def get_scheme(self):
scheme = Scheme('Cisco AMP for Endpoints Events Input')
scheme.description = 'Allows creating and managing event streams from AMP for Endpoints'
scheme.use_external_validation = False
scheme.use_single_instance = False
self.__add_scheme_arguments(scheme)
return scheme
def create_scheme(self):
scheme = Scheme("MongoDB Admin")
scheme.description = "Collect administrative events from MongoDB hosts"
commands_argument = Argument("commands")
commands_argument.title = "Admin commands"
commands_argument.data_type = Argument.data_type_string
commands_argument.description = "The admin commands to run"
commands_argument.required_on_create = True
scheme.add_argument(commands_argument)
return scheme
def create_scheme(self):
scheme = Scheme("MongoDB Admin")
scheme.description = "Collect administrative events from MongoDB hosts"
commands_argument = Argument("commands")
commands_argument.title = "Admin commands"
commands_argument.data_type = Argument.data_type_string
commands_argument.description = "The admin commands to run"
commands_argument.required_on_create = True
scheme.add_argument(commands_argument)
return scheme
def get_scheme(self):
scheme = Scheme("SEKOIA.IO Intelligence Center feed")
scheme.description = "Fetch indicators from the Intelligence Center"
scheme.use_external_validation = True
scheme.use_single_instance = True
api_key = Argument("api_key")
api_key.title = "API Key"
api_key.data_type = Argument.data_type_string
api_key.description = (
"SEKOIA.IO API Key to use to access the feed."
"Contact [email protected] if you are not sure how to get this API Key."
)
api_key.required_on_create = True
scheme.add_argument(api_key)
feed_id = Argument("feed_id")
feed_id.title = "Feed ID"
feed_id.data_type = Argument.data_type_string
feed_id.description = "Specific Feed ID to use as IOC source."
feed_id.required_on_create = False
feed_id.required_on_edit = False
scheme.add_argument(feed_id)
return scheme
def get_scheme(self):
scheme = Scheme("NDBC Observations")
scheme.description = "Streams observation events from NDBC stations."
scheme.use_external_validation = True
stations_argument = Argument("stations")
stations_argument.title = "Station IDs"
stations_argument.data_type = Argument.data_type_string
stations_argument.description = "List of station IDs separated by a space"
stations_argument.required_on_create = True
scheme.add_argument(stations_argument)
return scheme
def get_scheme(self):
scheme = Scheme("abcd")
scheme.description = u"\uC3BC and \uC3B6 and <&> f\u00FCr"
scheme.streaming_mode = scheme.streaming_mode_simple
scheme.use_external_validation = False
scheme.use_single_instance = True
arg1 = Argument("arg1")
scheme.add_argument(arg1)
arg2 = Argument("arg2")
arg2.description = u"\uC3BC and \uC3B6 and <&> f\u00FCr"
arg2.data_type = Argument.data_type_number
arg2.required_on_create = True
arg2.required_on_edit = True
arg2.validation = "is_pos_int('some_name')"
scheme.add_argument(arg2)
return scheme
def get_scheme(self):
scheme = Scheme("NDBC Observations Search")
scheme.description = "Streams observation events from nearby NDBC stations."
scheme.use_external_validation = True
latitude_argument = Argument("latitude")
latitude_argument.title = "Latitude"
latitude_argument.data_type = Argument.data_type_number
latitude_argument.description = "Latitude of the center of the search area"
latitude_argument.required_on_create = True
scheme.add_argument(latitude_argument)
longitude_argument = Argument("longitude")
longitude_argument.title = "Longitude"
longitude_argument.data_type = Argument.data_type_number
longitude_argument.description = "Longitude of the center of the search area"
longitude_argument.required_on_create = True
scheme.add_argument(longitude_argument)
radius_argument = Argument("radius")
radius_argument.title = "Radius"
radius_argument.data_type = Argument.data_type_number
radius_argument.description = "Radius in miles of the search area"
radius_argument.required_on_create = True
scheme.add_argument(radius_argument)
return scheme
def get_scheme(self):
"""Generates the scheme of the modular input.
Returns:
(Scheme): The Splunk Python SDK Scheme object.
https://github.com/splunk/splunk-sdk-python/blob/master/splunklib/modularinput/scheme.py
"""
scheme = Scheme("GitHub Stats")
scheme.description = "Get interesting statistics from GitHub for an organization."
scheme.use_external_validation = True
scheme.use_single_instance = True
# ----------------------------------------------------------------------
github_username_argument = Argument("github_username")
github_username_argument.data_type = Argument.data_type_string
github_username_argument.description = ("The username used to "
"authenticate with GitHub.")
github_username_argument.required_on_create = True
# ----------------------------------------------------------------------
github_access_token_argument = Argument("github_access_token")
github_access_token_argument.data_type = Argument.data_type_string
github_access_token_argument.description = (
"The access token used to"
" authenticate with GitHub."
" Used in place of a"
" password.")
github_access_token_argument.required_on_create = True
# ----------------------------------------------------------------------
github_organization_argument = Argument("github_organization")
github_organization_argument.data_type = Argument.data_type_string
github_organization_argument.description = (
"The GitHub organization to"
" use for scraping stats.")
github_organization_argument.required_on_create = True
# ----------------------------------------------------------------------
scheme.add_argument(github_username_argument)
scheme.add_argument(github_access_token_argument)
scheme.add_argument(github_organization_argument)
return scheme
def create_scheme(self):
scheme = Scheme("MongoDB Collection Stats")
scheme.description = "Fetch collection statistics from MongoDB hosts"
database_argument = Argument("database")
database_argument.title = "Database"
database_argument.data_type = Argument.data_type_string
database_argument.description = "name of the MongoDB database to run commands against"
database_argument.required_on_create = True
scheme.add_argument(database_argument)
collections_argument = Argument("collections")
collections_argument.title = "Database collections"
collections_argument.data_type = Argument.data_type_string
collections_argument.description = "Space-separated names of the collections to fetch stats for"
collections_argument.required_on_create = True
scheme.add_argument(collections_argument)
return scheme
def get_scheme(self):
scheme = Scheme("NDBC Observations Search")
scheme.description = "Streams observation events from nearby NDBC stations."
scheme.use_external_validation = True
latitude_argument = Argument("latitude")
latitude_argument.title = "Latitude"
latitude_argument.data_type = Argument.data_type_number
latitude_argument.description = "Latitude of the center of the search area"
latitude_argument.required_on_create = True
scheme.add_argument(latitude_argument)
longitude_argument = Argument("longitude")
longitude_argument.title = "Longitude"
longitude_argument.data_type = Argument.data_type_number
longitude_argument.description = "Longitude of the center of the search area"
longitude_argument.required_on_create = True
scheme.add_argument(longitude_argument)
radius_argument = Argument("radius")
radius_argument.title = "Radius"
radius_argument.data_type = Argument.data_type_number
radius_argument.description = "Radius in miles of the search area"
radius_argument.required_on_create = True
scheme.add_argument(radius_argument)
return scheme
def get_scheme(self):
scheme = Scheme("NDBC Active Stations")
scheme.description = "Fetches list of active NDBC stations."
scheme.use_external_validation = True
return scheme
def create_scheme(self):
scheme = Scheme("MongoDB Logs")
scheme.description = "Collect logs from MongoDB hosts"
scheme.use_single_instance = True
return scheme
def get_scheme(self):
scheme = Scheme("Azure Monitor Metrics")
scheme.description = "Streams events from Azure resources via Azure Monitor REST API."
scheme.use_external_validation = True
scheme.use_single_instance = False
arg2 = Argument("SPNTenantID")
arg2.data_type = Argument.data_type_string
arg2.required_on_create = True
arg2.required_on_edit = True
scheme.add_argument(arg2)
arg3 = Argument("SPNApplicationId")
arg3.data_type = Argument.data_type_string
arg3.required_on_create = True
arg3.required_on_edit = True
scheme.add_argument(arg3)
arg4 = Argument("SPNApplicationKey")
arg4.data_type = Argument.data_type_string
arg4.required_on_create = True
arg4.required_on_edit = True
scheme.add_argument(arg4)
arg1 = Argument("SubscriptionId")
arg1.data_type = Argument.data_type_string
arg1.required_on_create = True
arg1.required_on_edit = True
scheme.add_argument(arg1)
arg5 = Argument("vaultName")
arg5.data_type = Argument.data_type_string
arg5.required_on_create = True
arg5.required_on_edit = True
scheme.add_argument(arg5)
arg6 = Argument("secretName")
arg6.data_type = Argument.data_type_string
arg6.required_on_create = True
arg6.required_on_edit = True
scheme.add_argument(arg6)
arg7 = Argument("secretVersion")
arg7.data_type = Argument.data_type_string
arg7.required_on_create = True
arg7.required_on_edit = True
scheme.add_argument(arg7)
return scheme
def create_scheme(self):
scheme = Scheme("MongoDB Logs")
scheme.description = "Collect logs from MongoDB hosts"
scheme.use_single_instance = True
return scheme
def get_scheme(self):
# Returns scheme.
scheme = Scheme("Duplicity Backup")
scheme.description = "Runs a Splunk backup"
arg = Argument("target_url")
arg.data_type = Argument.data_type_string
arg.description = "Backup destination"
arg.required_on_create = False
scheme.add_argument(arg)
arg = Argument("full_if_older_than")
arg.data_type = Argument.data_type_string
arg.description = "Max time between full backups"
arg.required_on_create = False
scheme.add_argument(arg)
arg = Argument("extra_duplicity_args")
arg.data_type = Argument.data_type_string
arg.description = "Additional arguments to pass to duplicity"
arg.required_on_create = False
scheme.add_argument(arg)
arg = Argument("whitelist")
arg.data_type = Argument.data_type_string
arg.description = "Duplicity whitelist"
arg.required_on_create = False
scheme.add_argument(arg)
arg = Argument("blacklist")
arg.data_type = Argument.data_type_string
arg.description = "Duplicity blacklist"
arg.required_on_create = False
scheme.add_argument(arg)
return scheme
def get_scheme(self):
scheme = Scheme("NDBC Active Stations")
scheme.description = "Fetches list of active NDBC stations."
scheme.use_external_validation = True
return scheme