diff --git a/.github/cicd-sequence-diagram.mmd b/.github/cicd-sequence-diagram.mmd
deleted file mode 100644
index 4f681c7a..00000000
--- a/.github/cicd-sequence-diagram.mmd
+++ /dev/null
@@ -1,32 +0,0 @@
-sequenceDiagram
- %% This is a mermaid file
- %% See https://mermaid-js.github.io
-
- participant G as GitHub
- note right of G: Push to master triggers sequence
- participant A as GH Actions
- participant S as SplunkBase
- participant I as Splunk AppInspect
- participant D as Docker Hub
- participant K as GCP GKE
-
- G->>+D: Triggers demo build
- D->>-D: Build demo docker image
-
- G->>+A: Triggers GitHub Action
- A->>A: Build App & Add-on
- A->>+I: Trigger AppInspect of App and Add-on
- I->>-A: AppInspect completed
- A->>+I: Request HTML report
- I->>-A: Return HTML report
- A->>A: Increment version
- A->>G: Commit new version to master
- A->>G: Create git tag of version
- A->>G: Create GH Release w/ release note
- A->>A: Build App & Add-on w/ incremented version
- A->>S: Publish
- A->>-S: Verify Publish
-
- K->>+K: Triggers weekly
- K->>D: Pull latest docker demo
- K->>-K: Restart Demo
\ No newline at end of file
diff --git a/.github/cicd-sequence-diagram.svg b/.github/cicd-sequence-diagram.svg
deleted file mode 100644
index dc8b5473..00000000
--- a/.github/cicd-sequence-diagram.svg
+++ /dev/null
@@ -1,6 +0,0 @@
-
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c227b9e2..e1219c0d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,6 +1,5 @@
name: CI/CD
-# Trigger the workflow on push or pull request
on:
push:
branches:
@@ -10,40 +9,25 @@ on:
- alpha
- '[0-9]+.x'
- '[0-9]+.[0-9]+.x'
- pull_request:
jobs:
- build:
- name: Build
- if: "! (github.event_name == 'push' && github.ref == 'refs/heads/master')"
- runs-on: ubuntu-18.04
+ appinspect-addon:
+ name: AppInspect (Add-on)
+ runs-on: ubuntu-20.04
+ permissions:
+ contents: read
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Build Add-on
id: build-addon
run: scripts/build.sh -a addon
- - name: Build App
- id: build-app
- run: scripts/build.sh -a app
- - uses: actions/upload-artifact@v1
- with:
- name: SplunkforPaloAltoNetworks-${{ github.run_id }}
- path: ${{ steps.build-app.outputs.path }}
- - uses: actions/upload-artifact@v1
+ - name: Save Add-on Build Artifact
+ uses: actions/upload-artifact@v1
+ if: '! cancelled()'
with:
name: Splunk_TA_paloalto-${{ github.run_id }}
path: ${{ steps.build-addon.outputs.path }}
-
- appinspect-addon:
- name: AppInspect (Add-on)
- runs-on: ubuntu-18.04
- steps:
- - name: Checkout
- uses: actions/checkout@v2
- - name: Build Add-on
- id: build-addon
- run: scripts/build.sh -a addon
- name: AppInspect
run: scripts/appinspect.sh -a addon -r
env:
@@ -58,13 +42,21 @@ jobs:
appinspect-app:
name: AppInspect (App)
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-20.04
+ permissions:
+ contents: read
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Build App
id: build-app
run: scripts/build.sh -a app
+ - name: Save App Build Artifact
+ uses: actions/upload-artifact@v1
+ if: '! cancelled()'
+ with:
+ name: SplunkforPaloAltoNetworks-${{ github.run_id }}
+ path: ${{ steps.build-app.outputs.path }}
- name: AppInspect
run: scripts/appinspect.sh -a app -r
env:
@@ -79,22 +71,74 @@ jobs:
release:
name: Release
- if: github.event_name == 'push' && github.ref != 'refs/heads/develop'
+ if: github.ref != 'refs/heads/develop'
needs: [appinspect-addon, appinspect-app]
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-20.04
+ outputs:
+ new_release_published: ${{ steps.semantic.outputs.new_release_published }}
+ new_release_version: ${{ steps.semantic.outputs.new_release_version }}
+ new_release_channel: ${{ steps.semantic.outputs.new_release_channel }}
steps:
- name: Checkout
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Create release and publish
- id: release
- uses: cycjimmy/semantic-release-action@v2
+ id: semantic
+ uses: cycjimmy/semantic-release-action@v3
with:
semantic_version: 17.1.1
extra_plugins: |
conventional-changelog-conventionalcommits@^4.4.0
- @semantic-release/git@^9.0.0
@semantic-release/exec@^5.0.0
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SPLUNK_USER: ${{ secrets.SPLUNK_USER }}
SPLUNK_PASS: ${{ secrets.SPLUNK_PASS }}
+
+ docker-build:
+ name: Docker Build
+ needs: [release]
+ # When to run, per https://github.com/actions/runner/issues/491#issuecomment-850884422
+ if: always() && (needs.release.result == 'success' || needs.release.result == 'skipped')
+ runs-on: ubuntu-20.04
+ env:
+ REGISTRY: ghcr.io
+ IMAGE_NAME: ${{ github.repository_owner }}/splunk-demo
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Determine docker tags and labels
+ id: meta
+ uses: docker/metadata-action@v3
+ with:
+ images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+ tags: |
+ type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+ type=ref,event=branch
+
+ - name: Set the version in app.conf
+ if: needs.release.result == 'success' && needs.release.outputs.new_release_published == 'true'
+ run: scripts/set-version.sh ${{ needs.release.outputs.new_release_version }} ${{ needs.release.outputs.new_release_channel }}
+
+ - name: Create docker version tag
+ id: versiontag
+ if: needs.release.result == 'success' && needs.release.outputs.new_release_published == 'true'
+ run: echo "::set-output name=versiontag::${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_release_version }}"
+
+ - name: Login to Container registry
+ uses: docker/login-action@v1
+ with:
+ registry: ${{ env.REGISTRY }}
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Build and push Docker image
+ uses: docker/build-push-action@v2
+ with:
+ context: .
+ file: demo/Dockerfile
+ push: true
+ tags: |
+ ${{ steps.meta.outputs.tags }}
+ ${{ steps.versiontag.outputs.versiontag }}
+ labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/pr-appinspect.yml b/.github/workflows/pr-appinspect.yml
new file mode 100644
index 00000000..29b8dda7
--- /dev/null
+++ b/.github/workflows/pr-appinspect.yml
@@ -0,0 +1,97 @@
+name: PR App Inspect
+
+on:
+ pull_request_target:
+ branches:
+ - develop
+
+jobs:
+ appinspect-addon:
+ name: AppInspect (Add-on)
+ runs-on: ubuntu-18.04
+ # Remove write permissions
+ permissions:
+ contents: read
+ steps:
+ # Checkout unsafe code
+ - name: Checkout PR
+ uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+ path: pr
+ persist-credentials: false
+ # Checkout safe code
+ - name: Checkout build scripts
+ uses: actions/checkout@v3
+ with:
+ path: tools
+ # Replace build script in unsafe code with scripts from safe code
+ - name: Setup build scripts
+ run: |
+ rm -rf pr/scripts
+ mv tools/scripts pr
+ - name: Build Add-on
+ id: build-addon
+ working-directory: pr
+ run: scripts/build.sh -a addon
+ - name: Save Add-on Build Artifact
+ uses: actions/upload-artifact@v1
+ if: '! cancelled()'
+ with:
+ name: Splunk_TA_paloalto-${{ github.run_id }}
+ path: pr/${{ steps.build-addon.outputs.path }}
+ - name: AppInspect
+ working-directory: pr
+ run: scripts/appinspect.sh -a addon -r
+ env:
+ SPLUNK_USER: ${{ secrets.SPLUNK_USER }}
+ SPLUNK_PASS: ${{ secrets.SPLUNK_PASS }}
+ - name: Save report
+ uses: actions/upload-artifact@v1
+ if: '! cancelled()'
+ with:
+ name: Report-Splunk_TA_paloalto-${{ github.run_id }}.html
+ path: pr/_build/Splunk_TA_paloalto-${{ github.run_id }}.html
+
+ appinspect-app:
+ name: AppInspect (App)
+ runs-on: ubuntu-18.04
+ permissions:
+ contents: read
+ steps:
+ - name: Checkout PR
+ uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+ path: pr
+ persist-credentials: false
+ - name: Checkout build scripts
+ uses: actions/checkout@v3
+ with:
+ path: tools
+ - name: Setup build scripts
+ run: |
+ rm -rf pr/scripts
+ mv tools/scripts pr
+ - name: Build App
+ id: build-app
+ working-directory: pr
+ run: scripts/build.sh -a app
+ - name: Save App Build Artifact
+ uses: actions/upload-artifact@v1
+ if: '! cancelled()'
+ with:
+ name: SplunkforPaloAltoNetworks-${{ github.run_id }}
+ path: pr/${{ steps.build-app.outputs.path }}
+ - name: AppInspect
+ working-directory: pr
+ run: scripts/appinspect.sh -a app -r
+ env:
+ SPLUNK_USER: ${{ secrets.SPLUNK_USER }}
+ SPLUNK_PASS: ${{ secrets.SPLUNK_PASS }}
+ - name: Save report
+ uses: actions/upload-artifact@v1
+ if: '! cancelled()'
+ with:
+ name: Report-SplunkforPaloAltoNetworks-${{ github.run_id }}.html
+ path: pr/_build/SplunkforPaloAltoNetworks-${{ github.run_id }}.html
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 584c0ed4..b9296236 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -7,7 +7,7 @@
- [Bug fixes and features](#bug-fixes-and-features)
- [Test changes in your branch](#test-changes-in-your-branch)
- [Publish a new release (for maintainers)](#publish-a-new-release-for-maintainers)
-- [CI/CD Sequence diagram](#cicd-sequence-diagram)
+- [CI/CD Release Process](#cicd-release-process)
## How to contribute
@@ -96,10 +96,9 @@ directories and reloads them in Splunk when a change is detected.
## Publish a new release (for maintainers)
-Requires node and semantic-release npm package
-
```
# Test the release process on develop
+# (this requires node and semantic-release npm package)
semantic-release --dry-run --no-ci --branches=develop
# Verify in the output that the next version is set correctly
@@ -113,24 +112,63 @@ git push origin master
# At this point, GitHub Actions is testing the release
# then building it for publication
-# There is a manual step here. You'll have to get the build
-# from the GitHub Actions artifacts and publish it on SplunkBase
-# manually. We can automate this when the SplunkBase API is more mature.
-
# Now, sync your local with the remote to pull the new
-# commits made by the release bot.
-git fetch --all --tags
-git pull origin master
+# tags created in the release process
+git fetch --tags
git checkout develop
-git merge master
-git push origin develop
# Now you're ready to branch again and work on the next feature.
```
-## CI/CD Sequence diagram
-
-
-
-- [Diagram source](./.github/cicd-sequence-diagram.mmd)
-- [CI/CD Workflow yaml](./.github/workflows/ci.yml)
\ No newline at end of file
+## CI/CD Release Process
+
+```mermaid
+sequenceDiagram
+ %% This is a mermaid file
+ %% See https://mermaid-js.github.io
+
+ participant G as GitHub
+ participant A as GH Actions
+ participant I as Splunk AppInspect
+ participant S as SplunkBase
+ participant C as GH Container Registry
+ participant K as GCP GKE
+
+ G-)+A: Push Triggers GitHub Action
+
+ %% AppInspect
+ rect rgb(153,255,170,.2)
+ note left of I: AppInspect
+ A->>+I: Trigger AppInspect of App and Add-on
+ I-->>-A: AppInspect completed
+ A->>+I: Request HTML report
+ I-->>-A: Return HTML report
+ end
+
+ %% Release
+ rect rgb(217,179,255,.2)
+ note left of S: Release
+ A->>A: Determines new version
+ A->>G: Create GH Release w/ release note
+ A->>A: Build App & Add-on w/ incremented version
+ A->>S: Publish release
+ A->>S: Verify publish
+ end
+
+ %% Docker build
+ rect rgb(128,170,255,.2)
+ note left of C: Docker build
+ A->>A: Build docker image
+ A->>-C: Publish docker image
+ end
+
+ %% Demo server
+ rect rgb(255,221,153,.2)
+ note right of C: Demo server
+ loop weekly
+ K->>+K: Cloud Scheduler triggers Cloud Function
+ K->>C: Pull latest docker demo
+ K->>-K: Restart Demo
+ end
+ end
+```
diff --git a/Splunk_TA_paloalto/README.md b/Splunk_TA_paloalto/README.md
index 13997dcb..01ced8fc 100644
--- a/Splunk_TA_paloalto/README.md
+++ b/Splunk_TA_paloalto/README.md
@@ -4,7 +4,6 @@ Palo Alto Networks Add-on for Splunk
* **Add-on Homepage:** https://splunkbase.splunk.com/app/2757
* **Authors:** Brian Torres-Gil, Paul Nguyen, Garfield Freeman - Palo Alto Networks
-* **Add-on Version:** 7.0.4
### Description ###
@@ -24,23 +23,13 @@ Documentation for this add-on is located at: http://splunk.paloaltonetworks.com/
### Documentation ###
-**Installation and Getting Started:** http://splunk.paloaltonetworks.com/getting_started.html
-**Release Notes:** http://splunk.paloaltonetworks.com/release-notes.html
-**Support:** http://splunk.paloaltonetworks.com/support.html
+**Installation and Getting Started:** https://splunk.paloaltonetworks.com
+**Release Notes:** https://github.com/PaloAltoNetworks/Splunk-Apps/releases
+**Support:** https://splunk.paloaltonetworks.com/support.html
-### Install from Git ###
-
-This app is available on [Splunkbase](http://splunkbase.splunk.com/app/2757)
-and [Github](https://github.com/PaloAltoNetworks/Splunk_TA_paloalto).
-Optionally, you can clone the github repository to install the app.
-
-From the directory `$SPLUNK_HOME/etc/apps/`, type the following command:
-
- git clone https://github.com/PaloAltoNetworks/Splunk_TA_paloalto.git Splunk_TA_paloalto
-
### Libraries Included ###
**Pan-Python:** [Github] (https://github.com/kevinsteves/pan-python)
**PanDevice:** [Github] (https://github.com/PaloAltoNetworks/pandevice)
-Copyright (C) 2014-2020 Palo Alto Networks Inc. All Rights Reserved.
\ No newline at end of file
+Copyright (C) 2014-2022 Palo Alto Networks Inc. All Rights Reserved.
\ No newline at end of file
diff --git a/Splunk_TA_paloalto/README.txt b/Splunk_TA_paloalto/README.txt
deleted file mode 100644
index a81c062c..00000000
--- a/Splunk_TA_paloalto/README.txt
+++ /dev/null
@@ -1 +0,0 @@
-This is an add-on powered by the Splunk Add-on Builder.
diff --git a/Splunk_TA_paloalto/app.manifest b/Splunk_TA_paloalto/app.manifest
index 48105e98..543d9481 100644
--- a/Splunk_TA_paloalto/app.manifest
+++ b/Splunk_TA_paloalto/app.manifest
@@ -5,7 +5,7 @@
"id": {
"group": null,
"name": "Splunk_TA_paloalto",
- "version": "7.0.4"
+ "version": "0.0.0-develop"
},
"author": [
{
@@ -22,7 +22,7 @@
"IT Operations",
"Security, Fraud & Compliance"
],
- "developmentStatus": "Production/Stable"
+ "developmentStatus": "Alpha"
},
"commonInformationModels": {
"Authentication":"4.19.0",
diff --git a/Splunk_TA_paloalto/appserver/static/js/build/globalConfig.json b/Splunk_TA_paloalto/appserver/static/js/build/globalConfig.json
index 7b5aa8a8..9bad25b9 100644
--- a/Splunk_TA_paloalto/appserver/static/js/build/globalConfig.json
+++ b/Splunk_TA_paloalto/appserver/static/js/build/globalConfig.json
@@ -2,7 +2,7 @@
"meta": {
"name": "Splunk_TA_paloalto",
"displayName": "Palo Alto Networks Add-on",
- "version": "7.0.1",
+ "version": "0.0.0-develop",
"apiVersion": "3.0.0",
"restRoot": "Splunk_TA_paloalto",
"schemaVersion": "0.0.2"
diff --git a/Splunk_TA_paloalto/default/app.conf b/Splunk_TA_paloalto/default/app.conf
index 7372b5a7..f36a2910 100644
--- a/Splunk_TA_paloalto/default/app.conf
+++ b/Splunk_TA_paloalto/default/app.conf
@@ -1,13 +1,13 @@
[install]
is_configured = false
state = enabled
-build = 1627956477
+build = 000develop0
splunk_supported = 8.1,8.0
cim_supported = 4.x
[launcher]
author = Palo Alto Networks
-version = 7.0.4
+version = 0.0.0-develop
description = The Palo Alto Networks Add-on allows a Splunk Enterprise administrator to collect data from Palo Alto Networks Next-Generation Firewall devices, Panorama, Advanced Endpoint Protection, Aperture SaaS Security, AutoFocus Threat Intelligence, and MineMeld.
[ui]
diff --git a/SplunkforPaloAltoNetworks/README.md b/SplunkforPaloAltoNetworks/README.md
index fba6f3e5..dd4c2294 100644
--- a/SplunkforPaloAltoNetworks/README.md
+++ b/SplunkforPaloAltoNetworks/README.md
@@ -4,8 +4,6 @@ Palo Alto Networks App for Splunk
* **App Homepage:** https://splunkbase.splunk.com/app/491
* **Authors:** Brian Torres-Gil, Paul Nguyen, Garfield Freeman - Palo Alto Networks
-* **App Version:** 7.0.4
-* **Required Add-on (TA) Version:** Splunk_TA_paloalto 7.0.4
### Description ###
@@ -27,23 +25,13 @@ security resources to focus on critical, time-sensitive investigations.
### Documentation ###
-**Installation and Getting Started:** http://splunk.paloaltonetworks.com/getting_started.html
-**Release Notes:** http://splunk.paloaltonetworks.com/release-notes.html
-**Support:** http://splunk.paloaltonetworks.com/support.html
+**Installation and Getting Started:** https://splunk.paloaltonetworks.com/
+**Release Notes:** https://github.com/PaloAltoNetworks/Splunk-Apps/releases
+**Support:** https://splunk.paloaltonetworks.com/support.html
-### Install from Git ###
-
-This app is available on [Splunkbase](http://splunkbase.splunk.com/app/491)
-and [Github](https://github.com/PaloAltoNetworks/SplunkforPaloAltoNetworks).
-Optionally, you can clone the github repository to install the app.
-
-From the directory `$SPLUNK_HOME/etc/apps/`, type the following command:
-
- git clone https://github.com/PaloAltoNetworks/SplunkforPaloAltoNetworks.git SplunkforPaloAltoNetworks
-
### Libraries Included ###
**Pan-Python:** [Github] (https://github.com/kevinsteves/pan-python)
**PanDevice:** [Github] (https://github.com/PaloAltoNetworks/pandevice)
-Copyright (C) 2012-2020 Palo Alto Networks Inc. All Rights Reserved.
\ No newline at end of file
+Copyright (C) 2012-2022 Palo Alto Networks Inc. All Rights Reserved.
diff --git a/SplunkforPaloAltoNetworks/app.manifest b/SplunkforPaloAltoNetworks/app.manifest
index d8c08a85..c4de48bf 100644
--- a/SplunkforPaloAltoNetworks/app.manifest
+++ b/SplunkforPaloAltoNetworks/app.manifest
@@ -5,7 +5,7 @@
"id": {
"group": null,
"name": "SplunkforPaloAltoNetworks",
- "version": "7.0.4"
+ "version": "0.0.0-develop"
},
"author": [
{
@@ -19,7 +19,7 @@
"classification": {
"intendedAudience": null,
"categories": [],
- "developmentStatus": "Production/Stable"
+ "developmentStatus": "Alpha"
},
"commonInformationModels": null,
"license": {
diff --git a/SplunkforPaloAltoNetworks/bin/panContentPack.py b/SplunkforPaloAltoNetworks/bin/panContentPack.py
index a3a20772..9c021ad3 100644
--- a/SplunkforPaloAltoNetworks/bin/panContentPack.py
+++ b/SplunkforPaloAltoNetworks/bin/panContentPack.py
@@ -166,7 +166,8 @@ def parse_threats(threats_xml):
raise e
# convert all out of unicode
for key in a:
- a[key] = string_types(a[key])
+ logger.debug(key + ': ' + a[key])
+ a[key] = str(a[key])
csv_threats.append(a)
logger.info("Found %s threats" % len(csv_threats))
return csv_threats
diff --git a/SplunkforPaloAltoNetworks/default/app.conf b/SplunkforPaloAltoNetworks/default/app.conf
index 95686abc..1fbafddf 100644
--- a/SplunkforPaloAltoNetworks/default/app.conf
+++ b/SplunkforPaloAltoNetworks/default/app.conf
@@ -5,13 +5,13 @@ label = Palo Alto Networks
[launcher]
author = splunkapp@paloaltonetworks.com
description = The Palo Alto Networks App for Splunk is a set of reports and dashboards which provide visibility into the Palo Alto Networks Next-generation Firewall, Panorama, and Advanced Endpoint Security logs.
-version = 7.0.4
+version = 0.0.0-develop
[package]
id = SplunkforPaloAltoNetworks
[install]
-build = 1627956477
-ta_dependency_version = 7.0.4
+build = 000develop0
+ta_dependency_version = 0.0.0-develop
splunk_supported = 8.1,8.0
cim_supported = 4.x
diff --git a/SplunkforPaloAltoNetworks/default/data/ui/html/external_search.html b/SplunkforPaloAltoNetworks/default/data/ui/html/external_search.html
deleted file mode 100644
index 2565f130..00000000
--- a/SplunkforPaloAltoNetworks/default/data/ui/html/external_search.html
+++ /dev/null
@@ -1,380 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
- External Search
-
-
-
-
- Screen reader users, click here to skip the navigation bar
-
-
-
-
-
-
-
-
-
-
-
-
-
External Search KV Pairs From URL
-
-
-
-
- | Key |
- Value |
-
-
-
-
-
-
-
-
-
-