splunk-soar-sdk 3.0.0__py3-none-any.whl → 3.1.0__py3-none-any.whl

soar_sdk/models/finding.py

@@ -0,0 +1,54 @@
+from pydantic import BaseModel
+from typing import Any
+
+
+class DrilldownSearch(BaseModel):
+    """Represents a drilldown search in a finding."""
+
+    name: str
+    search: str
+    earliest: str
+    latest: str
+
+
+class DrilldownDashboard(BaseModel):
+    """Represents a drilldown dashboard in a finding."""
+
+    dashboard: str
+    name: str
+    tokens: list[str] | None = None
+
+
+class Finding(BaseModel):
+    """Represents a finding to be created during on_finding.
+
+    Findings are stored in ES and can be associated with SOAR containers/artifacts
+    for investigation workflow.
+    """
+
+    class Config:
+        """Pydantic config."""
+
+        extra = "forbid"
+
+    rule_title: str
+    rule_description: str
+    security_domain: str
+    risk_object: str
+    risk_object_type: str
+    risk_score: float
+    status: str | None = None
+    urgency: str | None = None
+    owner: str | None = None
+    disposition: str | None = None
+    drilldown_searches: list[DrilldownSearch] | None = None
+    drilldown_dashboards: list[DrilldownDashboard] | None = None
+    annotations: dict[str, list[str]] | None = None
+    risk_event_count: int | None = None
+    all_risk_objects: list[str] | None = None
+    source: list[str] | None = None
+    exclude_map_fields: list[str] | None = None
+
+    def to_dict(self) -> dict[str, Any]:
+        """Convert the finding to a dictionary."""
+        return self.dict(exclude_none=True)

{splunk_soar_sdk-3.0.0.dist-info → splunk_soar_sdk-3.1.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: splunk-soar-sdk
-Version: 3.0.0
+Version: 3.1.0
 Summary: The official framework for developing and testing Splunk SOAR Apps
 Project-URL: Homepage, https://github.com/phantomcyber/splunk-soar-sdk
 Project-URL: Documentation, https://github.com/phantomcyber/splunk-soar-sdk

{splunk_soar_sdk-3.0.0.dist-info → splunk_soar_sdk-3.1.0.dist-info}/RECORD

@@ -66,6 +66,7 @@ soar_sdk/meta/webhooks.py,sha256=E5pdoD9j7FDeM2DBTO2h9Yw6-5flzp-NfhM_M1oPAUU,121
 soar_sdk/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/models/artifact.py,sha256=OlYp150sf9sYvTz6tC7PaYV1qbBvQYrz1bXmC2xNj8Q,1086
 soar_sdk/models/container.py,sha256=SYdDiyeUGm8dFpOdPl5BGVM1UO2onJsJCiax-1-hZGo,1492
+soar_sdk/models/finding.py,sha256=Yhw4mOJLeZj7ylDgxbjJs9wm_xzK6Sbkr4r3XOtL0PM,1414
 soar_sdk/models/vault_attachment.py,sha256=IQPX239OFClVfOKr9nHIu9Is55cXWBaOgM2lG5Lt-b4,1072
 soar_sdk/models/view.py,sha256=frfbNdWfzc0XjiU3CY79zBJxvzUsgLdFmphVeZ6QqTc,777
 soar_sdk/shims/phantom/action_result.py,sha256=yDiV2f3kt5G9UYejpe0JFeo651f3Uv-fTSoIlfg3DGg,1606
@@ -97,8 +98,8 @@ soar_sdk/views/components/pie_chart.py,sha256=LVTeHVJN6nf2vjUs9y7PDBhS0U1fKW750l
 soar_sdk/webhooks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/webhooks/models.py,sha256=PG9SDs5xXqtFndm5C8AsJOTYXU5v_UTY7SpYosWT_CA,4542
 soar_sdk/webhooks/routing.py,sha256=MnzbnIDy2uG_5mJzsTeX-NsE6QYvzyqEGbHmEFj-DG8,6900
-splunk_soar_sdk-3.0.0.dist-info/METADATA,sha256=cB8n00bzBxoy8EHs3VkDTb9XyTS2rQ6HcS8GXCBb7rA,7334
-splunk_soar_sdk-3.0.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-splunk_soar_sdk-3.0.0.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
-splunk_soar_sdk-3.0.0.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
-splunk_soar_sdk-3.0.0.dist-info/RECORD,,
+splunk_soar_sdk-3.1.0.dist-info/METADATA,sha256=AyJBAA3lbCNV4tHHtHb4ca7u4MCHj9_C2exQfMeydik,7334
+splunk_soar_sdk-3.1.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+splunk_soar_sdk-3.1.0.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
+splunk_soar_sdk-3.1.0.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
+splunk_soar_sdk-3.1.0.dist-info/RECORD,,