\" or \"critical\", case insensitive)\n helper.set_log_level(log_level)\n\n # The following examples send rest requests to some endpoint.\n response = helper.send_http_request(url, method, parameters=None, payload=None,\n headers=None, cookies=None, verify=True, cert=None,\n timeout=None, use_proxy=True)\n # get the response headers\n r_headers = response.headers\n # get the response body as text\n r_text = response.text\n # get response body as json. If the body text is not a json string, raise a ValueError\n r_json = response.json()\n # get response cookies\n r_cookies = response.cookies\n # get redirect history\n historical_responses = response.history\n # get response status code\n r_status = response.status_code\n # check the response status, if the status is not sucessful, raise requests.HTTPError\n response.raise_for_status()\n\n # The following examples show usage of check pointing related helper functions.\n # save checkpoint\n helper.save_check_point(key, state)\n # delete checkpoint\n helper.delete_check_point(key)\n # get checkpoint\n state = helper.get_check_point(key)\n\n # To create a splunk event\n helper.new_event(data, time=None, host=None, index=None, source=None, sourcetype=None, done=True, unbroken=True)\n \"\"\"\n\n '''\n # The following example writes a random number as an event. (Multi Instance Mode)\n # Use this code template by default.\n import random\n data = str(random.randint(0,100))\n event = helper.new_event(source=helper.get_input_type(), index=helper.get_output_index(), sourcetype=helper.get_sourcetype(), data=data)\n ew.write_event(event)\n '''\n\n '''\n # The following example writes a random number as an event for each input config. (Single Instance Mode)\n # For advanced users, if you want to create single instance mod input, please use this code template.\n # Also, you need to uncomment use_single_instance_mode() above.\n import random\n input_type = helper.get_input_type()\n for stanza_name in helper.get_input_stanza_names():\n data = str(random.randint(0,100))\n event = helper.new_event(source=input_type, index=helper.get_output_index(stanza_name), sourcetype=helper.get_sourcetype(stanza_name), data=data)\n ew.write_event(event)\n '''\n", "parameters": [{"type": "text", "format_type": "text", "help_string": "", "name": "feed_url", "label": "Output Node Feed URL", "placeholder": "https://your-minemeld-server/feeds/your-feed", "required": true, "default_value": "", "value": ""}, {"type": "global_account", "format_type": "global_account", "help_string": "", "possible_values": [], "label": "Feed Credentials", "placeholder": "", "required": false, "default_value": "", "value": "", "name": "credentials"}], "interval": "30", "type": "customized", "use_external_validation": true, "name": "minemeld_feed", "streaming_mode_xml": true, "index": "default"}]}, "global_settings_builder": {"global_settings": {"proxy_settings": {"proxy_type": "http"}, "credential_settings": [{"username": "", "password": ""}], "log_settings": {}}}, "sourcetype_builder": {"minemeld:indicator": {"conf_data": {"pulldown_type": "1", "SHOULD_LINEMERGE": "0", "category": "Splunk App Add-on Builder"}, "metadata": {"data_input_name": "minemeld_feed", "event_count": 0, "cims_count": 0, "extractions_count": 0}}}, "basic_builder": {"author": "Palo Alto Networks", "small_icon": "iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAADZUlEQVRYR+2Wy08TURTGvzO0BQlaoEGmxAfBGJCiFiHRRBONipGqbSfRroya+Fj4F7gz0YUr10aNumAnailIq8YoatTgAkhgJEQSJTFUDQ9B3o97zVimDIV2JkCjJsxqZu695/zO9517Zwj/2EX/GA9WgPQcWVHoryoUlL0MIIJlzOraHBrUg1HGk2ZZUJamAQhKEksKxg8W+dOWFSjU7s3njD4rQQWiU4eLH1UlShCUJa6O21cxlBYEDBVvaJISWJtAeXY5/HHXBj9VpmIibUwFKrIyFKxLIlBuGkfZppq4QE/kYx4GU40KVGpj+IHRjO3is2E92wwp9KhdsqUx9KjBtmUzvHsTMPl8UPpk3hWSpR4O2LRA4Pyi3V57Y1mAgm3SeRBuqcGc2Qyplon1Nlvo60IJYu1VFALwwS4Gdi4PkOxtBsg5p2LwV3axdp8eUJaFI391pL/ton4fGbJMWzGBw2mLn+C+fMKSgalxFbTQypBuijwlBSjdxFFojQA19VA7EW1R7odkk8nnq54Oyp5iQJC19tJM2UkBKsliMP857oDm3pkbABxs1xFHoLFelpTt55lrb+SJMzqel1fzMFEf6VoWbPUegkBPYxOMTAIdg7NA6rkUp6EjQOCBPLHWuySgetlbRaCTsUBt/YRJNltPHKAuZ/b0GiLKUtfr2aavkOYTAGCy1MbMSvCWXgHRb4Pm5NYqxBjbXZbDrwK0P0lA/OMOG7vOQXe0/QPghcvhP/D4o1QicLSqyYfQv3pPlrWUBLxODhDhtDNz6gEJwrAWiDGcPbrVfzckS5c4cE1NrtoY/uaJislTWFleTl1TvD5KaFnsFlYTdIfdvKUvJRpTfV/f6q4gIeXZzECTy+EvU+61QATUimIgugtjwRIChdqk25xwLrbixk4v7x2f39Dxqp4DRBgQcwOZi1RI+gJg43wgz/vecWGX8p6Al5UOf7RpF0oUDrsbQLTXSB/pWDb7kwXwDpejpkgN+rbz0Nq+n6lDx8rrRhKdK8pY93f3BeJ0c3mBOK64SvyX9ZIbsU3MHTATNUwtNNewQkMwpfoc1ROLBgq7u0C0QVmf6HCMC1Qve88Q6F5s/ywWyOi6xAq1SRMgmM2jvzIryp8PGA26lHm6n46lBF/M2hUgPdVWFPrvFPoNu2pONNyS/dQAAAAASUVORK5CYII=", "visible": true, "tab_version": "2.1.2", "large_icon": "iVBORw0KGgoAAAANSUhEUgAAAEgAAABICAYAAABV7bNHAAAKwUlEQVR4Xu2bC3BU1RnH/9/dDUkwCeQhuXeTwKg8s4GAbzq1lVrFbEJ2L50w1s7U2lqrrbbOaOtMH4q2nVpb6WBbW/sQ0T6mtGUfyW7QWkGn9YkgsjcBheqIZhckBMIrJLvn69zIhk1yLmQfAXT2zDDD7Dnne/zOd77zuiHkykkJUI7PyQnkAJ0iQnKAcoAySyK5CMpFUC6CMiOQi6DM+OVyUC6CchGUGYGPawT9c0tDdWFewT1gzCHBj7+8d//q5Ys2xLJN6yOZg57b7uk4HKM5yTDsCr+9X7w1e5nT6M8mpI8coA2d+n1HBO6RQSi2i6VXzPJ7PzKAWjcumQg7ly6Z3/Z+Noxes6bFVuSMWU6j0oL4rQsvCPw2G7oSMsYlgp7aok8Rdl7FIJepiIGjNuKvXVvrezIT49fsaiks6o0dsZIxo1ismjHV/+VMdIzsm3VAra83Vdny8jYDOHeksgFbvMQ9O3AwXQfWbPzspKLC4v2y/qYj88rjO6rUwIx05VvJzaY8hDo8vwDTHTKh5fni+5dN9/84XYVtRnOLAtsaaf7JA6aXCPQfi5VNmxbsSVfHuEdQ0PD0EqhYZmBdWfz5qVrg0+kaHzL0DQCk/bVChjqRERvA5TU1/pfT1TGugNZtXKyJwoldVsbNKxOoUv02Ioh0HAgZOlv1O79YYNIEgCBuUtXWP6Yjf9ynWPsb+kK24QUr4+aXCQz0pzcF1hstRUcRs8xfcyYLFNhMQHhUVf23nJWAQp36VyHwO5lxCgH1ZQJ59nh1RUXqy/66jqWaYLaOzlIBmwIw4xWH5r/s7AQU9jwKoptlxp2bz6guYnPN/4am+R9J1YHWrZ4rbQqtl/XLU4C60qFZO3DoYH/xjBntx1LVMe5TLGR4NgG0QKZo9iSBQjtAhGfUSv/VqRrfbugrGfimrF9FPqPGhH+8sBAXORytm1LVMa6AQm81lKC/4ICVUQvKT+Tlfd078p0pnplChv4egCqZ/GlFAmX5STUsbtS01sfPKkDBrc0Xk2J7VT4KjPnlJ0aYoFSqqnfPWB0wjyy2Qvthq/YzSwTOyTtRK5h/VaUFbh+r/JO1y9pOOhh2X0+k/FmeoBn1ZcmAYnNVNRgeqwNPbXXXxBXlXav2Zv4x89CJOYb1mub/zFjlnxZAbYbn5wroTpmykgmMC4qTtjDMd2la4KGxOhAymhcANsuckjx9j8s8oKn+yWOVf1oABcP6s0RYJFM2tUigPDlHAC9qqv8TZtug4VKZ8ivsIt7X27Hz3WXLRt/nhAzP7QA9LIWfx7igZPT+kUWs1uEIdmYKKWtTLBTWD4JQJDNIMsIweg5V9IviPwDkGVp9mN8+FqfLl9YPz0/tHfoLzFgok10zkVFROBqQgLi+Sm3961kBqH1L8yy227ZJ8w8Y9UkJOtFm6z7aFWOqGdmHWTzRWOe/IfH7Gm6xFXVY3wGNTNCJfgReqaoB6aE5FWhZiaB2Q29hQHrKthNjblKCNo07PAC82ZucVYeZ/JLL6R2KltaNSypshfYPrJyqnSyQbxtdy8AzDjX1/dZISVkBFAp77gfRD2ROnGNnzJw0fAq8d5jwQZ+FauK/uWp91yVktXY0zbBx3ptWgOrL4lBIKusdTfWfl0q0yNpmBVAwrLcSoUmmIHENkVzXuZ/QF5erZvB3G52+nyTaB99wX082+faBgfCF5WIKAPPfqNKnDGjnTQlFM4GUJUCe/xGRdLQSR4xkI7fuI8TYSjW7XE5fe6J9W9jziEJ0q3x0eXl9udAJVC+rF3F2V1UFAmcU0NrOq8oLRMleCyOOLCgX5gI/LEts6VYsL4QKJ3LpovN8Q9eqIUOPAFBl8uOM+RdXCHM/dZWsnplXOLSAdG82VmgZR1Bbx9JGhblNqpDwfn2p2KQQliTqj8aAbQcsE/ROl9M7PdF2nbG4TGBit5UzNlvs/LmTFQ8BKyzyx9Oq6l88VhjjkoPawu67FVIekI4gEK4v5QdtCj+RqI8cIUSPWk6vkMvpa0y0bd/WPIvj8u2D2WagJ16ycCYq44LekkPgHVqGl/gZR1DI0M3lvUVqIGNlfal4SLFh6By1/QDhSMwyQd/X6PQtT8gKGbp5nvq3Bfx9jU5vuVkXibrNm8ZRm1QijlVO6S0kSv9JOmNAQUPfSkCd1AkRv2be5GOv2fMKhqbJyRK0EPhc01zv2iRAPwLwPTkgfrLR6fvicUAdAIY9RSf6KISrKyv9z6Q7zTIGFDI8fQANP2l9+FgoXt3Tk99UfJCqqquH3stf7yaweXMsKRSLz26oD2xPVAUNz0sEsrg+jblcztbB1S4SdQcBDD5SjirE92iVgR+eEUDrwk2XCsqzeGLhvS6nb/DxsCvavJlA883/b+62SNCEAw1zvKVk8gOwav2VBZVTSo9aOaYQOa6tXWuucIjsXvIAWLlbPs15naYFGs4IoOBW/duk4EGrBOly+gZfOSO7PT8F83d6jhHeOWS1g8bTrlrv0IoT7NRnksBQNI3SMaFvkmtGe6/5ezTquYrB8mnE6NQ0f+0ZARTq0B8HY+hgmWwEA8FGp3dwd/1+t7tGGcC7O3oJBwesErR4uNHp/1ZCxodLfOHewVvs0eUxl9P7leSfI9FmIW/LvZoamHRGALUb+gsM+TWEEHxT01zf4ANeNHrNOYzCQ1v2EYTVDprFDa46/9B2wOwXMtx3AcrPTjjHDIGXXqnzfXL5iMfHroh7FxGqZSBY8CUOR2BjOpAyStKhsN4NQplUseDprrm+nWadYTgnlJVPP3ayBA3EL3Q5A+ZHD8PKunDzdEH0JQINxBBftcTZKr167Yq6/0vA4CXcyMKC73A4AitPK6BTPDPvdzm9pSOmwIHN3bYSCyMHbLHDpYvrn7a8mD+Vc12R5tVENLjsjwIE/pdDDVxzKhmy+rQjKBj2fJ6I/iJXyttdTt/s5LquLrf+eo8ytMdJriPCrxtqvbel40CiTyTivhGEx6SAGJ2ONBN12oBCHfpqMKQjBub/uOp8V4w09tlt+p6++IjvhojbbANHrsskekw93d1Lq/sH4rssIHdrqr8inQFIH5ChPwfgU1KlCu51zfHeP7Ju48aL8o6U1NzSL+jOuKBNgnnFwVr7i8vo7/F0jB/ZJxJt/gAgOQjun6Jp7ZY3k1b6MwH0DoBpMsEi3n9x07zga9lwOhUZkWjzKwBdIs8lfLOqBn6fijyzbVqAli+HcmmLbjXqwuX0Sm6JUzUt9fZd0eY/EegL8jzE/3BoAfmh+iSq0gLUZrivUKA8b2HI2411vvNTdy/zHpE9zbdB0C+lkgjbtUr/sIVjLBrTAtRueO5l0NC1xLAVCVjf4PRm5dl3LA4kt2FumRDd3b8DwKjnJAAbNNUvfdg8mZ60AIUMTxDHP/EdJZz5N64639dTdS5b7bu6lkwlRTFP+cnnr30ijvlVVX6rVc5SfXqAOjxvgGmuPJRZd9X6fNlyOB05zC22SKRvIZFiXubvZhYhh6PV8vvqrEdQ0PC8TKBLJYJ3HjLss5Yty86ynQ6cbPdJL4IMTwNAoWHzH9zT348L9QU+c/n/2JS0AJner92iT8lX+A4oqFaA1QV79j+3aBz+HOlMk04b0Jk2/HTpzwE6BekcoBygzCZjLoJyEZSLoMwI5CIoM365HJSLoFwEZUYgF0GZ8fs/0tTCdqST6DQAAAAASUVORK5CYII=", "appname": "TA-minemeld", "theme": "#316989", "build_no": 1, "tab_build_no": "23", "version": "1.0.0", "friendly_name": "MineMeld Add-on", "description": "Collect data from MineMeld output node feeds to find threat indicators across all Splunk events. Supports Splunk Enterprise Security Threat Intelligence feature."}}