LetMeR00t
commented
1 year ago Hi, I'll take a review at your issue and keep you posted as soon as possible. Thank you
Closed Bamfax closed 11 months ago
LetMeR00t
commented
1 year ago Hi, I'll take a review at your issue and keep you posted as soon as possible. Thank you
Bamfax
commented
1 year ago Hi LmR,
thanks for looking at it. Also for the app, which is a great help and the feature enrichments with v3.
LetMeR00t
commented
11 months ago Hi @Bamfax, I've removed the escape lines from my code in the v3.0.4. I hope it will help you. I've made some tests on it and it seems that we can have different behavior between using a description from the savedsearch itself and the one from a row of the event.
I took the example in the issue you mentionned. Here are the results:
1) Using the description from the savedsearch itself (so parameter set to "$description$")
2) Using the description provided in the row of the events (so parameter set to "description")
There is less escape in the first example, which should be better. I can't do more on that as it's the internal way of working of Splunk.
LetMeR00t
commented
11 months ago Hello, A fix was provided in the next release published today on Splunkbase. Cloud vet need to be provided by Splunk but if you're having an on-premise instance, you can already install the latest version. I'll close this issue as I consider it should be fixed. If you have any other issue, please raise a new issue. Thank you
Request Type
Bug
Work Environment
Problem Description
TA-thehive-cortex v3.0.2 has the same behavior as v2 on the newline sequences \r \n, making it difficult to get these sequences across unmodified in a alert description, if part of a string.
Removing the replace() sequence like in the fix for issue #34 would allow to get these sequences across unmodified.
Many thanks in advance.