splunk-soar-sdk 3.8.1__py3-none-any.whl → 3.9.0__py3-none-any.whl

soar_sdk/action_results.py

@@ -1,13 +1,12 @@
 import itertools
-import types
 from collections.abc import Iterator
-from typing import Any, NotRequired, Union, get_args, get_origin
+from typing import Any, NotRequired
 
-from pydantic import BaseModel, ConfigDict, Field
+from pydantic import BaseModel, ConfigDict, Field, model_validator
 from typing_extensions import TypedDict
 
 from soar_sdk.compat import remove_when_soar_newer_than
-from soar_sdk.field_utils import parse_json_schema_extra
+from soar_sdk.field_utils import normalize_field_annotation, parse_json_schema_extra
 from soar_sdk.meta.datatypes import as_datatype
 from soar_sdk.shims.phantom.action_result import ActionResult as PhantomActionResult
 
@@ -164,13 +163,32 @@ class ActionOutput(BaseModel):
         ...     )  # Model fields can't start with an underscore, so we're using an alias to create the proper JSON key
 
     Note:
-        Fields cannot be Union or Optional types. Use specific types only.
+        Fields cannot be Union types other than Optional.
         Nested ActionOutput classes are supported for complex data structures.
     """
 
     # Allow instantiation with both field names and aliases for backward compatibility
     model_config = ConfigDict(populate_by_name=True)
 
+    @model_validator(mode="before")
+    @classmethod
+    def _apply_optional_defaults(cls, values: Any) -> Any:  # noqa: ANN401
+        """Populate missing optional fields with ``None`` before validation."""
+        for field_name, field in cls.model_fields.items():
+            if field_name in values or (field.alias and field.alias in values):
+                continue
+
+            normalized = normalize_field_annotation(
+                field.annotation,
+                field_name=field_name,
+                context="Output",
+                allow_list=True,
+            )
+            if normalized.is_optional:
+                values[field_name] = None
+
+        return values
+
     @classmethod
     def _to_json_schema(
         cls,
@@ -193,7 +211,7 @@ class ActionOutput(BaseModel):
             OutputFieldSpecification objects describing each field in the schema.
 
         Raises:
-            TypeError: If a field type cannot be serialized, is Union/Optional,
+            TypeError: If a field type cannot be serialized, is an unsupported Union,
                 or if a nested ActionOutput type is encountered incorrectly.
 
         Note:
@@ -211,36 +229,18 @@ class ActionOutput(BaseModel):
             if field_type is None:
                 continue
 
-            datapath = parent_datapath + f".{field_name}"
-
-            # Handle lists and optional types, even nested ones
-            origin = get_origin(field_type)
-            while origin in [list, Union, types.UnionType]:
-                type_args = [
-                    arg
-                    for arg in get_args(field_type)
-                    if arg is not type(None) and arg is not None
-                ]
-
-                if origin is list:
-                    if len(type_args) != 1:
-                        raise TypeError(
-                            f"Output field {field_name} is invalid: List types must have exactly one non-null type argument."
-                        )
-                    datapath += ".*"
-                else:
-                    if len(type_args) != 1:
-                        raise TypeError(
-                            f"Output field {field_name} is invalid: the only valid Union type is Optional, or Union[X, None]."
-                        )
-
-                field_type = type_args[0]
-                origin = get_origin(field_type)
-
-            if not isinstance(field_type, type):
-                raise TypeError(
-                    f"Output field {field_name} has invalid type annotation: {field_type}"
-                )
+            normalized = normalize_field_annotation(
+                field_type,
+                field_name=field_name,
+                context="Output",
+                allow_list=True,
+            )
+
+            datapath = (
+                parent_datapath + f".{field_name}" + (".*" * normalized.list_depth)
+            )
+
+            field_type = normalized.base_type
 
             if issubclass(field_type, ActionOutput):
                 # If the field is another ActionOutput, recursively call _to_json_schema

soar_sdk/asset.py

@@ -9,7 +9,11 @@ from typing_extensions import TypedDict
 from soar_sdk.asset_state import AssetState
 from soar_sdk.compat import remove_when_soar_newer_than
 from soar_sdk.exceptions import AppContextRequired
-from soar_sdk.field_utils import parse_json_schema_extra
+from soar_sdk.field_utils import (
+    normalize_field_annotation,
+    parse_json_schema_extra,
+    resolve_required,
+)
 from soar_sdk.input_spec import AppConfig
 from soar_sdk.meta.datatypes import as_datatype
 
@@ -28,7 +32,7 @@ class FieldCategory(str, Enum):
 
 def AssetField(
     description: str | None = None,
-    required: bool = True,
+    required: bool | None = None,
     default: Any | None = None,  # noqa: ANN401
     value_list: list | None = None,
     sensitive: bool = False,
@@ -41,7 +45,9 @@ def AssetField(
     Args:
         description: Human-friendly label for the field shown in the asset form.
         required: Whether the field must be provided. When True and ``default`` is
-            ``None``, the field is marked as required in the manifest.
+            ``None``, the field is marked as required in the manifest. Deprecated:
+            this will be removed in the next major version. Prefer Optional type
+            hints (``str | None``) to indicate optional fields.
         default: Default value for optional fields. Ignored when ``required`` is
             True and no explicit default is provided.
         value_list: Optional dropdown options presented to the user.
@@ -65,13 +71,20 @@ def AssetField(
         json_schema_extra["is_file"] = True
 
     # Use ... for required fields
-    field_default: Any = ... if default is None and required else default
+    field_default: Any = (
+        ... if default is None and (required is True or required is None) else default
+    )
+    validate_default = None
+    if required is False and default is None:
+        # Preserve legacy optional behavior for non-optional type hints
+        validate_default = False
 
     return Field(
         default=field_default,
         description=description,
         alias=alias,
         json_schema_extra=json_schema_extra,
+        validate_default=validate_default,
     )
 
 
@@ -137,6 +150,25 @@ class BaseAsset(BaseModel):
         arbitrary_types_allowed=True,
     )
 
+    @model_validator(mode="before")
+    @classmethod
+    def _apply_optional_defaults(cls, values: Any) -> Any:  # noqa: ANN401
+        """Populate missing optional fields with ``None`` before validation."""
+        for field_name, field in cls.model_fields.items():
+            if field_name in values or (field.alias and field.alias in values):
+                continue
+
+            normalized = normalize_field_annotation(
+                field.annotation,
+                field_name=field_name,
+                context="Asset field",
+                allow_list=False,
+            )
+            if normalized.is_optional:
+                values[field_name] = None
+
+        return values
+
     @model_validator(mode="before")
     @classmethod
     def validate_no_reserved_fields(cls, values: dict[str, Any]) -> dict[str, Any]:
@@ -211,8 +243,15 @@ class BaseAsset(BaseModel):
             if field_type is None:
                 continue
 
+            normalized = normalize_field_annotation(
+                field_type,
+                field_name=field_name,
+                context="Asset field",
+                allow_list=False,
+            )
+
             try:
-                type_name = as_datatype(field_type)
+                type_name = as_datatype(normalized.base_type)
             except TypeError as e:
                 raise TypeError(
                     f"Failed to serialize asset field {field_name}: {e}"
@@ -221,16 +260,16 @@ class BaseAsset(BaseModel):
             json_schema_extra = parse_json_schema_extra(field.json_schema_extra)
 
             if json_schema_extra.get("sensitive", False):
-                if field_type is not str:
+                if normalized.base_type is not str:
                     raise TypeError(
-                        f"Sensitive parameter {field_name} must be type str, not {field_type.__name__}"
+                        f"Sensitive parameter {field_name} must be type str, not {normalized.base_type.__name__}"
                     )
                 type_name = "password"
 
             if json_schema_extra.get("is_file", False):
-                if field_type is not str:
+                if normalized.base_type is not str:
                     raise TypeError(
-                        f"File parameter {field_name} must be type str, not {field_type.__name__}"
+                        f"File parameter {field_name} must be type str, not {normalized.base_type.__name__}"
                     )
                 type_name = "file"
 
@@ -239,7 +278,7 @@ class BaseAsset(BaseModel):
 
             params_field = AssetFieldSpecification(
                 data_type=type_name,
-                required=bool(json_schema_extra.get("required", True)),
+                required=resolve_required(json_schema_extra, normalized.is_optional),
                 description=description,
                 order=field_order,
                 category=json_schema_extra.get("category", FieldCategory.CONNECTIVITY),
@@ -300,3 +339,29 @@ class BaseAsset(BaseModel):
         if self._ingest_state is None:
             raise AppContextRequired()
         return self._ingest_state
+
+
+class ESIngestMixin:
+    """Mixin for apps that support ES polling (on_es_poll).
+
+    Add this mixin to your Asset class to include ES Ingest Settings fields.
+    These fields are configured in the ES UI and control how findings are created.
+
+    Example:
+        >>> class Asset(BaseAsset, ESIngestMixin):
+        ...     server: str = AssetField(description="API server URL")
+        ...     api_key: str = AssetField(description="API key", sensitive=True)
+    """
+
+    es_security_domain: str = AssetField(
+        required=False,
+        description="Security domain for ES findings",
+        default="threat",
+        category=FieldCategory.INGEST,
+    )
+    es_urgency: str = AssetField(
+        required=False,
+        description="Urgency level for ES findings",
+        default="medium",
+        category=FieldCategory.INGEST,
+    )

soar_sdk/cli/manifests/serializers.py

@@ -4,7 +4,7 @@ from logging import getLogger
 from typing import Any
 
 from soar_sdk.action_results import ActionOutput, OutputFieldSpecification
-from soar_sdk.field_utils import parse_json_schema_extra
+from soar_sdk.field_utils import normalize_field_annotation, parse_json_schema_extra
 from soar_sdk.meta.datatypes import as_datatype
 from soar_sdk.params import Params
 
@@ -42,9 +42,18 @@ class OutputsSerializer:
             if annotation is None:
                 continue
 
+            normalized = normalize_field_annotation(
+                annotation,
+                field_name=field_name,
+                context="Action parameter",
+                allow_list=False,
+            )
+
+            parameter_name = field.alias or field_name
+
             spec = OutputFieldSpecification(
-                data_path=f"action_result.parameter.{field_name}",
-                data_type=as_datatype(annotation),
+                data_path=f"action_result.parameter.{parameter_name}",
+                data_type=as_datatype(normalized.base_type),
             )
 
             json_schema_extra = parse_json_schema_extra(field.json_schema_extra)

soar_sdk/code_renderers/action_renderer.py

@@ -1,5 +1,4 @@
 import ast
-import typing
 from collections.abc import Iterator
 from typing import ClassVar
 
@@ -8,7 +7,11 @@ from pydantic_core import PydanticUndefined
 from soar_sdk.action_results import ActionOutput
 from soar_sdk.cli.utils import normalize_field_name
 from soar_sdk.code_renderers.renderer import AstRenderer
-from soar_sdk.field_utils import parse_json_schema_extra
+from soar_sdk.field_utils import (
+    normalize_field_annotation,
+    parse_json_schema_extra,
+    resolve_required,
+)
 from soar_sdk.meta.actions import ActionMeta
 from soar_sdk.params import Params
 
@@ -171,6 +174,23 @@ class ActionRenderer(AstRenderer[ActionMeta]):
         """
         return self.context
 
+    @staticmethod
+    def _build_annotation(base_type: type, list_depth: int, required: bool) -> ast.expr:
+        annotation: ast.expr = ast.Name(id=base_type.__name__, ctx=ast.Load())
+        for _ in range(list_depth):
+            annotation = ast.Subscript(
+                value=ast.Name(id="list", ctx=ast.Load()),
+                slice=annotation,
+                ctx=ast.Load(),
+            )
+        if not required:
+            annotation = ast.BinOp(
+                left=annotation,
+                op=ast.BitOr(),
+                right=ast.Constant(value=None),
+            )
+        return annotation
+
     def render_ast(self) -> Iterator[ast.stmt]:
         """Generates the AST for the action.
 
@@ -284,16 +304,15 @@ class ActionRenderer(AstRenderer[ActionMeta]):
             if annotation is None:
                 continue
 
-            annotation_str = "{name}"
-            while typing.get_origin(annotation) is list:
-                annotation_str = f"list[{annotation_str}]"
-                annotation = typing.get_args(annotation)[0]
-
-            # Ensure annotation is a valid type after unwrapping
-            if not isinstance(annotation, type):
-                continue
+            normalized = normalize_field_annotation(
+                annotation,
+                field_name=field_name_str,
+                context="Output",
+                allow_list=True,
+            )
 
-            annotation_str = annotation_str.format(name=annotation.__name__)
+            json_schema_extra = parse_json_schema_extra(field.json_schema_extra)
+            required = resolve_required(json_schema_extra, normalized.is_optional)
 
             field_name = normalize_field_name(field_name_str)
             if field.alias is not None and field.alias != field_name.normalized:
@@ -302,14 +321,16 @@ class ActionRenderer(AstRenderer[ActionMeta]):
 
             field_def_ast = ast.AnnAssign(
                 target=ast.Name(id=field_name.normalized, ctx=ast.Store()),
-                annotation=ast.Name(id=annotation_str, ctx=ast.Load()),
+                annotation=self._build_annotation(
+                    normalized.base_type, normalized.list_depth, required
+                ),
                 simple=1,
             )
 
-            if isinstance(annotation, type) and issubclass(annotation, ActionOutput):
+            if issubclass(normalized.base_type, ActionOutput):
                 # If the field is a Pydantic model, recursively print its fields
                 # In Pydantic v2, use annotation directly (no field.type_)
-                for model_ast in self.render_outputs_ast(annotation):
+                for model_ast in self.render_outputs_ast(normalized.base_type):
                     model_tree[model_ast.name] = model_ast
 
                 if field_name.modified:
@@ -325,7 +346,7 @@ class ActionRenderer(AstRenderer[ActionMeta]):
                     )
             else:
                 keywords = []
-                extras = {**parse_json_schema_extra(field.json_schema_extra)}
+                extras = {**json_schema_extra}
 
                 if extras or field_name.modified:
                     extras["example_values"] = extras.pop("examples", None)
@@ -388,7 +409,18 @@ class ActionRenderer(AstRenderer[ActionMeta]):
             if field_def.annotation is None:
                 continue
 
-            field_type = ast.Name(id=field_def.annotation.__name__, ctx=ast.Load())
+            normalized = normalize_field_annotation(
+                field_def.annotation,
+                field_name=field_name,
+                context="Action parameter",
+                allow_list=False,
+            )
+
+            json_schema_extra = parse_json_schema_extra(field_def.json_schema_extra)
+            required = resolve_required(json_schema_extra, normalized.is_optional)
+            field_type = self._build_annotation(
+                normalized.base_type, normalized.list_depth, required
+            )
 
             param = ast.Call(
                 func=ast.Name(id="Param", ctx=ast.Load()),
@@ -396,8 +428,6 @@ class ActionRenderer(AstRenderer[ActionMeta]):
                 keywords=[],
             )
 
-            json_schema_extra = parse_json_schema_extra(field_def.json_schema_extra)
-
             if field_def.description:
                 param.keywords.append(
                     ast.keyword(
@@ -405,10 +435,6 @@ class ActionRenderer(AstRenderer[ActionMeta]):
                         value=ast.Constant(value=field_def.description),
                     )
                 )
-            if not json_schema_extra.get("required", True):
-                param.keywords.append(
-                    ast.keyword(arg="required", value=ast.Constant(value=False))
-                )
             if json_schema_extra.get("primary", False):
                 param.keywords.append(
                     ast.keyword(arg="primary", value=ast.Constant(value=True))
@@ -445,6 +471,14 @@ class ActionRenderer(AstRenderer[ActionMeta]):
                     ast.keyword(arg="allow_list", value=ast.Constant(value=True))
                 )
 
+            if field_def.alias and field_def.alias != field_name:
+                param.keywords.append(
+                    ast.keyword(
+                        arg="alias",
+                        value=ast.Constant(value=field_def.alias),
+                    )
+                )
+
             field_def_ast = ast.AnnAssign(
                 target=ast.Name(id=field_name, ctx=ast.Store()),
                 annotation=field_type,

soar_sdk/code_renderers/asset_renderer.py

@@ -56,11 +56,15 @@ class AssetRenderer(AstRenderer[list[AssetContext]]):
 
         for field in self.context:
             field_name = ast.Name(id=field.name, ctx=ast.Store())
-            field_type = ast.Name(id=field.py_type, ctx=ast.Load())
+            field_type: ast.expr = ast.Name(id=field.py_type, ctx=ast.Load())
+            if not field.required:
+                field_type = ast.BinOp(
+                    left=field_type,
+                    op=ast.BitOr(),
+                    right=ast.Constant(value=None),
+                )
 
-            field_kwargs = [
-                ast.keyword(arg="required", value=ast.Constant(value=field.required)),
-            ]
+            field_kwargs = []
             if field.description is not None:
                 field_kwargs.append(
                     ast.keyword(

soar_sdk/field_utils.py

@@ -1,4 +1,6 @@
-from typing import Any
+import types
+from dataclasses import dataclass
+from typing import Any, Union, get_args, get_origin
 
 
 def parse_json_schema_extra(json_schema_extra: Any) -> dict[str, Any]:  # noqa: ANN401
@@ -6,3 +8,85 @@ def parse_json_schema_extra(json_schema_extra: Any) -> dict[str, Any]:  # noqa:
     if callable(json_schema_extra):
         return {}
     return json_schema_extra or {}
+
+
+@dataclass(frozen=True)
+class NormalizedFieldType:
+    """Normalized field annotation details."""
+
+    base_type: type
+    list_depth: int
+    is_optional: bool
+
+
+def normalize_field_annotation(
+    annotation: Any,  # noqa: ANN401
+    *,
+    field_name: str,
+    context: str,
+    allow_list: bool,
+) -> NormalizedFieldType:
+    """Normalize an annotation by unwrapping Optional and list types.
+
+    Args:
+        annotation: The field annotation to normalize.
+        field_name: Name of the field for error reporting.
+        context: Context string for error reporting (e.g., "parameter").
+        allow_list: Whether list types are allowed.
+
+    Returns:
+        NormalizedFieldType describing the base type, list nesting, and optionality.
+
+    Raises:
+        TypeError: If unsupported unions or list shapes are encountered.
+    """
+    list_depth = 0
+    is_optional = False
+
+    while True:
+        origin = get_origin(annotation)
+        if origin is list:
+            type_args = get_args(annotation)
+            if len(type_args) != 1:
+                raise TypeError(
+                    f"{context} field {field_name} is invalid: list types must have exactly one type argument."
+                )
+            list_depth += 1
+            annotation = type_args[0]
+            continue
+
+        if origin in (types.UnionType, Union):
+            # types.UnionType is for `X | Y` (Python 3.10+)
+            type_args = tuple(
+                arg for arg in get_args(annotation) if arg is not type(None)
+            )
+            if len(type_args) != 1:
+                raise TypeError(
+                    f"{context} field {field_name} is invalid: only Optional[T] is supported for unions."
+                )
+            is_optional = True
+            annotation = type_args[0]
+            continue
+
+        break
+
+    if list_depth and not allow_list:
+        raise TypeError(
+            f"{context} field {field_name} is invalid: list types are not supported."
+        )
+
+    if not isinstance(annotation, type):
+        raise TypeError(
+            f"{context} field {field_name} has invalid type annotation: {annotation}"
+        )
+
+    return NormalizedFieldType(
+        base_type=annotation, list_depth=list_depth, is_optional=is_optional
+    )
+
+
+def resolve_required(json_schema_extra: dict[str, Any], is_optional: bool) -> bool:
+    """Resolve required flag using JSON schema metadata and optionality."""
+    if "required" in json_schema_extra:
+        return bool(json_schema_extra.get("required"))
+    return not is_optional

soar_sdk/models/finding.py

@@ -21,20 +21,26 @@ class DrilldownDashboard(BaseModel):
 
 
 class Finding(BaseModel):
-    """Represents a finding to be created during on_finding.
+    """Represents a finding to be created during on_es_poll.
 
     Findings are stored in ES and can be associated with SOAR containers/artifacts
     for investigation workflow.
+
+    Only rule_title and security_domain are required. All other fields are optional
+    and will use ES defaults if not provided.
     """
 
     model_config = ConfigDict(extra="forbid")
 
+    # Required fields
     rule_title: str
-    rule_description: str
     security_domain: str
-    risk_object: str
-    risk_object_type: str
-    risk_score: float
+
+    # Optional fields
+    rule_description: str | None = None
+    risk_object: str | None = None
+    risk_object_type: str | None = None
+    risk_score: float | None = None
     status: str | None = None
     urgency: str | None = None
     owner: str | None = None

soar_sdk/params.py

@@ -1,12 +1,16 @@
 from typing import Any, ClassVar, NotRequired
 
-from pydantic import Field
+from pydantic import Field, model_validator
 from pydantic.main import BaseModel
 from pydantic_core import PydanticUndefined
 from typing_extensions import TypedDict
 
 from soar_sdk.compat import remove_when_soar_newer_than
-from soar_sdk.field_utils import parse_json_schema_extra
+from soar_sdk.field_utils import (
+    normalize_field_annotation,
+    parse_json_schema_extra,
+    resolve_required,
+)
 from soar_sdk.meta.datatypes import as_datatype
 
 remove_when_soar_newer_than(
@@ -18,7 +22,7 @@ MAX_COUNT_VALUE = 4294967295
 
 def Param(
     description: str | None = None,
-    required: bool = True,
+    required: bool | None = None,
     primary: bool = False,
     default: Any | None = None,  # noqa: ANN401
     value_list: list | None = None,
@@ -40,6 +44,8 @@ def Param(
       This key also works in conjunction with value_list.
     :param required: Whether or not this parameter is mandatory for this action
       to function. If this parameter is not provided, the action fails.
+      Deprecated: this will be removed in the next major version. Prefer
+      using Optional type hints (``str | None``) to indicate optional fields.
     :param primary: Specifies if the action acts primarily on this parameter or not.
       It is used in conjunction with the contains field to display a list of contextual
       actions where the user clicks on a piece of data in the UI.
@@ -74,13 +80,21 @@ def Param(
         json_schema_extra["column_name"] = column_name
 
     # Use ... for required fields
-    field_default: Any = ... if default is None and required else default
+    field_default: Any = (
+        ... if default is None and (required is True or required is None) else default
+    )
+
+    validate_default = None
+    if required is False and default is None:
+        # Preserve legacy optional behavior for non-optional type hints
+        validate_default = False
 
     return Field(
         default=field_default,
         description=description,
         alias=alias,
         json_schema_extra=json_schema_extra if json_schema_extra else None,
+        validate_default=validate_default,
     )
 
 
@@ -108,6 +122,25 @@ class Params(BaseModel):
     Params fields can be optional if desired, or optionally have a default value, CEF type, and other metadata defined in :func:`soar_sdk.params.Param`.
     """
 
+    @model_validator(mode="before")
+    @classmethod
+    def _apply_optional_defaults(cls, values: Any) -> Any:  # noqa: ANN401
+        """Populate missing optional fields with ``None`` before validation."""
+        for field_name, field in cls.model_fields.items():
+            if field_name in values or (field.alias and field.alias in values):
+                continue
+
+            normalized = normalize_field_annotation(
+                field.annotation,
+                field_name=field_name,
+                context="Action parameter",
+                allow_list=False,
+            )
+            if normalized.is_optional:
+                values[field_name] = None
+
+        return values
+
     @staticmethod
     def _default_field_description(field_name: str) -> str:
         words = field_name.split("_")
@@ -123,8 +156,15 @@ class Params(BaseModel):
             if field_type is None:
                 raise TypeError(f"Parameter {field_name} has no type annotation")
 
+            normalized = normalize_field_annotation(
+                field_type,
+                field_name=field_name,
+                context="Action parameter",
+                allow_list=False,
+            )
+
             try:
-                type_name = as_datatype(field_type)
+                type_name = as_datatype(normalized.base_type)
             except TypeError as e:
                 raise TypeError(
                     f"Failed to serialize action parameter {field_name}: {e}"
@@ -133,9 +173,9 @@ class Params(BaseModel):
             json_schema_extra = parse_json_schema_extra(field.json_schema_extra)
 
             if json_schema_extra.get("sensitive", False):
-                if field_type is not str:
+                if normalized.base_type is not str:
                     raise TypeError(
-                        f"Sensitive parameter {field_name} must be type str, not {field_type.__name__}"
+                        f"Sensitive parameter {field_name} must be type str, not {normalized.base_type.__name__}"
                     )
                 type_name = "password"
 
@@ -147,7 +187,7 @@ class Params(BaseModel):
                 name=field_name,
                 description=description,
                 data_type=type_name,
-                required=bool(json_schema_extra.get("required", True)),
+                required=resolve_required(json_schema_extra, normalized.is_optional),
                 primary=bool(json_schema_extra.get("primary", False)),
                 allow_list=bool(json_schema_extra.get("allow_list", False)),
             )

{splunk_soar_sdk-3.8.1.dist-info → splunk_soar_sdk-3.9.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: splunk-soar-sdk
-Version: 3.8.1
+Version: 3.9.0
 Summary: The official framework for developing and testing Splunk SOAR Apps
 Project-URL: Homepage, https://github.com/phantomcyber/splunk-soar-sdk
 Project-URL: Documentation, https://github.com/phantomcyber/splunk-soar-sdk

{splunk_soar_sdk-3.8.1.dist-info → splunk_soar_sdk-3.9.0.dist-info}/RECORD

@@ -1,11 +1,11 @@
 soar_sdk/__init__.py,sha256=RzAng-ARqpK01SY82lNy4uYJFVG0yW6Q3CccEqbToJ4,726
 soar_sdk/abstract.py,sha256=GycJhTrSNDa7eDg8hOD7hJjIt5eHEykZhpza-jh_Veo,7787
-soar_sdk/action_results.py,sha256=VUsk41l8XC1Dlz4o2XrTiUc2MWLUTIVe6YqpkREEjiY,11912
+soar_sdk/action_results.py,sha256=tN7D_E-2HCGfFn_wx_tSUtWT3nhNHB1lXKs7fqTiNkw,11692
 soar_sdk/actions_manager.py,sha256=8IYOi2k8i9LHXEhQVZ0Ig3IS1gD3iAmOJ9q0bi14g-o,7179
 soar_sdk/app.py,sha256=2bUWx1BgWS9Kwkp0aUzVWM8LTdVUq1JI2eXR0LhwEMU,37092
 soar_sdk/app_cli_runner.py,sha256=K1ATWyGs0iNgPfIjMthsN72laOXqXCFZNEXfuzAMOM4,11645
 soar_sdk/app_client.py,sha256=hbe1R2QwXDmoS4959a-ay9oylD1Qk-oPJvJRnxvICz0,6281
-soar_sdk/asset.py,sha256=CUCFjUVAawrk3hyGvQn_qNApqJx8J4VxzD--iGEE2pc,12123
+soar_sdk/asset.py,sha256=1EFup0ZNMyE2ZwMJiyj1T3TL0E_gqzU3GT4Gi88Fnpk,14425
 soar_sdk/asset_state.py,sha256=qh4n8IoabVObIZXRPyM0zznwC5LcJpbADcybmDdQABc,2318
 soar_sdk/async_utils.py,sha256=Dz7RagIRjyIagA9vivHWSb18S96J2WOuDB8B5Zy64AE,1428
 soar_sdk/colors.py,sha256=--i_iXqfyITUz4O95HMjfZQGbwFZ34bLmBhtfpXXqlQ,1095
@@ -13,10 +13,10 @@ soar_sdk/compat.py,sha256=N4bG1wqISICV92K1jLx7v5JGrHC08Bdn3Gx3Cx1lEmE,3062
 soar_sdk/crypto.py,sha256=qiBMHUQqgn5lPI1DbujSj700s89FuLJrkQgCO9_eBn4,392
 soar_sdk/es_client.py,sha256=U2NhPwGcciCfZM7ofBnfbkbHivna7rkTScwXwa39_bg,1204
 soar_sdk/exceptions.py,sha256=413-AcIM7IMixoyVk_0yDaqsUhommb784uH5vSv18lU,2129
-soar_sdk/field_utils.py,sha256=Jb0HteUPd-CtuDM7rNXVLy4uRxl419zeDxY_oOpU8GM,287
+soar_sdk/field_utils.py,sha256=qLCzAPlx4CPJ6pcy5hWWNFOB1XQMpgEdGS2_xL5F8YE,2913
 soar_sdk/input_spec.py,sha256=vvmE8AWk2VFRgsvh-Bn1eIMDAHkV-1Y73_8xM_8qVZI,4678
 soar_sdk/logging.py,sha256=Y_5RLT1Z0UcRTxDZpwXwDae7ZtwOs91Hs-UU4UOiMuk,11425
-soar_sdk/params.py,sha256=pvcQwzEJSSOM95RQ-JTfQrExzJMIKCKOVFdka6P9yYQ,10836
+soar_sdk/params.py,sha256=UN2_w9Ipsk9Xtux313I5_lG3SAgWoYJD3fY0AQyU3YU,12296
 soar_sdk/paths.py,sha256=XhpanQCAiTXaulRx440oKu36mnll7P05TethHXgMpgQ,239
 soar_sdk/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/types.py,sha256=wN-zV27IamDR67hj4QDqOWA04EVnJwcFhWOighMYEJc,616
@@ -48,15 +48,15 @@ soar_sdk/cli/manifests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3
 soar_sdk/cli/manifests/cli.py,sha256=cly5xVdj4bBIdZVMQPIWTXRgUfd1ON3qKO-76Fwql18,524
 soar_sdk/cli/manifests/deserializers.py,sha256=kwgPAMgUEXtIn4AuQOh1nkLfWFqe4qnYPZ1czB-FQTU,16516
 soar_sdk/cli/manifests/processors.py,sha256=soiRTbfLQuetstt1Xk7vKmWzOUhgVON5JxjWMvnGN7w,5141
-soar_sdk/cli/manifests/serializers.py,sha256=ulpq3nS8g1YrIP371XoQC3_kpz-9v2Ln_mqPyMtpWn8,3632
+soar_sdk/cli/manifests/serializers.py,sha256=5YbtaDuOqwxOK8K6S257AhwycoFPGl4ndd0o7Ci2qYo,3943
 soar_sdk/cli/package/cli.py,sha256=hdpVBRvVGWaYDYhpDILlA7LRhunfElLbNdh21jviKrM,10087
 soar_sdk/cli/package/utils.py,sha256=fl6PMcrdC2zA7A16byQuxxPyAI2Z-BqBLfLlF2ZNnQ4,1712
 soar_sdk/cli/test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/cli/test/cli.py,sha256=iDrthN8L7B1RplLhq0EI69MndaOhvAXn7bqv3XzlfpM,7655
 soar_sdk/code_renderers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-soar_sdk/code_renderers/action_renderer.py,sha256=JfIQpeqYlpr12WUjG5O_ciiJhtGHoBgKdRTe3kLkW5k,16490
+soar_sdk/code_renderers/action_renderer.py,sha256=dlEWP5fKBnJkFm5qHRGnuawseTYMrtbBzVeIfp_NKQ8,17560
 soar_sdk/code_renderers/app_renderer.py,sha256=Ywt8iobl6phP_5O4RhCjPLFvfaSDPmaqGPI4GfM8Oyk,7791
-soar_sdk/code_renderers/asset_renderer.py,sha256=XT8oKu8Iu044pccd8Kq1adsuoQJVM0T88mGlTh2R2WE,3833
+soar_sdk/code_renderers/asset_renderer.py,sha256=vyhmrYdHYFtzGJQxOKxr7WwK2AaVjbDTWzUqa_FOJtA,3961
 soar_sdk/code_renderers/renderer.py,sha256=a2OW5Dgz0I012qtVr9z26Kcji1i65WDnj0yd7jRoPVE,1229
 soar_sdk/code_renderers/toml_renderer.py,sha256=-zP8UzlYMCVVA5ex9slaNLeFTu4xLjkv88YLmRNLrTM,1505
 soar_sdk/code_renderers/templates/pyproject.toml.jinja,sha256=uH7SJhFD9_-kYzGHobwv04aV4Nfru1bquL30GoOirfg,3918
@@ -84,7 +84,7 @@ soar_sdk/models/__init__.py,sha256=YZVAcBguAlUsxAnBBL6jSguJEzf5PYCtdvbNyU1XfEU,3
 soar_sdk/models/artifact.py,sha256=G8hv9wPPoRgrAQzIf-YlCSjAlkHEcIPF389T1bo4yHw,1087
 soar_sdk/models/attachment_input.py,sha256=s2mkEsRVb52yqHtb4Q7FzC9j8A4-Q8W4wCDqMJQZ8cc,1043
 soar_sdk/models/container.py,sha256=Cnn-Grha8qUFHHBxLUcEvo81sC3z483oItJ4GhRiTmg,1528
-soar_sdk/models/finding.py,sha256=Evga9Jrp3TfSVdAQlAkZ7UHDkUjaQYicYYY1S5bIruY,1404
+soar_sdk/models/finding.py,sha256=74tQySVi-pExAaVp2fbJt44a28tq2S0ny5C7Lsa7me8,1636
 soar_sdk/models/vault_attachment.py,sha256=sdRnQdPiwgaZDojpap4ohH7u1Q5TYGP-drs8Ko4p_aU,1073
 soar_sdk/models/view.py,sha256=BUuz6VVVe78hg7irGgZCbvBcycOmuPqplkagdi3T4Dg,779
 soar_sdk/shims/phantom/action_result.py,sha256=Nddc9oswAfHU7I2q0pLm3HZ2YiLUQZUEIqqAjToZWnM,1606
@@ -116,8 +116,8 @@ soar_sdk/views/components/pie_chart.py,sha256=LVTeHVJN6nf2vjUs9y7PDBhS0U1fKW750l
 soar_sdk/webhooks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 soar_sdk/webhooks/models.py,sha256=j3kbvYmcOlcj3gQYKtrv7iS-lDavMKYNLdCNMy_I2Hc,4542
 soar_sdk/webhooks/routing.py,sha256=OjezhuAb8wzW0MnbGSnIWeAH3uJcu-Sb7s3w9zoiPVM,6873
-splunk_soar_sdk-3.8.1.dist-info/METADATA,sha256=77J-AZGoWNo716WsgJyepjKsR9fxgZoJ-g_EdHBnjHI,7544
-splunk_soar_sdk-3.8.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-splunk_soar_sdk-3.8.1.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
-splunk_soar_sdk-3.8.1.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
-splunk_soar_sdk-3.8.1.dist-info/RECORD,,
+splunk_soar_sdk-3.9.0.dist-info/METADATA,sha256=wfLVvI64ugKvPBMH7-hVXS7Qt3Y3BhNfH8MFECYW5Js,7544
+splunk_soar_sdk-3.9.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+splunk_soar_sdk-3.9.0.dist-info/entry_points.txt,sha256=CgBjo2ZWpYNkt9TgvToL26h2Tg1yt8FbvYTb5NVgNuc,51
+splunk_soar_sdk-3.9.0.dist-info/licenses/LICENSE,sha256=gNCGrGhrSQb1PUzBOByVUN1tvaliwLZfna-QU2r2hQ8,11345
+splunk_soar_sdk-3.9.0.dist-info/RECORD,,