Skip to content

Commit

Permalink
review comments
Browse files Browse the repository at this point in the history
  • Loading branch information
@jeremy-cxf
jeremy-cxf committed Mar 13, 2024
1 parent 130de5f commit c600676
Show file tree
Hide file tree
Showing 17 changed files with 150 additions and 708 deletions.
Binary file modified app_builder_import_file/sigsci_TA_for_splunk-1_0_38_export.tgz
View file
Binary file not shown.
Binary file modified sigsci_TA_for_splunk-1.0.38.tgz
View file
Binary file not shown.
26 changes: 13 additions & 13 deletions sigsci_TA_for_splunk/README/inputs.conf.spec
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,21 @@
[SigsciRequests://<name>]
site_api_name = This is the API Name of the site to pull request data from. This should not be a URL.
request_limit = The amount of request objects returned in the array. Default: 100. Max:1000
disable_catchup = Disables catch-up behavior. Request feed will always be ingested from now and the delta (and offset). We recommend keeping this as checked for request feeds with large amounts of requests.
twenty_hour_catchup = In the event the last time stored is >24hours the TA will try can try and catch-up from exactly 24 hours ago, otherwise resets to now - delta. Disable catchup must be false in order to work.
attack_and_anomaly_signals_only = Only retrieves requests that contain attack or anomaly signals. Please evaluate your signal configuration if there are overly inclusive signals creating excessive requests.
request_timeout = Configures Request Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.
read_timeout = Configures Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.

[SigsciEvent://<name>]
site_api_name = This is the Site API Name. It should not be a URL.
disable_catchup = Time is always set based from now - delta (Interval). Recommended to be True. Default: True.
twenty_hour_catchup = If last stored timestamp was over 24 hours, resets to exactly 24 hours ago instead to meet API limitations.
disable_catchup = Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.
twenty_hour_catchup = In the event the last time stored is >24Hours the TA will try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. 'Disable Catchup' must be False in order to work.
request_timeout = Configures Request Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.
read_timeout = Configured Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.

[SigsciActivity://<name>]
disable_catchup =
twenty_hour_catchup =
disable_catchup = Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.
twenty_hour_catchup = In the event the last time stored is >24Hours the TA will try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. 'Disable Catchup' must be false in order to work.
request_timeout = Configures Request Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.
read_timeout = Configures Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.

[SigsciRequests://<name>]
site_api_name = This is the API Name of the site to pull request data from. This should not be a URL.
request_limit = The amount of request objects returned in the array. Default: 100. Max:1000
disable_catchup = Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.
twenty_hour_catchup = In the event the last time stored is >24hours the TA will try can try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. 'Disable Catchup' must be False in order to work.
attack_and_anomaly_signals_only = Only retrieves requests that contain attack or anomaly signals. Please evaluate your signal configuration if there are overly inclusive signals creating excessive requests.
request_timeout = Configures Request Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.
read_timeout = Configures Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.
142 changes: 71 additions & 71 deletions sigsci_TA_for_splunk/appserver/static/js/build/globalConfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,10 +247,6 @@
"field": "site_api_name",
"label": "Site API Name"
},
{
"field": "request_limit",
"label": "Request Limit"
},
{
"field": "disable_catchup",
"label": "Disable Catchup"
Expand All @@ -259,17 +255,21 @@
"field": "twenty_hour_catchup",
"label": "24 Hour Catchup"
},
{
"field": "attack_and_anomaly_signals_only",
"label": "Attack & Anomaly Signals Only"
},
{
"field": "request_timeout",
"label": "Request Timeout"
},
{
"field": "read_timeout",
"label": "Read Timeout"
"label": "read_timeout"
},
{
"field": "request_limit",
"label": "Request Limit"
},
{
"field": "attack_and_anomaly_signals_only",
"label": "Attack & Anomaly Signals Only"
}
],
"actions": [
Expand All @@ -281,8 +281,8 @@
},
"services": [
{
"name": "SigsciRequests",
"title": "SigsciRequests",
"name": "SigsciEvent",
"title": "SigsciEvent",
"entity": [
{
"field": "name",
Expand Down Expand Up @@ -341,25 +341,9 @@
{
"field": "site_api_name",
"label": "Site API Name",
"help": "This is the API Name of the site to pull request data from. This should not be a URL.",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "request_limit",
"label": "Request Limit",
"help": "The amount of request objects returned in the array. Default: 100. Max:1000",
"help": "This is the Site API Name. It should not be a URL.",
"required": true,
"type": "text",
"defaultValue": "1000",
"validators": [
{
"type": "string",
Expand All @@ -372,22 +356,15 @@
{
"field": "disable_catchup",
"label": "Disable Catchup",
"help": "Disables catch-up behavior. Request feed will always be ingested from now and the delta (and offset). We recommend keeping this as checked for request feeds with large amounts of requests. ",
"help": "Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.",
"required": false,
"type": "checkbox",
"defaultValue": true
},
{
"field": "twenty_hour_catchup",
"label": "24 Hour Catchup",
"help": "In the event the last time stored is >24hours the TA will try can try and catch-up from exactly 24 hours ago, otherwise resets to now - delta. Disable catchup must be false in order to work.",
"required": false,
"type": "checkbox"
},
{
"field": "attack_and_anomaly_signals_only",
"label": "Attack & Anomaly Signals Only",
"help": "Only retrieves requests that contain attack or anomaly signals. Please evaluate your signal configuration if there are overly inclusive signals creating excessive requests.",
"help": "In the event the last time stored is >24Hours the TA will try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. 'Disable Catchup' must be False in order to work. ",
"required": false,
"type": "checkbox"
},
Expand All @@ -407,13 +384,13 @@
}
],
"options": {
"placeholder": "Request Timeout"
"placeholder": "60"
}
},
{
"field": "read_timeout",
"label": "Read Timeout",
"help": "Configures Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.",
"label": "read_timeout",
"help": "Configured Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.",
"required": true,
"type": "text",
"defaultValue": "60",
Expand All @@ -424,13 +401,16 @@
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
],
"options": {
"placeholder": "60"
}
}
]
},
{
"name": "SigsciEvent",
"title": "SigsciEvent",
"name": "SigsciActivity",
"title": "SigsciActivity",
"entity": [
{
"field": "name",
Expand Down Expand Up @@ -486,33 +466,18 @@
}
]
},
{
"field": "site_api_name",
"label": "Site API Name",
"help": "This is the Site API Name. It should not be a URL.",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "disable_catchup",
"label": "Disable Catchup",
"help": "Time is always set based from now - delta (Interval). Recommended to be True. Default: True.",
"help": "Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.",
"required": false,
"type": "checkbox",
"defaultValue": true
},
{
"field": "twenty_hour_catchup",
"label": "24 Hour Catchup",
"help": "If last stored timestamp was over 24 hours, resets to exactly 24 hours ago instead to meet API limitations. ",
"help": "In the event the last time stored is >24Hours the TA will try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. 'Disable Catchup' must be false in order to work. ",
"required": false,
"type": "checkbox"
},
Expand All @@ -537,8 +502,8 @@
},
{
"field": "read_timeout",
"label": "read_timeout",
"help": "Configured Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.",
"label": "Read Timeout",
"help": "Configures Read Timeout for HTTP operations. Consider increasing if on a slow connection or pagination batches are large.",
"required": true,
"type": "text",
"defaultValue": "60",
Expand All @@ -557,8 +522,8 @@
]
},
{
"name": "SigsciActivity",
"title": "SigsciActivity",
"name": "SigsciRequests",
"title": "SigsciRequests",
"entity": [
{
"field": "name",
Expand Down Expand Up @@ -614,18 +579,56 @@
}
]
},
{
"field": "site_api_name",
"label": "Site API Name",
"help": "This is the API Name of the site to pull request data from. This should not be a URL.",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "request_limit",
"label": "Request Limit",
"help": "The amount of request objects returned in the array. Default: 100. Max:1000",
"required": true,
"type": "text",
"defaultValue": "1000",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "disable_catchup",
"label": "Disable Catchup",
"help": "",
"help": "Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.",
"required": false,
"type": "checkbox",
"defaultValue": true
},
{
"field": "twenty_hour_catchup",
"label": "24 Hour Catchup",
"help": "",
"help": "In the event the last time stored is >24hours the TA will try can try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. 'Disable Catchup' must be False in order to work.",
"required": false,
"type": "checkbox"
},
{
"field": "attack_and_anomaly_signals_only",
"label": "Attack & Anomaly Signals Only",
"help": "Only retrieves requests that contain attack or anomaly signals. Please evaluate your signal configuration if there are overly inclusive signals creating excessive requests.",
"required": false,
"type": "checkbox"
},
Expand All @@ -645,7 +648,7 @@
}
],
"options": {
"placeholder": "60"
"placeholder": "Request Timeout"
}
},
{
Expand All @@ -662,10 +665,7 @@
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
],
"options": {
"placeholder": "60"
}
]
}
]
}
Expand Down
4 changes: 2 additions & 2 deletions sigsci_TA_for_splunk/bin/SigsciActivity.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ def get_scheme(self):
For other input types, arguments should be get from input_module. Defining new input types could be easier.
"""
scheme.add_argument(smi.Argument("disable_catchup", title="Disable Catchup",
description="",
description="Disables catch-up behavior. Events will always be ingested from now minus the delta (including an offset for the requests feed). Recommended to be left true. Default: True.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("twenty_hour_catchup", title="24 Hour Catchup",
description="",
description="In the event the last time stored is >24Hours the TA will try and catch-up from exactly 24 hours ago, otherwise resets to now minus the delta. \'Disable Catchup\' must be false in order to work.",
required_on_create=False,
required_on_edit=False))
scheme.add_argument(smi.Argument("request_timeout", title="Request Timeout",
Expand Down
Loading

0 comments on commit c600676

Please sign in to comment.