[default]
disabled = 0
is_bulk_compatible = 0
run_bulk_action_iteratively = 0
max_retries = 2
retry_interval = 5

[email]
disabled = 0
execute_in_sync = 1

[script]
disabled = 0

[itsi_pagerduty_event]
disabled = false
execute_in_sync = 1
is_group_compatible = true
is_bulk_compatible = false
execute_once_per_group = false
type = external_ticket
ticket_system_name = PagerDuty
#### Below params are required for type='external_ticket' hence
#### these contain dummy values
relative_refresh_uri = /servicesNS/nobody/-/pagerduty_incident/incidents
correlation_key = correlation_id
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = number
refresh_response_ticket_url_key = url
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3

[itsi_sample_event_action_ping]
disabled = 0
execute_once_per_group = 0

[itsi_event_action_link_ticket]
disabled = 0
is_bulk_compatible = 1
execute_in_sync = 1
job_refresh_interval = 1
refresh_impact_tab = 1

[itsi_event_action_link_url]
disabled = 0
run_bulk_action_iteratively = 1
is_bulk_compatible = 1
execute_in_sync = 1
job_refresh_interval = 1
refresh_impact_tab = 1

[snow_incident]
# Check notable_event_actions.conf.spec/example file for details
disabled = 0
execute_in_sync = 1
is_bulk_compatible = 1
run_bulk_action_iteratively = 1
bulk_max = 25
app_name = Splunk_TA_snow
alt_command_supported_version = 5.0.1
alt_command = itsi_event_action_snow_wrapper
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Service Now
relative_refresh_uri = /servicesNS/nobody/-/service_now_incident/snow_incident
correlation_key = correlation_id
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = number
refresh_response_ticket_url_key = url
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3

[remedy_incident]
# Check notable_event_actions.conf.spec/example file for details
# This action uses the old SOAP method for creating the incident
disabled = 0
execute_in_sync = 1
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Remedy
relative_refresh_uri = /servicesNS/nobody/-/remedy_incident/remedy_incident
relative_refresh_correlation_key = correlation_id
correlation_key = mc_ueid
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = incident_number_list
refresh_response_ticket_url_key = incident_url_list
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3

[remedy_incident_rest]
# Check notable_event_actions.conf.spec/example file for details
# This action uses the REST API to create the incident
disabled = 0
execute_in_sync = 1
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Remedy
relative_refresh_uri = /servicesNS/nobody/-/remedy_incident_rest/remedy_incident_rest
relative_refresh_correlation_key = correlation_id
correlation_key = mc_ueid
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = incident_number_list
refresh_response_ticket_url_key = incident_url_list
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3

[jira_cloud_issue]
disabled = 0
execute_in_sync = 1
is_bulk_compatible = 0
run_bulk_action_iteratively = 0
app_name = Splunk_TA_Jira_Cloud
alt_command_supported_version = 1.1.0
alt_command = itsi_event_action_jira_wrapper
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Jira Cloud
######## relative_refresh_uri is not used for Jira so this is just a dummy value
relative_refresh_uri = /servicesNS/nobody/-/jira_cloud/jira_issue
correlation_key = correlation_id
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = number
refresh_response_ticket_url_key = url
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3

[victorops]
disabled = 0
execute_in_sync = 1
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1

[itsi_event_action_webhook]
execute_in_sync = 1
disabled = 0

[itsi_event_action_clear_sim_incidents]
disabled = 0

[itsi_event_action_send_to_phantom]
disabled = 0
execute_in_sync = 1

# Flag to include only the first event when sending an episode to Phantom.
send_first_event_only = 1

# The size of each page of results pulled from ITSI.
splunk_itsi_get_notables_search_api_page_size=50

# The size of each page of results pushed to Phantom from ITSI.
phantom_artifacts_create_api_page_size=50