ansible-collections / splunk.es Goto Github PK
View Code? Open in Web Editor NEWAnsible Collection for Splunk Enterprise
License: GNU General Public License v3.0
Ansible Collection for Splunk Enterprise
License: GNU General Public License v3.0
This collection will be included in Ansible 2.10 because it contains modules and/or plugins that were included in Ansible 2.9. Please review:
The latest version of the collection available on August 18 will be included in Ansible 2.10.0, except possibly newer versions which differ only in the patch level. (For details, see the roadmap). Please release version 1.0.0 of your collection by this date! If 1.0.0 does not exist, the same 0.x.y version will be used in all of Ansible 2.10 without updates, and your 1.x.y release will not be included until Ansible 2.11 (unless you request an exception at a community working group meeting and go through a demanding manual process to vouch for backwards compatibility . . . you want to avoid this!).
Your collection versioning must follow all semver rules. This means:
Your collection should provide data for the Ansible 2.10 changelog and porting guide. The changelog and porting guide are automatically generated from ansible-base, and from the changelogs of the included collections. All changes from the breaking_changes
, major_changes
, removed_features
and deprecated_features
sections will appear in both the changelog and the porting guide. You have two options for providing changelog fragments to include:
changelogs/changelog.yaml
inside your collection (see the documentation of changelogs/changelog.yaml format).If you cannot contribute to the integrated Ansible changelog using one of these methods, please provide a link to your collection's changelog by creating an issue in https://github.com/ansible-community/ansible-build-data/. If you do not provide changelogs/changelog.yml
or a link, users will not be able to find out what changed in your collection from the Ansible changelog and porting guide.
Run ansible-test sanity --docker -v
in the collection with the latest ansible-base or stable-2.10
ansible/ansible checkout.
Be sure you're subscribed to:
If you have questions or want to provide feedback, please see the Feedback section in the collection requirements.
(Internal link to keep track of issues: ansible-collections/overview#102)
We are happy to announce that the registration for the Ansible Contributor Summit is open!
This is a great opportunity for interested people to meet, discuss related topics, share their stories and opinions, get the latest important updates and just to hang out together.
There will be different announcements & presentations by Community, Core, Cloud, Network, and other teams.
Current contributors will be happy to share their stories and experience with newcomers.
There will be links to interactive self-passed instruqt scenarios shared during the event that help newcomers learn different aspects of development.
Online on Matrix and Youtube. Tuesday, April 12, 2022, 12:00 - 20:00 UTC.
Add the event to your calendar. Use the ical URL (for example, in Google Calendar "Add other calendars" > "Import from URL") instead of importing the .ics file so that any updates to the event will be reflected in your calendar.
Check out the Summit page:
We are looking forward to seeing you!:)
Heja there,
sorry to bother you with this questions: I am currently building some modules around the ITSI API along-side our installation here. Now I understand, that those would not fit into this collection so something like splunk.itsi would be better. I also understand that community driven collections are prefixed with community.* and vendor driven with vendor.* but obviously we would love to see an vendor collection we can contribute to.
Long story short: do you have any @ for me where how we could start that collection?
Or should I just poke @gundalow for creating an community one? wave
Based on the community decision to use true/false
for boolean values in documentation and examples, we ask that you evaluate booleans in this collection and consider changing any that do not use true/false
(lowercase).
See documentation block format for more info (specifically, option defaults).
If you have already implemented this or decide not to, feel free to close this issue.
P.S. This is auto-generated issue, please raise any concerns here
We are running sanity tests across every collection included in the Ansible community package (as part of this issue) and found that ansible-test sanity --docker
against splunk.es 2.0.0 fails with ansible-core 2.13.0rc1 in ansible 6.0.0a2.
n/a
ansible [core 2.13.0rc1]
2.0.0
ansible-test sanity --docker
Tests are either passing or ignored.
ERROR: Found 8 validate-modules issue(s) which need to be resolved:
ERROR: plugins/httpapi/splunk.py:0:0: invalid-documentation: DOCUMENTATION.author: Invalid author for dictionary value @ data['author']. Got 'Ansible Security Automation Team'
ERROR: plugins/httpapi/splunk.py:0:0: invalid-documentation: DOCUMENTATION.httpapi: extra keys not allowed @ data['httpapi']. Got 'splunk'
ERROR: plugins/httpapi/splunk.py:0:0: invalid-documentation: DOCUMENTATION.name: required key not provided @ data['name']. Got None
ERROR: plugins/modules/splunk_adaptive_response_notable_event.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'adaptive_response_notable_event'
ERROR: plugins/modules/splunk_correlation_search.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'correlation_search'
ERROR: plugins/modules/splunk_correlation_search_info.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'correlation_search_info'
ERROR: plugins/modules/splunk_data_input_monitor.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'data_input_monitor'
ERROR: plugins/modules/splunk_data_input_network.py:0:0: invalid-documentation: DOCUMENTATION.module: not a valid value for dictionary value @ data['module']. Got 'data_input_network'
ERROR: The 1 sanity test(s) listed below (out of 43) failed. See error output above for details.
validate-modules
ERROR: Command "podman exec ansible-test-controller-FQH9InD7 /usr/bin/env ANSIBLE_TEST_CONTENT_ROOT=/root/ansible_collections/splunk/es LC_ALL=en_US.UTF-8 /usr/bin/python3.10 /root/ansible/bin/ansible-test sanity --containers '{}' --skip-test pylint --metadata tests/output/.tmp/metadata-8th72nog.json --truncate 0 --color no --host-path tests/output/.tmp/host-io87ffa1" returned exit status 1.
According to the collection requirements,
default branches of the existing repositories under ansible_collections
SHOULD be converted to use main.
I didn't realise from https://galaxy.ansible.com/splunk/enterprise_security that this was deprecated, may I suggest
remove all content
publish to Galaxy
Set the deprecated flag in Galaxy
Archive the GitHub repo
I'm not sure if any of the maintainers here are also maintainers of the ansible-role-for-splunk, but would it be possible to include that role in this (or other splunk namespaced) collection?
role:
- name: splunk.es.splunk
While it is not necessary, I think it would be convenient to source the splunk role from a collection rather than directly from Github (I don't think even the standalone role is available on galaxy.ansible.com).
Trying to install the splunk.se collection reading the doc provided but it fails with following error all the time
root@splunk:~# ansible-galaxy collection install splunk.es
ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
root@splunk:## ansible-galaxy collection install splunk.es --ignore-errors
---- with ignore-errors
root@splunk:
downloading role 'collection', owned by
[WARNING]: - collection was NOT installed successfully: Content has no field named 'owner'
downloading role 'es', owned by splunk
[WARNING]: - splunk.es was NOT installed successfully: - sorry, splunk.es was not found on
https://galaxy.ansible.com.
root@splunk:~#
root@splunk:~# ansible --version
ansible 2.5.1
Ubuntu 18.4
This functionality would allow to programatically manage risk objects defined within a correlation search. Currently this is not supported at all.
Risk based Alerting information:
https://lantern.splunk.com/Security/UCE/Guided_Insights/Risk-based_alerting/Implementing_risk-based_alerting
New module: splunk_adaptive_response_risk_analysis_events
Usage: exactly the same as other modules from this collection but using different fields / data structures
- name: Add adaptive response risk analysis events config
splunk.es.splunk_adaptive_response_risk_analysis_events:
config:
- correlation_search_name: "{{ correlation_search }}"
name: "{{ risk_message_title }}"
description: "{{ correlation_search_description }}"
risk_modifiers:
risk_objects:
- risk_object_field: value11
risk_object_type: value12
risk_object_score: value13
- risk_object_field: value21
risk_object_type: value22
risk_object_score: value23
[...]
threat_objects:
- threat_object_field: value31
threat_object_type: value32
- threat object_field: value41
threat_object_type: value42
[...]
state: merged
N/A
Dear maintainers,
This is important for your collections!
In accordance with the Community decision, we have created the news-for-maintainers repository for announcements of changes impacting collection maintainers (see the examples) instead of Issue 45 that will be closed soon.
Watch
button in the upper right corner on the repository's home page.Issues
.Also we would like to remind you about the Bullhorn contributor newsletter which has recently started to be released weekly. To learn what it looks like, see the past releases. Please subscribe and talk to the Community via Bullhorn!
Join us in #ansible-social (for news reporting & chat), #ansible-community (for discussing collection & maintainer topics), and other channels on Matrix/IRC.
Help the Community and the Steering Committee to make right decisions by taking part in discussing and voting on the Community Topics that impact the whole project and the collections in particular. Your opinion there will be much appreciated!
Thank you!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.