diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst index 189d1be..cd7bb1d 100644 --- a/docs/releasenotes.rst +++ b/docs/releasenotes.rst @@ -1,6 +1,12 @@ Release notes ############# +Version 1.1.7 +============= + +- Splunk UCC, SDK and other librairies refresh to very last versions +- Switch http.status_code verification from an explicit list of 2* codes to allow any 2* code, this change is to allow a workaround using Power Automate Flow to allow the deprecation of message cards by Microsoft. + Version 1.1.6 ============= diff --git a/globalConfig.json b/globalConfig.json index 1fcf1bd..0360d17 100644 --- a/globalConfig.json +++ b/globalConfig.json @@ -99,41 +99,7 @@ "title": "Proxy" }, { - "name": "logging", - "entity": [ - { - "type": "singleSelect", - "label": "Log level", - "options": { - "disableSearch": true, - "autoCompleteFields": [ - { - "value": "DEBUG", - "label": "DEBUG" - }, - { - "value": "INFO", - "label": "INFO" - }, - { - "value": "WARNING", - "label": "WARNING" - }, - { - "value": "ERROR", - "label": "ERROR" - }, - { - "value": "CRITICAL", - "label": "CRITICAL" - } - ] - }, - "defaultValue": "INFO", - "field": "loglevel" - } - ], - "title": "Logging" + "type": "loggingTab" }, { "name": "additional_parameters", @@ -199,7 +165,7 @@ "name": "ms_teams_publish_to_channel", "label": "MS teams publish to channel", "description": "Publish a message to a Microsoft Teams channel", - "activeResponse": { + "adaptiveResponse": { "task": [ "Create", "Update", @@ -223,9 +189,16 @@ } ], "drilldownUri": "search?q=search%20index%3D_internal%20OR%20index%3Dcim_modaction%20sourcetype%3Dta:msteams:alert:log&earliest=0&latest=", - "sourcetype": "ta:msteams:alert:log" + "sourcetype": "ta:msteams:alert:log", + "supportsCloud": true }, "entity": [ + { + "type": "checkbox", + "label": "Does use new webhook?", + "help": "Use new MS workflow webhook", + "field": "alert_ms_teams_new_webhook" + }, { "type": "text", "label": "Override default Webhook URL:", @@ -407,9 +380,9 @@ "meta": { "name": "TA-ms-teams-alert-action", "restRoot": "ta_ms_teams_alert_action", - "version": "1.1.6", + "version": "1.1.7", "displayName": "MS Teams alert action", - "schemaVersion": "0.0.3", - "_uccVersion": "5.39.1" + "schemaVersion": "0.0.7", + "_uccVersion": "5.48.2" } } diff --git a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py index e85dfd6..ae35bd6 100644 --- a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py +++ b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py @@ -179,6 +179,39 @@ def process_event(helper, *args, **kwargs): # data facts data_json_facts = '"facts": [\n' + data_json_attachments = ( + '"type": "exampleType",\n' + + '"attachments": [\n' + + " {\n" + + ' "contentType": "application/vnd.microsoft.card.adaptive",\n' + + ' "content": {\n' + + ' "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",\n' + + ' "type": "AdaptiveCard",\n' + + ' "version": "1.2",\n' + + ' "body": [\n' + + " {\n" + + ' "type": "TextBlock",\n' + + ' "size": "Medium",\n' + + ' "weight": "Bolder",\n' + + ' "text": "' + + alert_ms_teams_activity_title + + '"\n' + + " },\n" + + " {\n" + + ' "type": "TextBlock",\n' + + ' "text": "",\n' + + ' "wrap": true\n' + + " },\n" + + " {\n" + + ' "type": "FactSet",\n' + + ' "facts": [\n' + ) + + # Set to use new MS webhook + alert_ms_teams_new_webhook = helper.get_param("alert_ms_teams_new_webhook") == "1" + helper.log_info( + f"Use new MS workflow Webhook. Value is {alert_ms_teams_new_webhook}." + ) # Fields ordering in the message publication, defaults to alphabetical ordering alert_ms_teams_fields_order = helper.get_param("alert_ms_teams_fields_order") @@ -268,18 +301,32 @@ def process_event(helper, *args, **kwargs): if count != 0: data_json_facts = data_json_facts + "," + data_json_attachments = data_json_attachments + "," key = checkstr(key) value = checkstr(value) data_json_facts = data_json_facts + "{\n" data_json_facts = data_json_facts + '"name": "' + key + '",\n' data_json_facts = data_json_facts + '"value": "' + value + '"\n' data_json_facts = data_json_facts + "}\n" + # Add attachments new webhook + data_json_attachments += "{\n" + data_json_attachments += '"title": "' + key + ':",\n' + data_json_attachments += '"value": "' + value + '"\n' + data_json_attachments += "}\n" count += 1 # helper.log_debug("count={}".format(count)) + data_json_attachments += " ]\n" + data_json_attachments += " }\n" + data_json_attachments += " ]\n" + data_json_attachments += " }\n" + data_json_attachments += " }\n" + data_json_attachments += "]" + data_json_facts = data_json_facts + "]," - data_json = data_json + data_json_facts + if not (alert_ms_teams_new_webhook): + data_json = data_json + data_json_facts # MS teams action, this is optional @@ -361,6 +408,9 @@ def process_event(helper, *args, **kwargs): # terminate the sections pattern data_json = data_json + "\n" + '"markdown": false' + "\n" + "}]" + if alert_ms_teams_new_webhook: + data_json = data_json + ",\n" + data_json_attachments + # Actions statuses has_action1 = False has_action2 = False @@ -569,7 +619,7 @@ def process_event(helper, *args, **kwargs): use_proxy=opt_use_proxy, ) # No http exception, but http post was not successful - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "Microsoft Teams publish to channel has failed!. " @@ -613,7 +663,7 @@ def process_event(helper, *args, **kwargs): response = requests.post( record_url, headers=headers, data=record, verify=False ) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore saving has failed!. url={}, data={}, HTTP Error={}, " "content={}".format( @@ -668,7 +718,7 @@ def process_event(helper, *args, **kwargs): response = requests.post( record_url, headers=headers, data=record, verify=False ) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore saving has failed!. url={}, data={}, HTTP Error={}, " "content={}".format( diff --git a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py index 33c0206..fbcdb94 100755 --- a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py +++ b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py @@ -134,7 +134,7 @@ def process_event(helper, *args, **kwargs): ) # No http exception, but http post was not successful - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "Microsoft Teams publish to channel has failed!. " "url={}, data={}, HTTP Error={}, HTTP Reason={}, HTTP content={}".format( @@ -181,7 +181,7 @@ def process_event(helper, *args, **kwargs): response = requests.post( record_url, headers=headers, data=record, verify=False ) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore saving has failed!. url={}, data={}, HTTP Error={}, " "content={}".format( @@ -213,7 +213,7 @@ def process_event(helper, *args, **kwargs): # Splunk Cloud vetting note, this communication is a localhost communication to splunkd # and does not have to be verified response = requests.delete(record_url, headers=headers, verify=False) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore delete operation has failed!. url={}, HTTP Error={}, " "content={}".format( @@ -265,7 +265,7 @@ def process_event(helper, *args, **kwargs): response = requests.post( record_url, headers=headers, data=record, verify=False ) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore saving has failed!. url={}, data={}, HTTP Error={}, " "content={}".format( @@ -314,7 +314,7 @@ def process_event(helper, *args, **kwargs): # Splunk Cloud vetting note, this communication is a localhost communication to splunkd and # does not have to be verified response = requests.post(record_url, headers=headers, data=record, verify=False) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore saving has failed!. url={}, data={}, HTTP Error={}, " "content={}".format( @@ -352,7 +352,7 @@ def process_event(helper, *args, **kwargs): # Splunk Cloud vetting note, this communication is a localhost communication to splunkd and # does not have to be verified response = requests.delete(record_url, headers=headers, verify=False) - if response.status_code not in (200, 201, 204): + if not (200 <= response.status_code < 300): helper.log_error( "KVstore delete operation has failed!. url={}, HTTP Error={}, " "content={}".format(record_url, response.status_code, response.text) diff --git a/package/default/alert_actions.conf b/package/default/alert_actions.conf index 65cd9f7..10dd28c 100644 --- a/package/default/alert_actions.conf +++ b/package/default/alert_actions.conf @@ -5,6 +5,7 @@ param._cam = {"task": ["Create", "Update", "Communicate"], "subject": ["incident python.version = python3 is_custom = 1 payload_format = json +param.alert_ms_teams_new_webhook = false param.alert_ms_teams_url = param.alert_ms_teams_activity_title = param.alert_ms_teams_fields_list = diff --git a/package/default/data/ui/alerts/ms_teams_publish_to_channel.html b/package/default/data/ui/alerts/ms_teams_publish_to_channel.html index 0422d02..af9e8e5 100644 --- a/package/default/data/ui/alerts/ms_teams_publish_to_channel.html +++ b/package/default/data/ui/alerts/ms_teams_publish_to_channel.html @@ -1,4 +1,22 @@
+
+ +
+ + + If you want to use new MS workflow webhook, check this + +
+