splunk-soar-sdk 3.1.0__py3-none-any.whl → 3.2.0__py3-none-any.whl

soar_sdk/actions_manager.py

@@ -154,6 +154,13 @@ class ActionsManager(BaseConnector):
         # For non-broker just proceed as we did before
         return super().get_app_dir()
 
+    def send_finding_to_es(self, finding: dict[str, Any]) -> str:
+        """Send finding to ES.
+
+        Returns finding_id: ID for the finding in ES.
+        """
+        return ""
+
     @classmethod
     def get_soar_base_url(cls) -> str:
         """Get the base URL of the Splunk SOAR instance this app is running on."""

soar_sdk/app.py

@@ -38,6 +38,7 @@ from soar_sdk.decorators import (
     ActionDecorator,
     ViewHandlerDecorator,
     OnPollDecorator,
+    OnESPollDecorator,
     WebhookDecorator,
     MakeRequestDecorator,
 )
@@ -495,6 +496,31 @@ class App:
         """
         return OnPollDecorator(self)
 
+    def on_es_poll(self) -> OnESPollDecorator:
+        """Decorator for the on_es_poll action.
+
+        The decorated function must be a generator (using yield) or return an Iterator that yields tuples of (Finding, list[AttachmentInput]). Only one on_es_poll action is allowed per app.
+
+        Example:
+            >>> @app.on_es_poll()
+            ... def on_es_poll(
+            ...     params: OnESPollParams, soar: SOARClient, asset: Asset
+            ... ) -> Iterator[tuple[Finding, list[AttachmentInput]]]:
+            ...     yield (
+            ...         Finding(
+            ...             rule_title="Risk threshold exceeded for user",
+            ...             rule_description="Risk Threshold Exceeded for an object over a 24 hour period",
+            ...             security_domain="threat",
+            ...             risk_object="bad_user@splunk.com",
+            ...             risk_object_type="user",
+            ...             risk_score=100.0,
+            ...             status="New",
+            ...         ),
+            ...         [],
+            ...     )
+        """
+        return OnESPollDecorator(self)
+
     def view_handler(
         self,
         *,

soar_sdk/code_renderers/action_renderer.py

@@ -103,6 +103,62 @@ class ActionRenderer(AstRenderer[ActionMeta]):
                 ctx=ast.Load(),
             ),
         ),
+        "on es poll": ast.FunctionDef(
+            name="on_es_poll",
+            args=ast.arguments(
+                posonlyargs=[],
+                args=[
+                    ast.arg(
+                        arg="soar", annotation=ast.Name(id="SOARClient", ctx=ast.Load())
+                    ),
+                    ast.arg(
+                        arg="asset", annotation=ast.Name(id="Asset", ctx=ast.Load())
+                    ),
+                    ast.arg(
+                        arg="params",
+                        annotation=ast.Name(id="OnESPollParams", ctx=ast.Load()),
+                    ),
+                ],
+                vararg=None,
+                kwonlyargs=[],
+                kw_defaults=[],
+                kwarg=None,
+                defaults=[],
+            ),
+            body=[
+                ast.Raise(
+                    ast.Call(
+                        func=ast.Name(id="NotImplementedError"), args=[], keywords=[]
+                    )
+                )
+            ],
+            decorator_list=[
+                ast.Call(
+                    func=ast.Name(id="app.on_es_poll", ctx=ast.Load()),
+                    args=[],
+                    keywords=[],
+                )
+            ],
+            returns=ast.Subscript(
+                value=ast.Name(id="Iterator", ctx=ast.Load()),
+                slice=ast.Subscript(
+                    value=ast.Name(id="tuple", ctx=ast.Load()),
+                    slice=ast.Tuple(
+                        elts=[
+                            ast.Name(id="Finding", ctx=ast.Load()),
+                            ast.Subscript(
+                                value=ast.Name(id="list", ctx=ast.Load()),
+                                slice=ast.Name(id="AttachmentInput", ctx=ast.Load()),
+                                ctx=ast.Load(),
+                            ),
+                        ],
+                        ctx=ast.Load(),
+                    ),
+                    ctx=ast.Load(),
+                ),
+                ctx=ast.Load(),
+            ),
+        ),
     }
 
     @property

soar_sdk/code_renderers/app_renderer.py

@@ -80,6 +80,7 @@ class AppRenderer:
                 ast.alias(name="Param", asname=None),
                 ast.alias(name="Params", asname=None),
                 ast.alias(name="OnPollParams", asname=None),
+                ast.alias(name="OnESPollParams", asname=None),
             ],
             level=0,
         )
@@ -114,6 +115,16 @@ class AppRenderer:
             names=[ast.alias(name="Artifact", asname=None)],
             level=0,
         )
+        yield ast.ImportFrom(
+            module="soar_sdk.models.finding",
+            names=[ast.alias(name="Finding", asname=None)],
+            level=0,
+        )
+        yield ast.ImportFrom(
+            module="soar_sdk.models.attachment_input",
+            names=[ast.alias(name="AttachmentInput", asname=None)],
+            level=0,
+        )
 
     def create_app_constructor(self) -> ast.Assign:
         """Create the App class constructor.

soar_sdk/decorators/__init__.py

@@ -4,6 +4,7 @@ from .action import ActionDecorator
 from .test_connectivity import ConnectivityTestDecorator
 from .view_handler import ViewHandlerDecorator
 from .on_poll import OnPollDecorator
+from .on_es_poll import OnESPollDecorator
 from .webhook import WebhookDecorator
 from .make_request import MakeRequestDecorator
 
@@ -11,6 +12,7 @@ __all__ = [
     "ActionDecorator",
     "ConnectivityTestDecorator",
     "MakeRequestDecorator",
+    "OnESPollDecorator",
     "OnPollDecorator",
     "ViewHandlerDecorator",
     "WebhookDecorator",

soar_sdk/decorators/on_es_poll.py

@@ -0,0 +1,218 @@
+import inspect
+from functools import wraps
+from typing import Any
+from collections.abc import Callable
+from collections.abc import Iterator
+
+from soar_sdk.abstract import SOARClient
+from soar_sdk.action_results import ActionResult
+from soar_sdk.params import OnESPollParams
+from soar_sdk.meta.actions import ActionMeta
+from soar_sdk.types import Action, action_protocol
+from soar_sdk.exceptions import ActionFailure
+from soar_sdk.async_utils import run_async_if_needed
+from soar_sdk.logging import getLogger
+from soar_sdk.models.finding import Finding
+from soar_sdk.models.attachment_input import AttachmentInput
+from soar_sdk.models.container import Container
+
+from typing import TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from soar_sdk.app import App
+
+
+class OnESPollDecorator:
+    """Class-based decorator for tagging a function as the special 'on es poll' action."""
+
+    def __init__(self, app: "App") -> None:
+        self.app = app
+
+    def __call__(self, function: Callable) -> Action:
+        """Decorator for the 'on es poll' action.
+
+        The decorated function must be a generator (using yield) or return an Iterator that yields tuples of (Finding, list[AttachmentInput]). Only one on_es_poll action is allowed per app.
+
+        Usage:
+        Each yielded tuple creates a Container from the Finding metadata. All AttachmentInput items in the list are added as vault attachments to that container.
+        """
+        if self.app.actions_manager.get_action("on_es_poll"):
+            raise TypeError(
+                "The 'on_es_poll' decorator can only be used once per App instance."
+            )
+
+        is_generator = inspect.isgeneratorfunction(function)
+        is_async_generator = inspect.isasyncgenfunction(function)
+        signature = inspect.signature(function)
+
+        has_iterator_return = (
+            signature.return_annotation != inspect.Signature.empty
+            and getattr(signature.return_annotation, "__origin__", None) is Iterator
+        )
+
+        if not (is_generator or is_async_generator or has_iterator_return):
+            raise TypeError(
+                "The on_es_poll function must be a generator (use 'yield') or return an Iterator."
+            )
+
+        action_identifier = "on_es_poll"
+        action_name = "on es poll"
+
+        validated_params_class = OnESPollParams
+        logger = getLogger()
+
+        @action_protocol
+        @wraps(function)
+        def inner(
+            params: OnESPollParams,
+            soar: SOARClient = self.app.soar_client,
+            *args: Any,  # noqa: ANN401
+            **kwargs: Any,  # noqa: ANN401
+        ) -> bool:
+            try:
+                try:
+                    action_params = validated_params_class.parse_obj(params)
+                except Exception as e:
+                    logger.info(f"Parameter validation error: {e!s}")
+                    return self.app._adapt_action_result(
+                        ActionResult(
+                            status=False, message=f"Invalid parameters: {e!s}"
+                        ),
+                        self.app.actions_manager,
+                    )
+
+                kwargs = self.app._build_magic_args(function, soar=soar, **kwargs)
+
+                result = function(action_params, *args, **kwargs)
+                result = run_async_if_needed(result)
+
+                for item in result:
+                    if not isinstance(item, tuple) or len(item) != 2:
+                        logger.info(
+                            f"Warning: Expected tuple of (Finding, list[AttachmentInput]), got: {type(item)}"
+                        )
+                        continue
+
+                    finding, attachments = item
+
+                    if not isinstance(finding, Finding):
+                        logger.info(
+                            f"Warning: First element must be Finding, got: {type(finding)}"
+                        )
+                        continue
+
+                    if not isinstance(attachments, list):
+                        logger.info(
+                            f"Warning: Second element must be list[AttachmentInput], got: {type(attachments)}"
+                        )
+                        continue
+
+                    for attachment in attachments:
+                        if not isinstance(attachment, AttachmentInput):
+                            logger.info(
+                                f"Warning: Attachment must be AttachmentInput, got: {type(attachment)}"
+                            )
+                            break
+                    else:
+                        finding_dict = finding.to_dict()
+                        logger.info(
+                            f"Processing finding: {finding_dict.get('rule_title', 'Unnamed finding')}"
+                        )
+
+                        # Send finding to ES and get finding_id back
+                        finding_id = self.app.actions_manager.send_finding_to_es(
+                            finding_dict
+                        )
+
+                        container = Container(
+                            name=finding.rule_title,
+                            description=finding.rule_description,
+                            severity=finding.urgency or "medium",
+                            status=finding.status,
+                            owner_id=finding.owner,
+                            sensitivity=finding.disposition,
+                            tags=finding.source,
+                            external_id=finding_id,
+                            data={
+                                "security_domain": finding.security_domain,
+                                "risk_score": finding.risk_score,
+                                "risk_object": finding.risk_object,
+                                "risk_object_type": finding.risk_object_type,
+                            },
+                        )
+
+                        ret_val, message, container_id = (
+                            self.app.actions_manager.save_container(container.to_dict())
+                        )
+                        logger.info(
+                            f"Creating container for finding: {finding.rule_title}"
+                        )
+
+                        if not ret_val:
+                            logger.info(f"Failed to create container: {message}")
+                            continue
+
+                        for attachment in attachments:
+                            try:
+                                if attachment.file_content is not None:
+                                    vault_id = soar.vault.create_attachment(
+                                        container_id=container_id,
+                                        file_content=attachment.file_content,
+                                        file_name=attachment.file_name,
+                                        metadata=attachment.metadata,
+                                    )
+                                else:
+                                    vault_id = soar.vault.add_attachment(
+                                        container_id=container_id,
+                                        file_location=attachment.file_location,
+                                        file_name=attachment.file_name,
+                                        metadata=attachment.metadata,
+                                    )
+                                logger.info(
+                                    f"Added attachment {attachment.file_name} with vault_id: {vault_id}"
+                                )
+                            except Exception as e:
+                                logger.info(
+                                    f"Failed to add attachment {attachment.file_name}: {e!s}"
+                                )
+
+                return self.app._adapt_action_result(
+                    ActionResult(status=True, message="Finding processing complete"),
+                    self.app.actions_manager,
+                )
+            except ActionFailure as e:
+                e.set_action_name(action_name)
+                return self.app._adapt_action_result(
+                    ActionResult(status=False, message=str(e)),
+                    self.app.actions_manager,
+                )
+            except Exception as e:
+                self.app.actions_manager.add_exception(e)
+                logger.info(f"Error during finding processing: {e!s}")
+                return self.app._adapt_action_result(
+                    ActionResult(status=False, message=str(e)),
+                    self.app.actions_manager,
+                )
+
+        inner.params_class = validated_params_class
+
+        class OnESPollActionMeta(ActionMeta):
+            def model_dump(self, *args: object, **kwargs: object) -> dict[str, Any]:
+                data = super().model_dump(*args, **kwargs)
+                data["output"] = []
+                return data
+
+        inner.meta = OnESPollActionMeta(
+            action=action_name,
+            identifier=action_identifier,
+            description=inspect.getdoc(function) or action_name,
+            verbose="Callback action for the on_es_poll ingest functionality",
+            type="ingest",
+            read_only=True,
+            parameters=validated_params_class,
+            versions="EQ(*)",
+        )
+
+        self.app.actions_manager.set_action(action_identifier, inner)
+        self.app._dev_skip_in_pytest(function, inner)
+        return inner

soar_sdk/models/__init__.py

@@ -0,0 +1,15 @@
+from .artifact import Artifact
+from .attachment_input import AttachmentInput
+from .container import Container
+from .finding import Finding, DrilldownSearch, DrilldownDashboard
+from .vault_attachment import VaultAttachment
+
+__all__ = [
+    "Artifact",
+    "AttachmentInput",
+    "Container",
+    "DrilldownDashboard",
+    "DrilldownSearch",
+    "Finding",
+    "VaultAttachment",
+]

soar_sdk/models/attachment_input.py

@@ -0,0 +1,27 @@
+from pydantic import BaseModel, field_validator, ConfigDict
+from pydantic_core.core_schema import ValidationInfo
+
+
+class AttachmentInput(BaseModel):
+    """Represents a vault attachment to be created during on_es_poll.
+
+    Specify either file_content OR file_location, not both.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    file_content: str | bytes | None = None
+    file_location: str | None = None
+    file_name: str
+    metadata: dict[str, str] | None = None
+
+    @field_validator("file_location")
+    @classmethod
+    def validate_one_source(cls, v: str | None, info: ValidationInfo) -> str | None:
+        """Validate that exactly one of file_content or file_location is provided."""
+        file_content = info.data.get("file_content")
+        if v is None and file_content is None:
+            raise ValueError("Must provide either file_content or file_location")
+        if v is not None and file_content is not None:
+            raise ValueError("Cannot provide both file_content and file_location")
+        return v

soar_sdk/models/container.py

@@ -14,6 +14,7 @@ class Container(BaseModel):
     label: str | None = None
     description: str | None = None
     source_data_identifier: str | None = None
+    external_id: str | None = None
     severity: str | None = None
     status: str | None = None
     tags: list[str] | str | None = None

soar_sdk/params.py

@@ -193,6 +193,25 @@ class OnPollParams(Params):
     )
 
 
+class OnESPollParams(Params):
+    """Canonical parameters for the special 'on es poll' action."""
+
+    start_time: int = Param(
+        description="Start of time range, in epoch time (milliseconds).",
+        required=False,
+    )
+
+    end_time: int = Param(
+        description="End of time range, in epoch time (milliseconds).",
+        required=False,
+    )
+
+    container_count: int = Param(
+        description="Maximum number of container records to query for.",
+        required=False,
+    )
+
+
 class MakeRequestParams(Params):
     """Canonical parameters for the special make request action."""
 

{splunk_soar_sdk-3.1.0.dist-info → splunk_soar_sdk-3.2.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: splunk-soar-sdk
-Version: 3.1.0
+Version: 3.2.0
 Summary: The official framework for developing and testing Splunk SOAR Apps
 Project-URL: Homepage, https://github.com/phantomcyber/splunk-soar-sdk
 Project-URL: Documentation, https://github.com/phantomcyber/splunk-soar-sdk

{splunk_soar_sdk-3.1.0.dist-info → splunk_soar_sdk-3.2.0.dist-info}/RECORD

@@ -1,8 +1,8 @@
 soar_sdk/__init__.py,sha256=RzAng-ARqpK01SY82lNy4uYJFVG0yW6Q3CccEqbToJ4,726
 soar_sdk/abstract.py,sha256=3oJvWljqDTr2nucf-9IdBRMDJwRnDe6nISYKyGuLMxw,7752
 soar_sdk/action_results.py,sha256=ajlsed6ZkCyOTra4SFy31iYZO2a6mlvBK2-zIyO09q4,11928
-soar_sdk/actions_manager.py,sha256=Hx1Uh2AhlDJpgPIYXlIypY6RQ5yZWmsrIsX6avo65IQ,6480
-soar_sdk/app.py,sha256=fFbs4-ZWQK8N-Rz59sayIDEKRy9ccVtj6UhORe0MCF4,33343
+soar_sdk/actions_manager.py,sha256=Ce4zU06QJlbTP3TONfxsS4CWuykcZpQ0mw3ir8ThLsw,6663
+soar_sdk/app.py,sha256=xCdBHQgzdIwfyYRHSGFRYpEu8nKPMsULZCrdm5CbRrY,34512
 soar_sdk/app_cli_runner.py,sha256=tdglXCIRZS3dc3P18Tha7yUJQX9zIDxJFdST02LL9xY,11644
 soar_sdk/app_client.py,sha256=p5dsgxmMK61qLFIn7pATEQkVWldTtQhJPcMs4Idv2Lw,6197
 soar_sdk/asset.py,sha256=b4-f7r3JSfR-nUzalpgJnoXAIEHQ34yvIuoyoAFvye0,11055
@@ -14,7 +14,7 @@ soar_sdk/exceptions.py,sha256=bzydqdpzwG5VaVkZBiUEcf9Wp0clMdzqdUBZHzpfqT0,1830
 soar_sdk/field_utils.py,sha256=Jb0HteUPd-CtuDM7rNXVLy4uRxl419zeDxY_oOpU8GM,287
 soar_sdk/input_spec.py,sha256=79MFGF2IkAAoWpHmZYP0VqUBu10SkvmF_RPmXkf8bQ4,4677
 soar_sdk/logging.py,sha256=30cUxU7Tjf_OY4rUOrvjDoqPH7pcFydrdDbcG4ppY_s,11424
-soar_sdk/params.py,sha256=qKj3CkT6vPdQK8Aqxc1fYa974b-j7vtclcWMIALvWGI,9806
+soar_sdk/params.py,sha256=I-XL_5b7XEZEpnqAG05dll7rdscRnzbBInypO8miD_U,10308
 soar_sdk/paths.py,sha256=XhpanQCAiTXaulRx440oKu36mnll7P05TethHXgMpgQ,239
 soar_sdk/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/types.py,sha256=-mOu8_sphcgJictMTn4Dl_6ijd2elLAlU2nuXF74zQc,616
@@ -43,15 +43,16 @@ soar_sdk/cli/manifests/serializers.py,sha256=hSfOcBNhv7s437A7t5BM1NXG5dfjKmh_xbH
 soar_sdk/cli/package/cli.py,sha256=8AWItAAXzfjJMRLwDIRbrN9cQhy7clBX7WrOmdcGClw,9499
 soar_sdk/cli/package/utils.py,sha256=zZmpWg76Vb3rtGn28aPhPHt1JUWR6eIByU6DTTRC3ng,1584
 soar_sdk/code_renderers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-soar_sdk/code_renderers/action_renderer.py,sha256=iPEPUVmZfm0FgQwlvKf4JwYlwcslH_qjoHSx6zSaVA8,14439
-soar_sdk/code_renderers/app_renderer.py,sha256=4EiGuMF9navKY7zXXe1ioG_4AaQKahOTwoh7kwfhi5U,7377
+soar_sdk/code_renderers/action_renderer.py,sha256=nPbB3SJLm4VDu_zuwY6vO_LgVg1tvW5ZTrzeS7JdyF8,16489
+soar_sdk/code_renderers/app_renderer.py,sha256=OCNNhXc36Amcg1kUUayyyzWx_M2RY8W8wvy0ppujLaE,7791
 soar_sdk/code_renderers/asset_renderer.py,sha256=eZS-VaV6wn_zgKth4Sieqo2fyPLF1o-k3qN7UjNUycE,3833
 soar_sdk/code_renderers/renderer.py,sha256=82FP89024ZP-J_Ebzsvrso1hlCFSLllR1U9GR-wB_Pc,1229
 soar_sdk/code_renderers/toml_renderer.py,sha256=-zP8UzlYMCVVA5ex9slaNLeFTu4xLjkv88YLmRNLrTM,1505
 soar_sdk/code_renderers/templates/pyproject.toml.jinja,sha256=uH7SJhFD9_-kYzGHobwv04aV4Nfru1bquL30GoOirfg,3918
-soar_sdk/decorators/__init__.py,sha256=ttvapTczeQpReZVYgjTw4qnEqKd7b8pR7lNaCpO0npQ,513
+soar_sdk/decorators/__init__.py,sha256=-eM9ueHvdOq8Vd2C7Y0H3EJajVdV_sVfFJGQngbGRhg,580
 soar_sdk/decorators/action.py,sha256=als7cKWozZnobylBXsY5aQ2Y4js_2Y4n8UmxI-pKy1w,6642
 soar_sdk/decorators/make_request.py,sha256=NWPI5NhmvnI7VMKI-tmhsQ34kegGxWyXC9_PVW49EJc,5978
+soar_sdk/decorators/on_es_poll.py,sha256=5wiAcboG45ut7dLr0ZRcKOU01yIBfBrq00laGtv1k84,9437
 soar_sdk/decorators/on_poll.py,sha256=H_aijFWKeZKwiS72Vsa9uolmj8sziGW2lZF6EhjEDjs,8276
 soar_sdk/decorators/test_connectivity.py,sha256=tZt7w-BnZUpxCyixblXts4tsUp8z-Kmz-JGJ5i5LQs8,3564
 soar_sdk/decorators/view_handler.py,sha256=_qjfk2nQxPwraldjRIl4DWdW-tvANJfdVDU_lLA3UvE,7075
@@ -63,9 +64,10 @@ soar_sdk/meta/app.py,sha256=eZlM8GIY1B_o-RzJrRNCNVEQSx0sFupxZqCM7sIWGv4,2777
 soar_sdk/meta/datatypes.py,sha256=piR-oBVAATiRciXSdVE7XaqjUZTgSaOvTEqcOcNvCS0,795
 soar_sdk/meta/dependencies.py,sha256=DZr38K_1rKh7OzlIb5nLbdDH8xOHArr48H8Ra6rcB4k,18259
 soar_sdk/meta/webhooks.py,sha256=E5pdoD9j7FDeM2DBTO2h9Yw6-5flzp-NfhM_M1oPAUU,1216
-soar_sdk/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+soar_sdk/models/__init__.py,sha256=ql7RRFAxmSdzU-IsoU1OFQ53E6WxZJ7YQQAhHl4Ssbk,380
 soar_sdk/models/artifact.py,sha256=OlYp150sf9sYvTz6tC7PaYV1qbBvQYrz1bXmC2xNj8Q,1086
-soar_sdk/models/container.py,sha256=SYdDiyeUGm8dFpOdPl5BGVM1UO2onJsJCiax-1-hZGo,1492
+soar_sdk/models/attachment_input.py,sha256=dE0Z8CaKSYkNP1-NvOWz4O044-UKtqRoxdJhc471M5k,1043
+soar_sdk/models/container.py,sha256=2uLwFDDcsJ7cURYsd6Vt3mtbqEszlIHXshYL-BUGUEA,1527
 soar_sdk/models/finding.py,sha256=Yhw4mOJLeZj7ylDgxbjJs9wm_xzK6Sbkr4r3XOtL0PM,1414
 soar_sdk/models/vault_attachment.py,sha256=IQPX239OFClVfOKr9nHIu9Is55cXWBaOgM2lG5Lt-b4,1072
 soar_sdk/models/view.py,sha256=frfbNdWfzc0XjiU3CY79zBJxvzUsgLdFmphVeZ6QqTc,777
@@ -98,8 +100,8 @@ soar_sdk/views/components/pie_chart.py,sha256=LVTeHVJN6nf2vjUs9y7PDBhS0U1fKW750l
 soar_sdk/webhooks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/webhooks/models.py,sha256=PG9SDs5xXqtFndm5C8AsJOTYXU5v_UTY7SpYosWT_CA,4542
 soar_sdk/webhooks/routing.py,sha256=MnzbnIDy2uG_5mJzsTeX-NsE6QYvzyqEGbHmEFj-DG8,6900
-splunk_soar_sdk-3.1.0.dist-info/METADATA,sha256=AyJBAA3lbCNV4tHHtHb4ca7u4MCHj9_C2exQfMeydik,7334
-splunk_soar_sdk-3.1.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-splunk_soar_sdk-3.1.0.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
-splunk_soar_sdk-3.1.0.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
-splunk_soar_sdk-3.1.0.dist-info/RECORD,,
+splunk_soar_sdk-3.2.0.dist-info/METADATA,sha256=sL-PyINCXBsGJ-bPeHqiXCshp4IeLhs4HGHT171Uucs,7334
+splunk_soar_sdk-3.2.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+splunk_soar_sdk-3.2.0.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
+splunk_soar_sdk-3.2.0.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
+splunk_soar_sdk-3.2.0.dist-info/RECORD,,