Merge pull request #15 from ZachChristensen28/devel

Version 1.0.1
splunk · Dec 20, 2022 · dffa3ff · dffa3ff
2 parents e5a65ae + 2856f22
commit dffa3ff
Show file tree

Hide file tree

Showing 9 changed files with 86 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -27,17 +27,11 @@ Full documentation can be found at [https://splunk-sa-sentinelone.ztsplunker.com
 
 Info | Description
 ------|----------
-SA-SentinelOneDevices | 1.0.0 - [Splunkbase](https://splunkbase.splunk.com/app/6612) \| [GitHub](https://github.com/ZachChristensen28/SA-SentinelOneDevices)
+SA-SentinelOneDevices | 1.0.1 - [Splunkbase](https://splunkbase.splunk.com/app/6612) \| [GitHub](https://github.com/ZachChristensen28/SA-SentinelOneDevices)
 Splunk Enterprise Security Version (Required) | [7.x \| 6.x](https://splunkbase.splunk.com/app/263)
 SentinelOne App For Splunk (Required) | [5.1.x](https://splunkbase.splunk.com/app/5433)
 Add-on has a web UI | No, this add-on does not contain views.
 
-```text
-Version 1.0.0
-
-- Initial creation
-```
-
 ## Issues or Feature Requests
 
 Please open an issue or feature request on [GitHub](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues).
diff --git a/docs/index.md b/docs/index.md
@@ -33,8 +33,8 @@ This documentation assumes the following:
 ## About
 
 Info | Description
-------|----------
-SA-SentinelOneDevices | 1.0.0 | [Splunkbase](https://splunkbase.splunk.com/app/6612) \| [GitHub](https://github.com/ZachChristensen28/SA-SentinelOneDevices)
+------ | ----------
+SA-SentinelOneDevices | 1.0.1 - [Splunkbase](https://splunkbase.splunk.com/app/6612) \| [GitHub](https://github.com/ZachChristensen28/SA-SentinelOneDevices/releases/tag/v1.0.1)
 Splunk Enterprise Security Version <small>(Required)</small> | [7.x \| 6.x](https://splunkbase.splunk.com/app/263)
 SentinelOne App For Splunk <small>(Required)</small> | [5.1.x](https://splunkbase.splunk.com/app/5433)
 

diff --git a/docs/quickstart/quickstart.md b/docs/quickstart/quickstart.md
@@ -24,6 +24,25 @@ Macro | Default | Description
 
 !!! note "Update the index definition to the correct index that contains the `sentinelone:channel:agents` sourcetype."
 
+Perform **_one_** of the following:
+
+1. <small>(recommended)</small> Update via Splunk ES [General Settings](#es-general-settings).
+1. Update via [Macro Definition](#macro-definition).
+
+#### ES General Settings
+
+<small>option 1 (recommended option)</small>
+
+1. <small>(In Splunk Enterprise Security)</small> Navigate to Configure > General > General Settings.
+1. From the "App" dropdown select `SA-SentinelOneDevices`.
+1. Update the SA-SentinelOneDevices Index definition and click "Save."
+
+---
+
+#### Macro Definition
+
+<small>option 2</small>
+
 1. Navigate to Settings > Advanced Search > Search Macros.
 1. From the "App" dropdown choose `SA-SentinelOneDevices`.
 1. Set the "Owner" dropdown to `any`.

diff --git a/docs/releases/index.md b/docs/releases/index.md
@@ -1,6 +1,6 @@
 # Release notes
 
-## [v1.0.0 <small>September 30, 2022</small>](https://github.com/ZachChristensen28/SA-SentinelOneDevices/releases/tag/v1.0.0)
+## [v1.0.1 <small>December 20, 2022</small>](https://github.com/ZachChristensen28/SA-SentinelOneDevices/releases/tag/v1.0.1)
 
 ### Compatibility
 
@@ -10,8 +10,17 @@ Splunk platform versions | 9.x, 8.x
 Splunk Enterprise Security version | [7.x, 6.x](https://splunkbase.splunk.com/app/263)
 SentinelOne App For Splunk | [5.1.x](https://splunkbase.splunk.com/app/5433)
 
-- Initial Creation
+### What's Changed
+
+- Added managed configurations for ES - [#5](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues/5)
+- Added managed settings for ES
+
+**Full Changelog**: [v1.0.0...v1.0.1](https://github.com/ZachChristensen28/SA-SentinelOneDevices/compare/v1.0.0...v1.0.1)
 
 ## Known issues
 
-This version of the SA-SentinelOneDevices add-on for Splunk has the following known issues. If no issues appear here, no issues have been reported. Issues can be reported on the [SA-SentinelOneDevices's GitHub page](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues).
+Issue | Description | Solution | GitHub issue reference
+----- | ----------- | -------- | ----------------------
+Lookup file error | You may see the error `status="Lookup file error, unknown path or update time" name=sa_aws_assets` | This error exists since the KVstore is being used opposed to a csv file and does not interfere with the functionality of lookup creation. | Issue [#4](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues/4)
+
+Issues can be reported on the [SA-SentinelOneDevices's GitHub page](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues).
diff --git a/docs/releases/release-history.md b/docs/releases/release-history.md
@@ -1,10 +1,21 @@
 # Release history
 
-## v0.0.1 <small>Date</small>
+## [v1.0.0 <small>September 30, 2022</small>](https://github.com/ZachChristensen28/SA-SentinelOneDevices/releases/tag/v1.0.0)
 
 ### Compatibility
 
 Product | Version
 --------- | -------
 Splunk platform versions | 9.x, 8.x
 Splunk Enterprise Security version | [7.x, 6.x](https://splunkbase.splunk.com/app/263)
+SentinelOne App For Splunk | [5.1.x](https://splunkbase.splunk.com/app/5433)
+
+- Initial Creation
+
+### Known issues
+
+Issue | Description | Solution | GitHub issue reference
+----- | ----------- | -------- | ----------------------
+Lookup file error | You may see the error `status="Lookup file error, unknown path or update time" name=sa_aws_assets` | This error exists since the KVstore is being used opposed to a csv file and does not interfere with the functionality of lookup creation. | Issue [#4](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues/4)
+
+Issues can be reported on the [SA-SentinelOneDevices's GitHub page](https://github.com/ZachChristensen28/SA-SentinelOneDevices/issues).
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -104,4 +104,4 @@ nav:
           - Asset Merge: troubleshooting/solution-guides/asset-merge.md
   - Release Notes:
       - Release Notes: releases/index.md
-  #     - Release History: releases/release-history.md
+      - Release History: releases/release-history.md
diff --git a/src/SA-SentinelOneDevices/app.manifest b/src/SA-SentinelOneDevices/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "SA-SentinelOneDevices",
-      "version": "1.0.0"
+      "version": "1.0.1"
     },
     "author": [
       {
@@ -27,14 +27,14 @@
     },
     "commonInformationModels": null,
     "license": {
-      "name": null,
+      "name": "MIT License",
       "text": null,
-      "uri": null
+      "uri": "https://opensource.org/licenses/MIT"
     },
     "privacyPolicy": {
-      "name": null,
+      "name": "Splunk Privacy Policy",
       "text": null,
-      "uri": null
+      "uri": "https://www.splunk.com/en_us/legal/privacy/privacy-policy.html"
     },
     "releaseNotes": {
       "name": "README",

diff --git a/src/SA-SentinelOneDevices/default/app.conf b/src/SA-SentinelOneDevices/default/app.conf
@@ -4,19 +4,22 @@
 # into ../local and edit there.
 
 [install]
-state_change_requires_restart = true
+state_change_requires_restart = false
 is_configured = false
 state = enabled
-build = 2
+build = 5
 
 [launcher]
 author  = ZachTheSplunker
 description = The SA-SentinelOneDevices add-on allows Splunk Enterprise Security admins to use SentinelOne device data with the Asset Database.
-version = 1.0.0
+version = 1.0.1
 
 [ui]
 is_visible = 0
 label      = SA-SentinelOneDevices
 
 [package]
 id = SA-SentinelOneDevices
+
+[triggers]
+reload.managed_configurations = simple
diff --git a/src/SA-SentinelOneDevices/default/managed_configurations.conf b/src/SA-SentinelOneDevices/default/managed_configurations.conf
@@ -0,0 +1,28 @@
+# DO NOT EDIT THIS FILE!
+# Please make all changes to files in ../local.
+# To make changes, copy the section/stanza you want to change from ./default
+# into ../local and edit there.
+
+[lookup:sentinelone_devices]
+description = Device information generated from SA-SentinelOne Devices.
+editable = true
+endpoint = /services/data/transforms/lookups/sentinelone_devices
+label = SentinelOne Devices Lookup - Gen
+lookup_type = search
+savedsearch = SentinelOne Devices Lookup - Gen
+
+[setting:sa_sentinelone_index]
+endpoint = /services/admin/macros/sa_sentinelone_index
+label = SA-SentinelOneDevices index
+description = Configure SA-SentinelOneDevices index definition for the Asset Database.
+attribute = definition
+attribute_type = string
+link = [/manager/$@namespace$/data/macros/sa_sentinelone_index?action=edit|Edit in manager]
+
+[setting:sa_sentinelone_retention]
+endpoint = /services/admin/macros/sa_sentinelone_retention
+label = SA-SentinelOneDevices Retention
+description = Amount of time before a device is removed from the Asset Database.
+attribute = definition
+attribute_type = string
+link = [/manager/$@namespace$/data/macros/sa_sentinelone_retention?action=edit|Edit in manager]