From fbae43a8fed11ff73368cb780a132dc209b67172 Mon Sep 17 00:00:00 2001 From: darkushin <61732335+darkushin@users.noreply.github.com> Date: Mon, 12 Jun 2023 15:02:53 +0300 Subject: [PATCH] Splunk py raise timezone exception (#27316) * SplunkPy - fix uninformative error message when missing timezone in mirroring * Added RNs * Updated readme * CR updates * Update Packs/SplunkPy/ReleaseNotes/3_0_20.md Co-authored-by: yuvalbenshalom * Updated Docker Image --------- Co-authored-by: yuvalbenshalom --- Packs/SplunkPy/Integrations/SplunkPy/README.md | 2 +- Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py | 2 +- Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml | 4 ++-- Packs/SplunkPy/ReleaseNotes/3_0_20.md | 7 +++++++ Packs/SplunkPy/pack_metadata.json | 2 +- 5 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 Packs/SplunkPy/ReleaseNotes/3_0_20.md diff --git a/Packs/SplunkPy/Integrations/SplunkPy/README.md b/Packs/SplunkPy/Integrations/SplunkPy/README.md index d07b56be2bdb..c261fc059bd7 100644 --- a/Packs/SplunkPy/Integrations/SplunkPy/README.md +++ b/Packs/SplunkPy/Integrations/SplunkPy/README.md @@ -30,7 +30,7 @@ This integration was integrated and tested with Splunk v7.2. | Use Splunk Clock Time For Fetch | | False | | Parse Raw Part of Notable Events | | False | | Replace with Underscore in Incident Fields | | False | - | Timezone of the Splunk server, in minutes. For example, if GMT is gmt +3, set timezone to +180. For UTC, set the timezone to 0. (Set only if the Splunk server is different than the Cortex XSOAR server.) Relevant only for fetching and mirroring notable events. | | False | + | Timezone of the Splunk server, in minutes. For example, if GMT is gmt +3, set timezone to +180. For UTC, set the timezone to 0. This is relevant only for fetching and mirroring notable events. It must be specified when mirroring is enabled. | | False | | First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days, 3 months, 1 year) | The amount of time to go back when performing the first fetch, or when creating a mapping using the Select Schema option. | False | | Extract Fields - CSV fields that will be parsed out of _raw notable events | | False | | Event Type Field | Used only for mapping with the Select Schema option. The name of the field that contains the type of the event or alert. The default value is "source", which is a good option for notable events. However, you may choose any custom field. | False | diff --git a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py index 7efb037d62b4..98a1bd57f908 100644 --- a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py +++ b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.py @@ -1220,7 +1220,7 @@ def get_last_update_in_splunk_time(last_update): try: splunk_timezone = int(params['timezone']) - except (KeyError, ValueError): + except (KeyError, ValueError, TypeError): raise Exception('Cannot mirror incidents when timezone is not configured. Please enter the ' 'timezone of the Splunk server being used in the integration configuration.') diff --git a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml index e77351df535c..3c852fbf79d4 100644 --- a/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml +++ b/Packs/SplunkPy/Integrations/SplunkPy/SplunkPy.yml @@ -65,7 +65,7 @@ configuration: type: 8 section: Collect advanced: true -- display: Timezone of the Splunk server, in minutes. For example, if GMT is gmt +3, set timezone to +180. For UTC, set the timezone to 0. (Set only if the Splunk server is different than the Cortex XSOAR server.) Relevant only for fetching and mirroring notable events. +- display: Timezone of the Splunk server, in minutes. For example, if GMT is gmt +3, set timezone to +180. For UTC, set the timezone to 0. This is relevant only for fetching and mirroring notable events. It must be specified when mirroring is enabled. name: timezone required: false type: 0 @@ -626,7 +626,7 @@ script: - contextPath: Splunk.UserMapping.SplunkUser description: Splunk user mapping. type: String - dockerimage: demisto/splunksdk-py3:1.0.0.61535 + dockerimage: demisto/splunksdk-py3:1.0.0.62919 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/SplunkPy/ReleaseNotes/3_0_20.md b/Packs/SplunkPy/ReleaseNotes/3_0_20.md new file mode 100644 index 000000000000..f1e8a8d7a59b --- /dev/null +++ b/Packs/SplunkPy/ReleaseNotes/3_0_20.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### SplunkPy + +- Fixed an issue where it was possible to configure mirroring without specifying a timezone. +- Updated the Docker image to: *demisto/splunksdk-py3:1.0.0.62919*. diff --git a/Packs/SplunkPy/pack_metadata.json b/Packs/SplunkPy/pack_metadata.json index c10c9032feb3..2d1ea3560b7d 100644 --- a/Packs/SplunkPy/pack_metadata.json +++ b/Packs/SplunkPy/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Splunk", "description": "Run queries on Splunk servers.", "support": "xsoar", - "currentVersion": "3.0.19", + "currentVersion": "3.0.20", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",