admingit
/
Splunk_deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Splunk_deploy/deployment-apps/splunk_incident_intelligenc.../bin/incident_intelligence.py

71 lines
2.6 KiB
Raw Permalink Blame History

# encoding = utf-8
# Always put this line at the beginning of this file
import incident_intelligence_declare
import sys
from alert_actions_base import ModularAlertBase
import modalert_incident_intelligence_helper
'''
Do not edit this file!!!
This file is generated by Add-on builder automatically.
Add your modular input logic to file modalert_incident_intelligence_helper.py
'''
class AlertActionWorkerincident_intelligence(ModularAlertBase):
def __init__(self, ta_name, alert_name):
super(AlertActionWorkerincident_intelligence, self).__init__(ta_name, alert_name)
def validate_params(self):
self.log_info("incident_intelligence > validate_params starting")
"""
if not self.get_global_setting("realm"):
self.log_error('realm_url is a mandatory setup parameter, but its value is None.')
return False
if not self.get_global_setting("org_id"):
self.log_error('org_id is a mandatory setup parameter, but its value is None.')
return False
if not self.get_global_setting("sfx_token"):
self.log_error('sfx_token is a mandatory setup parameter, but its value is None.')
return False
if not self.get_param("title"):
self.log_error('title is a mandatory parameter, but its value is None.')
return False
"""
self.log_info("incident_intelligence > validate_params completed")
return True
def process_event(self, *args, **kwargs):
self.log_info("incident_intelligence > process_event starting")
status = 0
try:
if not self.validate_params():
return 3
status = modalert_incident_intelligence_helper.process_event(self, *args, **kwargs)
except (AttributeError, TypeError) as ae:
self.log_error("Error: {}. Please double check spelling and also verify that a "
"compatible version of Splunk_SA_CIM is installed.".format(str(ae)))
return 4
except Exception as e:
msg = "Unexpected error: {}."
if e:
self.log_error(msg.format(str(e)))
else:
import traceback
self.log_error(msg.format(traceback.format_exc()))
return 5
return status
if __name__ == "__main__":
exitcode = AlertActionWorkerincident_intelligence("splunk_incident_intelligence_app",
"incident_intelligence").run(sys.argv)
sys.exit(exitcode)
Reference in new issue View Git Blame Copy Permalink