splunk-soar-sdk 3.8.1__py3-none-any.whl → 3.8.2__py3-none-any.whl

soar_sdk/asset.py

@@ -300,3 +300,29 @@ class BaseAsset(BaseModel):
         if self._ingest_state is None:
             raise AppContextRequired()
         return self._ingest_state
+
+
+class ESIngestMixin:
+    """Mixin for apps that support ES polling (on_es_poll).
+
+    Add this mixin to your Asset class to include ES Ingest Settings fields.
+    These fields are configured in the ES UI and control how findings are created.
+
+    Example:
+        >>> class Asset(BaseAsset, ESIngestMixin):
+        ...     server: str = AssetField(description="API server URL")
+        ...     api_key: str = AssetField(description="API key", sensitive=True)
+    """
+
+    es_security_domain: str = AssetField(
+        required=False,
+        description="Security domain for ES findings",
+        default="threat",
+        category=FieldCategory.INGEST,
+    )
+    es_urgency: str = AssetField(
+        required=False,
+        description="Urgency level for ES findings",
+        default="medium",
+        category=FieldCategory.INGEST,
+    )

soar_sdk/models/finding.py

@@ -21,20 +21,26 @@ class DrilldownDashboard(BaseModel):
 
 
 class Finding(BaseModel):
-    """Represents a finding to be created during on_finding.
+    """Represents a finding to be created during on_es_poll.
 
     Findings are stored in ES and can be associated with SOAR containers/artifacts
     for investigation workflow.
+
+    Only rule_title and security_domain are required. All other fields are optional
+    and will use ES defaults if not provided.
     """
 
     model_config = ConfigDict(extra="forbid")
 
+    # Required fields
     rule_title: str
-    rule_description: str
     security_domain: str
-    risk_object: str
-    risk_object_type: str
-    risk_score: float
+
+    # Optional fields
+    rule_description: str | None = None
+    risk_object: str | None = None
+    risk_object_type: str | None = None
+    risk_score: float | None = None
     status: str | None = None
     urgency: str | None = None
     owner: str | None = None

{splunk_soar_sdk-3.8.1.dist-info → splunk_soar_sdk-3.8.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: splunk-soar-sdk
-Version: 3.8.1
+Version: 3.8.2
 Summary: The official framework for developing and testing Splunk SOAR Apps
 Project-URL: Homepage, https://github.com/phantomcyber/splunk-soar-sdk
 Project-URL: Documentation, https://github.com/phantomcyber/splunk-soar-sdk

{splunk_soar_sdk-3.8.1.dist-info → splunk_soar_sdk-3.8.2.dist-info}/RECORD

@@ -5,7 +5,7 @@ soar_sdk/actions_manager.py,sha256=8IYOi2k8i9LHXEhQVZ0Ig3IS1gD3iAmOJ9q0bi14g-o,7
 soar_sdk/app.py,sha256=2bUWx1BgWS9Kwkp0aUzVWM8LTdVUq1JI2eXR0LhwEMU,37092
 soar_sdk/app_cli_runner.py,sha256=K1ATWyGs0iNgPfIjMthsN72laOXqXCFZNEXfuzAMOM4,11645
 soar_sdk/app_client.py,sha256=hbe1R2QwXDmoS4959a-ay9oylD1Qk-oPJvJRnxvICz0,6281
-soar_sdk/asset.py,sha256=CUCFjUVAawrk3hyGvQn_qNApqJx8J4VxzD--iGEE2pc,12123
+soar_sdk/asset.py,sha256=lPvF7-_tGQf39rdXMIecz5x0l4CcE4kPSl6qjaq-ClE,12967
 soar_sdk/asset_state.py,sha256=qh4n8IoabVObIZXRPyM0zznwC5LcJpbADcybmDdQABc,2318
 soar_sdk/async_utils.py,sha256=Dz7RagIRjyIagA9vivHWSb18S96J2WOuDB8B5Zy64AE,1428
 soar_sdk/colors.py,sha256=--i_iXqfyITUz4O95HMjfZQGbwFZ34bLmBhtfpXXqlQ,1095
@@ -84,7 +84,7 @@ soar_sdk/models/__init__.py,sha256=YZVAcBguAlUsxAnBBL6jSguJEzf5PYCtdvbNyU1XfEU,3
 soar_sdk/models/artifact.py,sha256=G8hv9wPPoRgrAQzIf-YlCSjAlkHEcIPF389T1bo4yHw,1087
 soar_sdk/models/attachment_input.py,sha256=s2mkEsRVb52yqHtb4Q7FzC9j8A4-Q8W4wCDqMJQZ8cc,1043
 soar_sdk/models/container.py,sha256=Cnn-Grha8qUFHHBxLUcEvo81sC3z483oItJ4GhRiTmg,1528
-soar_sdk/models/finding.py,sha256=Evga9Jrp3TfSVdAQlAkZ7UHDkUjaQYicYYY1S5bIruY,1404
+soar_sdk/models/finding.py,sha256=74tQySVi-pExAaVp2fbJt44a28tq2S0ny5C7Lsa7me8,1636
 soar_sdk/models/vault_attachment.py,sha256=sdRnQdPiwgaZDojpap4ohH7u1Q5TYGP-drs8Ko4p_aU,1073
 soar_sdk/models/view.py,sha256=BUuz6VVVe78hg7irGgZCbvBcycOmuPqplkagdi3T4Dg,779
 soar_sdk/shims/phantom/action_result.py,sha256=Nddc9oswAfHU7I2q0pLm3HZ2YiLUQZUEIqqAjToZWnM,1606
@@ -116,8 +116,8 @@ soar_sdk/views/components/pie_chart.py,sha256=LVTeHVJN6nf2vjUs9y7PDBhS0U1fKW750l
 soar_sdk/webhooks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/webhooks/models.py,sha256=j3kbvYmcOlcj3gQYKtrv7iS-lDavMKYNLdCNMy_I2Hc,4542
 soar_sdk/webhooks/routing.py,sha256=OjezhuAb8wzW0MnbGSnIWeAH3uJcu-Sb7s3w9zoiPVM,6873
-splunk_soar_sdk-3.8.1.dist-info/METADATA,sha256=77J-AZGoWNo716WsgJyepjKsR9fxgZoJ-g_EdHBnjHI,7544
-splunk_soar_sdk-3.8.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-splunk_soar_sdk-3.8.1.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
-splunk_soar_sdk-3.8.1.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
-splunk_soar_sdk-3.8.1.dist-info/RECORD,,
+splunk_soar_sdk-3.8.2.dist-info/METADATA,sha256=0f5Gl5H3xKtQbZrKZ7_r-5qRvH8gE3dw0ERKRqrVJug,7544
+splunk_soar_sdk-3.8.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+splunk_soar_sdk-3.8.2.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
+splunk_soar_sdk-3.8.2.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
+splunk_soar_sdk-3.8.2.dist-info/RECORD,,