Bulk load security events into Splunk

[duncancasemore]

Summary

1. As a security administrator
2. I want to bulk load security events from Applaud into Splunk
3. so that Splunk can alert me to security issues

Acceptance Criteria

1. I can see 'Security events' as a model in the "New instances in batch" trigger
2. Any fields available? Eg, event type = password reset?
3. I can audit these into splunk

Wireframes and mockups

N/A

Notes

• See here for original API https://github.com/ApplaudSolutions/applaud-cloud/issues/2516. Need to check integration user has access
• Here's Splunk - we may want to spin up a trial: https://www.splunk.com/
• Plan to publish the recipe in a library once done and document

Developer Testing

Requestor: leave this section blank Developer: complete this section during commit/pull request

Positive testing:

Add all the things that you have checked whilst completing this story here, it should be written in a non-technical way, and a lot of this can probably be taken from the acceptance criteria, here are two different examples:

• I checked that the language of the page changed to Spanish when I selected Spanish in the language dropdown
• I checked that the list filtered correctly when I added an isBefore date filter on list block

Negative testing:

Here you list the things you have checked where your code needs to show an error, handle unusual/bad input/config gracefully, or may impact separate features that use or depend on the same code. Pause and think -- they may not be obvious! Examples:

• I checked that there was no "Select language" dropdown option when there is only one language configured
• I checked that a nice error is shown when a language is selected, but the page isn't translated into that language yet
• I checked that my list filter code changes didn't cause problems when filters are used in other places like ACLs, workflow if/then, and select list filters
• I checked that in list filters, I can only select a date type property for the "Value" field, when the "Property" field is a date type property

e2e test links and description:

• http://www.Link-to-Ghost-inspector-test.com - and paste the test description here
• http://www.Link-to-another-Ghost-inspector-test.com - and paste the test description here

[duncancasemore]

@uiguru you and I to groom

[Ritesh717]

Unable to access /api/security-events with api keys. Raised a git https://github.com/ApplaudSolutions/applaud-cloud/issues/3939 in cloud board.