MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'pr-8835' into develop

composer_fix
Sami Mokaddem 2023-03-10 08:41:22 +01:00
parent f96abece4f 82b01aae15
commit 7155b9afe2
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/Model/WorkflowModules/action/Module_splunk_hec_export.php
View File

@ -43,6 +43,14 @@ class Module_splunk_hec_export extends Module_webhook
'type' => 'input',
'placeholder' => '00000000-0000-0000-000000000000'
],
[
'id' => 'source_type',
'label' => __('Source Type'),
'type' => 'select',
'type' => 'input',
'default' => '',
'placeholder' => 'misp:event'
],
[
'id' => 'event_per_attribute',
'label' => __('Create one Splunk Event per Attribute'),
@ -110,10 +118,10 @@ class Module_splunk_hec_export extends Module_webhook
$splunk_events = $extracted_events;
}
return $this->sendToSplunk($splunk_events, $params['hec_token']['value'], $params['url']['value']);
return $this->sendToSplunk($splunk_events, $params['hec_token']['value'], $params['url']['value'], $params['source_type']['value']);
}
protected function sendToSplunk(array $splunk_events, $token, $url): bool
protected function sendToSplunk(array $splunk_events, $token, $url, $source_type): bool
{
foreach ($splunk_events as $splunk_event) {
try {
@ -123,12 +131,20 @@ class Module_splunk_hec_export extends Module_webhook
$serverConfig = [
'Server' => ['self_signed' => empty($params['verify_tls']['value'])]
];
$hec_event = [
'event' => $splunk_event
];
if (!empty($source_type)) {
$hec_event['sourcetype'] = $source_type;
}
$response = $this->doRequest(
$url,
'json',
$splunk_event,
$hec_event,
$headers,
$serverConfig,
$serverConfig
);
if (!$response->isOk()) {
if ($response->code === 403 || $response->code === 401) {