Skip to content
This repository has been archived by the owner on Apr 23, 2023. It is now read-only.

Commit

Permalink
Administratrivia for Splunkbase 4.1.0 release
Browse files Browse the repository at this point in the history
  • Loading branch information
@jorritfolmer
jorritfolmer committed Oct 21, 2022
1 parent 6bb1fcc commit fa44e43
Show file tree
Hide file tree
Showing 8 changed files with 195 additions and 196 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Expand Up @@ -2,7 +2,8 @@

## 4.1.0

- Added OAuth2 support for IMAP. (Thanks to hkelley for contributing code for this feature!)
- Added OAuth2 support for Microsoft Office365 IMAP. (Thanks to hkelley for contributing code for this feature!)
- Fixed an exception when encountering illegal characters in xml attachment filenames. (Thanks to hkelley for reporting this issue)

## 4.0.0

Expand Down
18 changes: 7 additions & 11 deletions README.md
View file
Expand Up @@ -13,17 +13,9 @@ an IMAP/POP3 mailbox or local directory with mitigations against:

| Splunk version | Linux | Windows
|----------------|-------|---------
| 6.3 | Yes | Yes
| 6.4 | Yes | Yes
| 6.5 | Yes | Yes
| 6.6 | Yes | Yes
| 7.0 | Yes | Yes
| 7.1 | Yes | Yes
| 7.2 | Yes | Yes
| 7.3 | Yes | Yes
| 8.0 | Yes | Yes
| 8.1 | Yes | Likely. Untested.
| 8.2 | Yes | Likely. Untested.
| 8.1 | Yes | Yes
| 8.2 | Yes | Yes
| 9.0 | Yes | Likely, untested

Additional requirements:

Expand All @@ -32,6 +24,10 @@ Additional requirements:

## Upgrading from previous versions

### From 3.x to 4.x

- Upgrade Splunk to at least 8.1.x or higher. Earlier Splunk versions are not suppported starting version 4.0 of the TA-dmarc add-on.

### From 2.x to 3.x

The event output format changed to JSON. This is the new default because JSON is a better match for the structured aggregate reports than a flat key=value (KV) format. See for example issue #4 on Github. If you want your inputs to to keep using the KV format:
Expand Down
14 changes: 7 additions & 7 deletions README/inputs.conf.spec
View file
Expand Up @@ -13,22 +13,22 @@ validate_xml = Validate the aggregate reports against the DMARC XSD. Results are
validate_dkim = (Beta) Validate the DKIM signatures in the mail headers. Results are currently only available in DEBUG log.
output_format =

[dmarc_imap_oauth2://<name>]
global_account =
[dmarc_imap://<name>]
global_account = Use the account configured in the setup tab
imap_server = Connect to the specified IMAP server with TLS (port 993)
imap_username = The username as identified by their mail address, e.g. test@contoso.onmicrosoft.com
oauth2_authority = For O365 this will resemble https://login.microsoftonline.com/{yourtenantid}/v2.0
oauth2_scope = For O365 this should most likely be https://outlook.office365.com/.default
resolve_ip = Resolve the source_ip field in the DMARC aggregate reports.
validate_xml = Validate the aggregate reports against the DMARC XSD. Results are included in the field vendor_rua_xsd_validation.
validate_dkim = (Beta) Validate the DKIM signatures in the mail headers. Results are currently only available in DEBUG log.
imap_mailbox = Select the IMAP mailbox to poll. Default: INBOX
output_format =
batch_size = Max number of messages to fetch per batch to prevent connection timeouts and resets

[dmarc_imap://<name>]
global_account = Use the account configured in the setup tab
[dmarc_imap_oauth2://<name>]
global_account =
imap_server = Connect to the specified IMAP server with TLS (port 993)
imap_username = The username as identified by their mail address, e.g. test@contoso.onmicrosoft.com
oauth2_authority = For O365 this should be https://login.microsoftonline.com/<tenant_id>
oauth2_scope = For O365 this should be https://outlook.office365.com/.default
resolve_ip = Resolve the source_ip field in the DMARC aggregate reports.
validate_xml = Validate the aggregate reports against the DMARC XSD. Results are included in the field vendor_rua_xsd_validation.
validate_dkim = (Beta) Validate the DKIM signatures in the mail headers. Results are currently only available in DEBUG log.
Expand Down
2 changes: 1 addition & 1 deletion TA-dmarc.aob_meta
View file

Large diffs are not rendered by default.

122 changes: 62 additions & 60 deletions appserver/static/js/build/globalConfig.json
View file
Expand Up @@ -2,7 +2,7 @@
"meta": {
"name": "TA-dmarc",
"displayName": "TA-dmarc add-on for Splunk",
"version": "4.0.0",
"version": "4.1.0",
"restRoot": "TA_dmarc",
"schemaVersion": "0.0.3"
},
Expand Down Expand Up @@ -202,6 +202,14 @@
"field": "imap_server",
"label": "IMAP server"
},
{
"field": "imap_mailbox",
"label": "IMAP mailbox"
},
{
"field": "batch_size",
"label": "Batch size"
},
{
"field": "imap_username",
"label": "IMAP username"
Expand All @@ -213,14 +221,6 @@
{
"field": "oauth2_scope",
"label": "OAuth2 scope"
},
{
"field": "imap_mailbox",
"label": "IMAP mailbox"
},
{
"field": "batch_size",
"label": "Batch size"
}
],
"actions": [
Expand Down Expand Up @@ -489,8 +489,8 @@
]
},
{
"name": "dmarc_imap_oauth2",
"title": "DMARC imap (oauth2)",
"name": "dmarc_imap",
"title": "DMARC imap",
"entity": [
{
"field": "name",
Expand Down Expand Up @@ -549,7 +549,7 @@
{
"field": "global_account",
"label": "Global Account",
"help": "",
"help": "Use the account configured in the setup tab",
"required": true,
"type": "singleSelect",
"options": {
Expand All @@ -571,51 +571,6 @@
}
]
},
{
"field": "imap_username",
"label": "IMAP username",
"help": "The username as identified by their mail address, e.g. test@contoso.onmicrosoft.com",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "oauth2_authority",
"label": "OAuth2 authority",
"help": "For O365 this will resemble https://login.microsoftonline.com/{yourtenantid}/v2.0",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "oauth2_scope",
"label": "OAuth2 scope",
"help": "For O365 this should most likely be https://outlook.office365.com/.default",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "resolve_ip",
"label": "Resolve IP",
Expand Down Expand Up @@ -695,8 +650,8 @@
]
},
{
"name": "dmarc_imap",
"title": "DMARC imap",
"name": "dmarc_imap_oauth2",
"title": "DMARC imap (oauth2)",
"entity": [
{
"field": "name",
Expand Down Expand Up @@ -755,7 +710,7 @@
{
"field": "global_account",
"label": "Global Account",
"help": "Use the account configured in the setup tab",
"help": "",
"required": true,
"type": "singleSelect",
"options": {
Expand All @@ -768,6 +723,53 @@
"help": "Connect to the specified IMAP server with TLS (port 993)",
"required": true,
"type": "text",
"defaultValue": "outlook.office365.com",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "imap_username",
"label": "IMAP username",
"help": "The username as identified by their mail address, e.g. test@contoso.onmicrosoft.com",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "oauth2_authority",
"label": "OAuth2 authority",
"help": "For O365 this should be https://login.microsoftonline.com/<tenant_id>",
"required": true,
"type": "text",
"validators": [
{
"type": "string",
"minLength": 0,
"maxLength": 8192,
"errorMsg": "Max length of text input is 8192"
}
]
},
{
"field": "oauth2_scope",
"label": "OAuth2 scope",
"help": "For O365 this should be https://outlook.office365.com/.default",
"required": true,
"type": "text",
"defaultValue": "https://outlook.office365.com/.default",
"validators": [
{
"type": "string",
Expand Down
4 changes: 2 additions & 2 deletions bin/TA_dmarc_rh_dmarc_imap_oauth2.py
View file
Expand Up @@ -44,7 +44,7 @@
'imap_server',
required=True,
encrypted=False,
default=None,
default='outlook.office365.com',
validator=validator.String(
min_len=0,
max_len=8192,
Expand Down Expand Up @@ -74,7 +74,7 @@
'oauth2_scope',
required=True,
encrypted=False,
default=None,
default='https://outlook.office365.com/.default',
validator=validator.String(
min_len=0,
max_len=8192,
Expand Down
4 changes: 2 additions & 2 deletions bin/dmarc_imap_oauth2.py
View file
Expand Up @@ -59,11 +59,11 @@ def get_scheme(self):
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("oauth2_authority", title="OAuth2 authority",
description="For O365 this will resemble https://login.microsoftonline.com/{yourtenantid}/v2.0",
description="For O365 this should be https://login.microsoftonline.com/<tenant_id>",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("oauth2_scope", title="OAuth2 scope",
description="For O365 this should most likely be https://outlook.office365.com/.default",
description="For O365 this should be https://outlook.office365.com/.default",
required_on_create=True,
required_on_edit=False))
scheme.add_argument(smi.Argument("resolve_ip", title="Resolve IP",
Expand Down

0 comments on commit fa44e43

Please sign in to comment.