admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '835d839383'
${ noResults }
Splunk_Deploiement/apps/TA-socradar-incidents/appserver/controllers/update_status.py

94 lines
3.6 KiB
Raw Blame History

#!/usr/bin/env python
import cherrypy
import json
import requests
import splunk.appserver.mrsparkle.controllers as controllers
from splunk.appserver.mrsparkle.lib.decorators import expose_page
from splunk.appserver.mrsparkle.lib.routes import route
import splunk.entity as entity
class UpdateStatusController(controllers.BaseController):
'''Update SOCRadar alarm status controller'''
@expose_page(must_login=True, methods=['POST'])
@route('/:app/:action=update_status')
def update_status(self, app, action, **kwargs):
try:
# Get the POST data
cl = cherrypy.request.headers.get('Content-Length', 0)
raw_body = cherrypy.request.body.read(int(cl))
data = json.loads(raw_body)
alarm_id = data.get('alarm_id')
status = data.get('status')
comments = data.get('comments', 'Updated via Splunk')
# Get SOCRadar settings
session_key = cherrypy.session.get('sessionKey')
settings = self.get_socradar_settings(session_key)
if not settings.get('company_id') or not settings.get('api_key'):
raise Exception("SOCRadar API credentials not configured")
# Make API call to SOCRadar
url = f"https://platform.socradar.com/api/company/{settings['company_id']}/alarms/status/change"
payload = {
"status": status,
"alarm_ids": alarm_id,
"comments": comments
}
params = {
"key": settings['api_key']
}
response = requests.post(url, json=payload, params=params, timeout=30)
if response.status_code == 200:
return json.dumps({"success": True, "message": "Status updated successfully"})
else:
return json.dumps({"success": False, "message": f"API error: {response.status_code}"})
except Exception as e:
return json.dumps({"success": False, "message": str(e)})
def get_socradar_settings(self, session_key):
"""Get SOCRadar settings from app configuration"""
try:
# Try to get settings from the configuration
settings_entity = entity.getEntity(
'ta_socradar_incidents_settings',
'additional_parameters',
namespace='TA-socradar-incidents',
sessionKey=session_key,
owner='nobody'
)
return {
'company_id': settings_entity.get('socradar_company_id'),
'api_key': settings_entity.get('socradar_company_api_key')
}
except:
# Fallback: read from conf file
import os
import configparser
conf_path = os.path.join(
os.environ.get('SPLUNK_HOME', '/opt/splunk'),
'etc', 'apps', 'TA-socradar-incidents', 'local',
'ta_socradar_incidents_settings.conf'
)
if os.path.exists(conf_path):
config = configparser.ConfigParser()
config.read(conf_path)
if 'additional_parameters' in config:
return {
'company_id': config['additional_parameters'].get('socradar_company_id'),
'api_key': config['additional_parameters'].get('socradar_company_api_key')
}
return {}
Reference in new issue View Git Blame Copy Permalink