CHANGELOG for 1.4.17

CHANGELOG.md

@@ -1,3 +1,6 @@
+##1.4.17
+* Support for XSOAR alert actions
+
 ##1.4.16
 * Fix incorrect revert in v1.4.15
 

client/acl.go

@@ -9,7 +9,7 @@ import (
 	"github.com/google/go-querystring/query"
 )
 
-//https://docs.splunk.com/Documentation/Splunk/8.0.4/RESTUM/RESTusing#Access_Control_List
+// https://docs.splunk.com/Documentation/Splunk/8.0.4/RESTUM/RESTusing#Access_Control_List
 func (client *Client) GetAcl(owner, app, name string, resources ...string) (*http.Response, error) {
 	resourcePath := []string{"servicesNS", owner, app}
 	resourcePath = append(resourcePath, resources...)

client/models/acl.go

@@ -1,6 +1,6 @@
 package models
 
-//https://docs.splunk.com/Documentation/Splunk/8.0.4/RESTUM/RESTusing#Access_Control_List
+// https://docs.splunk.com/Documentation/Splunk/8.0.4/RESTUM/RESTusing#Access_Control_List
 type ACLObject struct {
 	App            string      `json:"app,omitempty" url:"app,omitempty"`
 	CanChangePerms bool        `json:"can_change_perms,omitempty" url:"can_change_perms,omitempty"`

client/models/saved_searches.go

@@ -83,7 +83,7 @@ type SavedSearchObject struct {
 	ActionSummaryIndexMaxTime                    int     `json:"action.summary_index.maxtime,omitempty" url:"action.summary_index.maxtime,omitempty"`
 	ActionSummaryIndexTrackAlert                 bool    `json:"action.summary_index.track_alert" url:"action.summary_index.track_alert"`
 	ActionSummaryIndexTTL                        string  `json:"action.summary_index.ttl,omitempty" url:"action.summary_index.ttl,omitempty"`
-	ActionCreateXsoarIncident                    string	 `json:"action.create_xsoar_incident,omitempty" url:"action.create_xsoar_incident"`
+	ActionCreateXsoarIncident                    string  `json:"action.create_xsoar_incident,omitempty" url:"action.create_xsoar_incident"`
 	ActionCreateXsoarIncidentParamSendAllServers string  `json:"action.create_xsoar_incident.param.send_all_servers,omitempty" url:"action.create_xsoar_incident.param.send_all_servers"`
 	ActionCreateXsoarIncidentParamServerUrl      string  `json:"action.create_xsoar_incident.param.server_url,omitempty" url:"action.create_xsoar_incident.param.server_url"`
 	ActionCreateXsoarIncidentParamIncidentName   string  `json:"action.create_xsoar_incident.param.incident_name,omitempty" url:"action.create_xsoar_incident.param.incident_name"`

splunk/resource_splunk_saved_searches.go

@@ -488,49 +488,49 @@ func savedSearches() *schema.Resource {
 					"If p follows Integer, specifies the number of scheduled periods. Defaults to 86400 (24 hours).",
 			},
 			"action_create_xsoar_incident": {
-		    Type:     schema.TypeString,
-		    Optional: true,
-		    Description: "Enabled XSOAR Alert Sending.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enabled XSOAR Alert Sending.",
 			},
 			"action_create_xsoar_incident_param_send_all_servers": {
-		    Type:     schema.TypeString,
-		    Optional: true,
-		    Description: "Enabled XSOAR alert sending to all servers.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enabled XSOAR alert sending to all servers.",
 			},
 			"action_create_xsoar_incident_param_server_url": {
-		    Type:        schema.TypeString,
-		    Optional:    true,
-		    Description: "Enter the XSOAR server URL.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enter the XSOAR server URL.",
 			},
 			"action_create_xsoar_incident_param_incident_name": {
-		    Type:        schema.TypeString,
-		    Optional:    true,
-		    Description: "Enter the XSOAR incident name.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enter the XSOAR incident name.",
 			},
 			"action_create_xsoar_incident_param_details": {
-		    Type:        schema.TypeString,
-		    Optional:    true,
-		    Description: "Enter the XSOAR incident details.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enter the XSOAR incident details.",
 			},
 			"action_create_xsoar_incident_param_custom_fields": {
-		    Type:        schema.TypeString,
-		    Optional:    true,
-		    Description: "Enter the XSOAR incident custom_fields.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enter the XSOAR incident custom_fields.",
 			},
 			"action_create_xsoar_incident_param_severity": {
-		    Type:     schema.TypeString,
-		    Optional: true,
-		    Description: "Enter the XSOAR incident serverity.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enter the XSOAR incident serverity.",
 			},
 			"action_create_xsoar_incident_param_occurred": {
-		    Type:     schema.TypeString,
-		    Optional: true,
-		    Description: "Eneter the XSOAR incident occurred datetime.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Eneter the XSOAR incident occurred datetime.",
 			},
 			"action_create_xsoar_incident_param_type": {
-		    Type:        schema.TypeString,
-		    Optional:    true,
-		    Description: "Enter the XSOAR incident type.",
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enter the XSOAR incident type.",
 			},
 			"action_slack_param_channel": {
 				Type:        schema.TypeString,
@@ -1303,31 +1303,31 @@ func savedSearchesRead(d *schema.ResourceData, meta interface{}) error {
 		return err
 	}
 	if err = d.Set("action_create_xsoar_incident", entry.Content.ActionCreateXsoarIncident); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_send_all_servers", entry.Content.ActionCreateXsoarIncidentParamSendAllServers); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_server_url", entry.Content.ActionCreateXsoarIncidentParamServerUrl); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_incident_name", entry.Content.ActionCreateXsoarIncidentParamIncidentName); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_details", entry.Content.ActionCreateXsoarIncidentParamDetails); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_custom_fields", entry.Content.ActionCreateXsoarIncidentParamCustomFields); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_severity", entry.Content.ActionCreateXsoarIncidentParamSeverity); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_occurred", entry.Content.ActionCreateXsoarIncidentParamOccurred); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_create_xsoar_incident_param_type", entry.Content.ActionCreateXsoarIncidentParamType); err != nil {
-	  return err
+		return err
 	}
 	if err = d.Set("action_slack_param_attachment", entry.Content.ActionSlackParamAttachment); err != nil {
 		return err

splunk/resource_splunk_saved_searches_test.go

@@ -345,31 +345,31 @@ func TestAccSplunkSavedSearches(t *testing.T) {
 				),
 			},
 			{
-			  Config: newSavedSearchesXsoar,
-			  Check: resource.ComposeTestCheckFunc(
-			    resource.TestCheckResourceAttr(resourceName, "name", "Test XSOAR Alert"),
-			    resource.TestCheckResourceAttr(resourceName, "actions", "create_xsoar_incident"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident", "1"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_send_all_servers", "1"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_server_url", "https://xsoar.example.com"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_incident_name", "$name$"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_details", "This is a test alert."),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_custom_fields", "logsource:Demisto,mycustomfield:Test"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_severity", "1"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_occurred", "$trigger_time$"),
-			    resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_type", "Unclassified"),
-			    resource.TestCheckResourceAttr(resourceName, "alert_comparator", "greater than"),
-			    resource.TestCheckResourceAttr(resourceName, "alert_digest_mode", "true"),
-			    resource.TestCheckResourceAttr(resourceName, "alert_expires", "30d"),
-			    resource.TestCheckResourceAttr(resourceName, "alert_threshold", "0"),
-			    resource.TestCheckResourceAttr(resourceName, "alert_type", "number of events"),
-			    resource.TestCheckResourceAttr(resourceName, "cron_schedule", "*/1 * * * *"),
-			    resource.TestCheckResourceAttr(resourceName, "disabled", "false"),
-			    resource.TestCheckResourceAttr(resourceName, "is_scheduled", "true"),
-			    resource.TestCheckResourceAttr(resourceName, "is_visible", "true"),
-			    resource.TestCheckResourceAttr(resourceName, "realtime_schedule", "true"),
-			    resource.TestCheckResourceAttr(resourceName, "search", "index=main level=error"),
-			  ),
+				Config: newSavedSearchesXsoar,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "name", "Test XSOAR Alert"),
+					resource.TestCheckResourceAttr(resourceName, "actions", "create_xsoar_incident"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident", "1"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_send_all_servers", "1"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_server_url", "https://xsoar.example.com"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_incident_name", "$name$"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_details", "This is a test alert."),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_custom_fields", "logsource:Demisto,mycustomfield:Test"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_severity", "1"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_occurred", "$trigger_time$"),
+					resource.TestCheckResourceAttr(resourceName, "action_create_xsoar_incident_param_type", "Unclassified"),
+					resource.TestCheckResourceAttr(resourceName, "alert_comparator", "greater than"),
+					resource.TestCheckResourceAttr(resourceName, "alert_digest_mode", "true"),
+					resource.TestCheckResourceAttr(resourceName, "alert_expires", "30d"),
+					resource.TestCheckResourceAttr(resourceName, "alert_threshold", "0"),
+					resource.TestCheckResourceAttr(resourceName, "alert_type", "number of events"),
+					resource.TestCheckResourceAttr(resourceName, "cron_schedule", "*/1 * * * *"),
+					resource.TestCheckResourceAttr(resourceName, "disabled", "false"),
+					resource.TestCheckResourceAttr(resourceName, "is_scheduled", "true"),
+					resource.TestCheckResourceAttr(resourceName, "is_visible", "true"),
+					resource.TestCheckResourceAttr(resourceName, "realtime_schedule", "true"),
+					resource.TestCheckResourceAttr(resourceName, "search", "index=main level=error"),
+				),
 			},
 			{
 				Config: newSavedSearchesSlack,