From b6f054300e8c575bf66bd6fcc6d11c865cb524cb Mon Sep 17 00:00:00 2001
From: minix <minix@localhost>
Date: Mon, 15 Jul 2024 09:24:13 +0700
Subject: [PATCH 1/5] Add new MS Workflow Webhook

---
 globalConfig.json                             | 51 +++++--------------
 ...lert_ms_teams_publish_to_channel_helper.py | 50 +++++++++++++++++-
 package/default/alert_actions.conf            |  1 +
 .../alerts/ms_teams_publish_to_channel.html   | 18 +++++++
 4 files changed, 79 insertions(+), 41 deletions(-)

diff --git a/globalConfig.json b/globalConfig.json
index 1fcf1bd..2829426 100644
--- a/globalConfig.json
+++ b/globalConfig.json
@@ -99,41 +99,7 @@
                     "title": "Proxy"
                 },
                 {
-                    "name": "logging",
-                    "entity": [
-                        {
-                            "type": "singleSelect",
-                            "label": "Log level",
-                            "options": {
-                                "disableSearch": true,
-                                "autoCompleteFields": [
-                                    {
-                                        "value": "DEBUG",
-                                        "label": "DEBUG"
-                                    },
-                                    {
-                                        "value": "INFO",
-                                        "label": "INFO"
-                                    },
-                                    {
-                                        "value": "WARNING",
-                                        "label": "WARNING"
-                                    },
-                                    {
-                                        "value": "ERROR",
-                                        "label": "ERROR"
-                                    },
-                                    {
-                                        "value": "CRITICAL",
-                                        "label": "CRITICAL"
-                                    }
-                                ]
-                            },
-                            "defaultValue": "INFO",
-                            "field": "loglevel"
-                        }
-                    ],
-                    "title": "Logging"
+                    "type": "loggingTab"
                 },
                 {
                     "name": "additional_parameters",
@@ -199,7 +165,7 @@
             "name": "ms_teams_publish_to_channel",
             "label": "MS teams publish to channel",
             "description": "Publish a message to a Microsoft Teams channel",
-            "activeResponse": {
+            "adaptiveResponse": {
                 "task": [
                     "Create",
                     "Update",
@@ -223,9 +189,16 @@
                     }
                 ],
                 "drilldownUri": "search?q=search%20index%3D_internal%20OR%20index%3Dcim_modaction%20sourcetype%3Dta:msteams:alert:log&earliest=0&latest=",
-                "sourcetype": "ta:msteams:alert:log"
+                "sourcetype": "ta:msteams:alert:log",
+                "supportsCloud": true
             },
             "entity": [
+                {
+                    "type": "checkbox",
+                    "label": "Does use new webhook?",
+                    "help": "Use new MS workflow webhook",
+                    "field": "alert_ms_teams_new_webhook"
+                },
                 {
                     "type": "text",
                     "label": "Override default Webhook URL:",
@@ -409,7 +382,7 @@
         "restRoot": "ta_ms_teams_alert_action",
         "version": "1.1.6",
         "displayName": "MS Teams alert action",
-        "schemaVersion": "0.0.3",
-        "_uccVersion": "5.39.1"
+        "schemaVersion": "0.0.7",
+        "_uccVersion": "5.48.0"
     }
 }
diff --git a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py
index e85dfd6..a0a2967 100644
--- a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py
+++ b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py
@@ -179,6 +179,35 @@ def process_event(helper, *args, **kwargs):
 
     # data facts
     data_json_facts = '"facts": [\n'
+    data_json_attachments = (
+        '"type": "exampleType",\n'
+        + '"attachments": [\n'
+        + '    {\n'
+        + '        "contentType": "application/vnd.microsoft.card.adaptive",\n'
+        + '        "content": {\n'
+        + '            "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",\n'
+        + '            "type": "AdaptiveCard",\n'
+        + '            "version": "1.2",\n'
+        + '            "body": [\n'
+        + '                {\n'
+        + '                    "type": "TextBlock",\n'
+        + '                    "size": "Medium",\n'
+        + '                    "weight": "Bolder",\n'
+        + '                    "text": "' + alert_ms_teams_activity_title + '"\n'
+        + '                },\n'
+        + '                {\n'
+        + '                    "type": "TextBlock",\n'
+        + '                    "text": "",\n'
+        + '                    "wrap": true\n'
+        + '                },\n'
+        + '                {\n'
+        + '                    "type": "FactSet",\n'
+        + '                    "facts": [\n'
+    )
+
+    # Set to use new MS webhook
+    alert_ms_teams_new_webhook = helper.get_param("alert_ms_teams_new_webhook") == "1"
+    helper.log_info(f"Use new MS workflow Webhook. Value is {alert_ms_teams_new_webhook}.")
 
     # Fields ordering in the message publication, defaults to alphabetical ordering
     alert_ms_teams_fields_order = helper.get_param("alert_ms_teams_fields_order")
@@ -268,18 +297,32 @@ def process_event(helper, *args, **kwargs):
 
                     if count != 0:
                         data_json_facts = data_json_facts + ","
+                        data_json_attachments = data_json_attachments + ","
                     key = checkstr(key)
                     value = checkstr(value)
                     data_json_facts = data_json_facts + "{\n"
                     data_json_facts = data_json_facts + '"name": "' + key + '",\n'
                     data_json_facts = data_json_facts + '"value": "' + value + '"\n'
                     data_json_facts = data_json_facts + "}\n"
+                    # Add attachments new webhook
+                    data_json_attachments += '{\n'
+                    data_json_attachments += '"title": "' + key + ':",\n'
+                    data_json_attachments += '"value": "' + value + '"\n'
+                    data_json_attachments += '}\n'
                     count += 1
                     # helper.log_debug("count={}".format(count))
+            
+            data_json_attachments += '                    ]\n'
+            data_json_attachments += '                }\n'
+            data_json_attachments += '            ]\n'
+            data_json_attachments += '        }\n'
+            data_json_attachments += '    }\n'
+            data_json_attachments += ']'          
 
             data_json_facts = data_json_facts + "],"
 
-            data_json = data_json + data_json_facts
+            if not (alert_ms_teams_new_webhook):
+                data_json = data_json + data_json_facts
 
             # MS teams action, this is optional
 
@@ -361,6 +404,9 @@ def process_event(helper, *args, **kwargs):
             # terminate the sections pattern
             data_json = data_json + "\n" + '"markdown": false' + "\n" + "}]"
 
+            if(alert_ms_teams_new_webhook):
+                data_json = data_json + ",\n" + data_json_attachments
+
             # Actions statuses
             has_action1 = False
             has_action2 = False
@@ -569,7 +615,7 @@ def process_event(helper, *args, **kwargs):
                     use_proxy=opt_use_proxy,
                 )
                 # No http exception, but http post was not successful
-                if response.status_code not in (200, 201, 204):
+                if response.status_code not in (200, 201, 202, 204):
 
                     helper.log_error(
                         "Microsoft Teams publish to channel has failed!. "
diff --git a/package/default/alert_actions.conf b/package/default/alert_actions.conf
index 65cd9f7..10dd28c 100644
--- a/package/default/alert_actions.conf
+++ b/package/default/alert_actions.conf
@@ -5,6 +5,7 @@ param._cam = {"task": ["Create", "Update", "Communicate"], "subject": ["incident
 python.version = python3
 is_custom = 1
 payload_format = json
+param.alert_ms_teams_new_webhook = false
 param.alert_ms_teams_url = 
 param.alert_ms_teams_activity_title = 
 param.alert_ms_teams_fields_list = 
diff --git a/package/default/data/ui/alerts/ms_teams_publish_to_channel.html b/package/default/data/ui/alerts/ms_teams_publish_to_channel.html
index 0422d02..af9e8e5 100644
--- a/package/default/data/ui/alerts/ms_teams_publish_to_channel.html
+++ b/package/default/data/ui/alerts/ms_teams_publish_to_channel.html
@@ -1,4 +1,22 @@
 <form class="form-horizontal form-complex">
+  <div class="control-group">
+    <label
+      class="control-label"
+      for="ms_teams_publish_to_channel_alert_ms_teams_new_webhook"
+      >Check if use new webhook
+    </label>
+    <div class="controls">
+      <input
+        type="checkbox"
+        name="action.ms_teams_publish_to_channel.param.alert_ms_teams_new_webhook"
+        id="ms_teams_publish_to_channel_alert_ms_teams_new_webhook"
+        value="true"
+      />
+      <span class="help-block">
+        If you want to use new MS workflow webhook, check this
+      </span>
+    </div>
+  </div>
   <div class="control-group">
     <label
       class="control-label"

From d503bf8f07cd79c770f3d8a2833d6d4ed74a5a11 Mon Sep 17 00:00:00 2001
From: Guilhem Marchand <guilhem.marchand@gmail.com>
Date: Fri, 4 Oct 2024 12:15:04 +0100
Subject: [PATCH 2/5] init 1.1.7

---
 globalConfig.json | 47 +++++++----------------------------------------
 version.json      |  2 +-
 2 files changed, 8 insertions(+), 41 deletions(-)

diff --git a/globalConfig.json b/globalConfig.json
index 1fcf1bd..12c039b 100644
--- a/globalConfig.json
+++ b/globalConfig.json
@@ -99,41 +99,7 @@
                     "title": "Proxy"
                 },
                 {
-                    "name": "logging",
-                    "entity": [
-                        {
-                            "type": "singleSelect",
-                            "label": "Log level",
-                            "options": {
-                                "disableSearch": true,
-                                "autoCompleteFields": [
-                                    {
-                                        "value": "DEBUG",
-                                        "label": "DEBUG"
-                                    },
-                                    {
-                                        "value": "INFO",
-                                        "label": "INFO"
-                                    },
-                                    {
-                                        "value": "WARNING",
-                                        "label": "WARNING"
-                                    },
-                                    {
-                                        "value": "ERROR",
-                                        "label": "ERROR"
-                                    },
-                                    {
-                                        "value": "CRITICAL",
-                                        "label": "CRITICAL"
-                                    }
-                                ]
-                            },
-                            "defaultValue": "INFO",
-                            "field": "loglevel"
-                        }
-                    ],
-                    "title": "Logging"
+                    "type": "loggingTab"
                 },
                 {
                     "name": "additional_parameters",
@@ -199,7 +165,7 @@
             "name": "ms_teams_publish_to_channel",
             "label": "MS teams publish to channel",
             "description": "Publish a message to a Microsoft Teams channel",
-            "activeResponse": {
+            "adaptiveResponse": {
                 "task": [
                     "Create",
                     "Update",
@@ -223,7 +189,8 @@
                     }
                 ],
                 "drilldownUri": "search?q=search%20index%3D_internal%20OR%20index%3Dcim_modaction%20sourcetype%3Dta:msteams:alert:log&earliest=0&latest=",
-                "sourcetype": "ta:msteams:alert:log"
+                "sourcetype": "ta:msteams:alert:log",
+                "supportsCloud": true
             },
             "entity": [
                 {
@@ -407,9 +374,9 @@
     "meta": {
         "name": "TA-ms-teams-alert-action",
         "restRoot": "ta_ms_teams_alert_action",
-        "version": "1.1.6",
+        "version": "1.1.7",
         "displayName": "MS Teams alert action",
-        "schemaVersion": "0.0.3",
-        "_uccVersion": "5.39.1"
+        "schemaVersion": "0.0.7",
+        "_uccVersion": "5.48.2"
     }
 }
diff --git a/version.json b/version.json
index 80261f9..acb8db0 100644
--- a/version.json
+++ b/version.json
@@ -1,4 +1,4 @@
 {
-  "version": "1.1.6",
+  "version": "1.1.7",
   "appID": "TA-ms-teams-alert-action"
 }

From d363a7870ad3378a1688d1ddb28969429e6a7529 Mon Sep 17 00:00:00 2001
From: Guilhem Marchand <guilhem.marchand@gmail.com>
Date: Fri, 4 Oct 2024 12:21:49 +0100
Subject: [PATCH 3/5] Version 1.1.7 - Splunk UCC, SDK and other librairies
 refresh to very last versions - Switch http.status_code verification from an
 explicit list of 2* codes to allow any 2* code, this change is to allow a
 workaround using Power Automate Flow to allow the deprecation of message
 cards by Microsoft.

---
 docs/releasenotes.rst                                |  6 ++++++
 .../modalert_ms_teams_publish_to_channel_helper.py   |  6 +++---
 ...lert_ms_teams_publish_to_channel_replay_helper.py | 12 ++++++------
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index 189d1be..cd7bb1d 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -1,6 +1,12 @@
 Release notes
 #############
 
+Version 1.1.7
+=============
+
+- Splunk UCC, SDK and other librairies refresh to very last versions
+- Switch http.status_code verification from an explicit list of 2* codes to allow any 2* code, this change is to allow a workaround using Power Automate Flow to allow the deprecation of message cards by Microsoft.
+
 Version 1.1.6
 =============
 
diff --git a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py
index e85dfd6..e1adb7e 100644
--- a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py
+++ b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_helper.py
@@ -569,7 +569,7 @@ def process_event(helper, *args, **kwargs):
                     use_proxy=opt_use_proxy,
                 )
                 # No http exception, but http post was not successful
-                if response.status_code not in (200, 201, 204):
+                if not (200 <= response.status_code < 300):
 
                     helper.log_error(
                         "Microsoft Teams publish to channel has failed!. "
@@ -613,7 +613,7 @@ def process_event(helper, *args, **kwargs):
                     response = requests.post(
                         record_url, headers=headers, data=record, verify=False
                     )
-                    if response.status_code not in (200, 201, 204):
+                    if not (200 <= response.status_code < 300):
                         helper.log_error(
                             "KVstore saving has failed!. url={}, data={}, HTTP Error={}, "
                             "content={}".format(
@@ -668,7 +668,7 @@ def process_event(helper, *args, **kwargs):
                 response = requests.post(
                     record_url, headers=headers, data=record, verify=False
                 )
-                if response.status_code not in (200, 201, 204):
+                if not (200 <= response.status_code < 300):
                     helper.log_error(
                         "KVstore saving has failed!. url={}, data={}, HTTP Error={}, "
                         "content={}".format(
diff --git a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py
index 33c0206..fbcdb94 100755
--- a/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py
+++ b/package/bin/ta_ms_teams_alert_action/modalert_ms_teams_publish_to_channel_replay_helper.py
@@ -134,7 +134,7 @@ def process_event(helper, *args, **kwargs):
             )
 
             # No http exception, but http post was not successful
-            if response.status_code not in (200, 201, 204):
+            if not (200 <= response.status_code < 300):
                 helper.log_error(
                     "Microsoft Teams publish to channel has failed!. "
                     "url={}, data={}, HTTP Error={}, HTTP Reason={}, HTTP content={}".format(
@@ -181,7 +181,7 @@ def process_event(helper, *args, **kwargs):
                 response = requests.post(
                     record_url, headers=headers, data=record, verify=False
                 )
-                if response.status_code not in (200, 201, 204):
+                if not (200 <= response.status_code < 300):
                     helper.log_error(
                         "KVstore saving has failed!. url={}, data={}, HTTP Error={}, "
                         "content={}".format(
@@ -213,7 +213,7 @@ def process_event(helper, *args, **kwargs):
                 # Splunk Cloud vetting note, this communication is a localhost communication to splunkd
                 # and does not have to be verified
                 response = requests.delete(record_url, headers=headers, verify=False)
-                if response.status_code not in (200, 201, 204):
+                if not (200 <= response.status_code < 300):
                     helper.log_error(
                         "KVstore delete operation has failed!. url={}, HTTP Error={}, "
                         "content={}".format(
@@ -265,7 +265,7 @@ def process_event(helper, *args, **kwargs):
             response = requests.post(
                 record_url, headers=headers, data=record, verify=False
             )
-            if response.status_code not in (200, 201, 204):
+            if not (200 <= response.status_code < 300):
                 helper.log_error(
                     "KVstore saving has failed!. url={}, data={}, HTTP Error={}, "
                     "content={}".format(
@@ -314,7 +314,7 @@ def process_event(helper, *args, **kwargs):
         # Splunk Cloud vetting note, this communication is a localhost communication to splunkd and
         # does not have to be verified
         response = requests.post(record_url, headers=headers, data=record, verify=False)
-        if response.status_code not in (200, 201, 204):
+        if not (200 <= response.status_code < 300):
             helper.log_error(
                 "KVstore saving has failed!. url={}, data={}, HTTP Error={}, "
                 "content={}".format(
@@ -352,7 +352,7 @@ def process_event(helper, *args, **kwargs):
         # Splunk Cloud vetting note, this communication is a localhost communication to splunkd and
         # does not have to be verified
         response = requests.delete(record_url, headers=headers, verify=False)
-        if response.status_code not in (200, 201, 204):
+        if not (200 <= response.status_code < 300):
             helper.log_error(
                 "KVstore delete operation has failed!. url={}, HTTP Error={}, "
                 "content={}".format(record_url, response.status_code, response.text)

From e99cbcb6169148cc7dd243fdeb5ec97f5fd9b38e Mon Sep 17 00:00:00 2001
From: Guilhem Marchand <guilhem.marchand@gmail.com>
Date: Fri, 4 Oct 2024 12:39:20 +0100
Subject: [PATCH 4/5] fix requirements

---
 package/lib/requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/lib/requirements.txt b/package/lib/requirements.txt
index 3d39428..cc167bb 100644
--- a/package/lib/requirements.txt
+++ b/package/lib/requirements.txt
@@ -1 +1,2 @@
-splunktaucclib>=6.2.0
\ No newline at end of file
+splunktaucclib>=6.2.0
+requests>=2.32.3
\ No newline at end of file

From c6893a68fcdcce123e790e3d94b8021e9ac7b3c7 Mon Sep 17 00:00:00 2001
From: Guilhem Marchand <guilhem.marchand@gmail.com>
Date: Fri, 4 Oct 2024 12:41:10 +0100
Subject: [PATCH 5/5] fix requirements

---
 package/lib/requirements.txt | 3 +--
 requirements.txt             | 3 ++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/lib/requirements.txt b/package/lib/requirements.txt
index cc167bb..3d39428 100644
--- a/package/lib/requirements.txt
+++ b/package/lib/requirements.txt
@@ -1,2 +1 @@
-splunktaucclib>=6.2.0
-requests>=2.32.3
\ No newline at end of file
+splunktaucclib>=6.2.0
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index f4e50e7..d5be3d3 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,2 @@
-splunk-add-on-ucc-framework>=5.44.0
\ No newline at end of file
+splunk-add-on-ucc-framework>=5.44.0
+requests>=2.32.3
\ No newline at end of file