admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
SH-Deployer/apps/SA-ITOA/default/notable_event_actions.conf

183 lines
5.3 KiB
Raw Permalink Blame History

[default]
disabled = 0
is_bulk_compatible = 0
run_bulk_action_iteratively = 0
max_retries = 2
retry_interval = 5
[email]
disabled = 0
execute_in_sync = 1
[script]
disabled = 0
[itsi_pagerduty_event]
disabled = false
execute_in_sync = 1
is_group_compatible = true
is_bulk_compatible = false
execute_once_per_group = false
type = external_ticket
ticket_system_name = PagerDuty
#### Below params are required for type='external_ticket' hence
#### these contain dummy values
relative_refresh_uri = /servicesNS/nobody/-/pagerduty_incident/incidents
correlation_key = correlation_id
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = number
refresh_response_ticket_url_key = url
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3
[itsi_sample_event_action_ping]
disabled = 0
execute_once_per_group = 0
[itsi_event_action_link_ticket]
disabled = 0
is_bulk_compatible = 1
execute_in_sync = 1
job_refresh_interval = 1
refresh_impact_tab = 1
[itsi_event_action_link_url]
disabled = 0
run_bulk_action_iteratively = 1
is_bulk_compatible = 1
execute_in_sync = 1
job_refresh_interval = 1
refresh_impact_tab = 1
[snow_incident]
# Check notable_event_actions.conf.spec/example file for details
disabled = 0
execute_in_sync = 1
is_bulk_compatible = 1
run_bulk_action_iteratively = 1
bulk_max = 25
app_name = Splunk_TA_snow
alt_command_supported_version = 5.0.1
alt_command = itsi_event_action_snow_wrapper
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Service Now
relative_refresh_uri = /servicesNS/nobody/-/service_now_incident/snow_incident
correlation_key = correlation_id
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = number
refresh_response_ticket_url_key = url
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3
[remedy_incident]
# Check notable_event_actions.conf.spec/example file for details
# This action uses the old SOAP method for creating the incident
disabled = 0
execute_in_sync = 1
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Remedy
relative_refresh_uri = /servicesNS/nobody/-/remedy_incident/remedy_incident
relative_refresh_correlation_key = correlation_id
correlation_key = mc_ueid
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = incident_number_list
refresh_response_ticket_url_key = incident_url_list
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3
[remedy_incident_rest]
# Check notable_event_actions.conf.spec/example file for details
# This action uses the REST API to create the incident
disabled = 0
execute_in_sync = 1
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Remedy
relative_refresh_uri = /servicesNS/nobody/-/remedy_incident_rest/remedy_incident_rest
relative_refresh_correlation_key = correlation_id
correlation_key = mc_ueid
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = incident_number_list
refresh_response_ticket_url_key = incident_url_list
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3
[jira_cloud_issue]
disabled = 0
execute_in_sync = 1
is_bulk_compatible = 0
run_bulk_action_iteratively = 0
app_name = Splunk_TA_Jira_Cloud
alt_command_supported_version = 1.1.0
alt_command = itsi_event_action_jira_wrapper
type = external_ticket
######## for `type=external_ticket`, we will set the following key/values
ticket_system_name = Jira Cloud
######## relative_refresh_uri is not used for Jira so this is just a dummy value
relative_refresh_uri = /servicesNS/nobody/-/jira_cloud/jira_issue
correlation_key = correlation_id
correlation_value = $result.event_id$
correlation_value_for_group = $result.itsi_group_id$
refresh_response_json_path = entry.{0}.content
refresh_response_ticket_id_key = number
refresh_response_ticket_url_key = url
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
max_retries = 1
retry_interval = 3
[victorops]
disabled = 0
execute_in_sync = 1
num_parallel_job_slots = 5
job_refresh_interval = 2
max_num_intervals = 100
refresh_impact_tab = 1
[itsi_event_action_webhook]
execute_in_sync = 1
disabled = 0
[itsi_event_action_clear_sim_incidents]
disabled = 0
[itsi_event_action_send_to_phantom]
disabled = 0
execute_in_sync = 1
# Flag to include only the first event when sending an episode to Phantom.
send_first_event_only = 1
# The size of each page of results pulled from ITSI.
splunk_itsi_get_notables_search_api_page_size=50
# The size of each page of results pushed to Phantom from ITSI.
phantom_artifacts_create_api_page_size=50
Reference in new issue View Git Blame Copy Permalink