TA issue to fix for Splunk Cloud certification

[traceflow]

Hi,

I submitted a request to Splunk to certify the app for Splunk Cloud. However, it failed for the following reason:

[failure] Check that lookups/ contains only approved file types (.csv, .csv.default, .csv.gz, >.csv.tgz, .kmz) or files formatted as valid csv. • This file is not an approved file type and is not formatted as valid csv. Details: The number ?>of columns in row 2 (5 columns) does not match the number of columns in the csv's header (7 >columns). The header is considered row 1. Please edit/remove this lookup. File: >lookups/README File: lookups/README

Could you fix this issue and let me know when a new version is uploaded on Splunk Base so I can resubmit to Splunk for certification?

Documentation to assist here: http://dev.splunk.com/view/appinspect/SP-CAAAE9U

Thanks

[traceflow]

Turns out they checked the wrong version. They will run 2.0.0 through the certification.

[remg427]

Thank you for your support. Version 2.0.0 has been refactored using TA builder add-on and should pass the validation

By the way do you also use Splunk analyzer with cortex?

Le 27 août 2019 19:21:18 GMT+02:00, tr4cefl0w notifications@github.com a écrit :

Turns out they checked the wrong version. They will run 2.0.0 through the certification.

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/remg427/TA-thehive/issues/18#issuecomment-525400299

-- Sent with K-9 Mail.

[remg427]

Hello, I have worked a bit on that issue If you have time, have a look at TA-thehive-ce.tar.gz this one should be OK. Don't ask for vetting process yet as I am waiting for feedback first and I still need to update splunklib with latest version 1.6.11

[traceflow]

Unfortunately I can't have it deployed on Splunk Cloud without it being vetted first. I'll wait until you updated Splunklib then I'll submit it. Keep me posted.

[remg427]

Hello, it is published app 4819 I did appinspect with cloud tag and received no failures and few warnings that should be ok. The only capability that power user requires is list_password_storage Rémi

[traceflow]

Thanks! I'll have it deployed on Splunk Cloud and test it, then update the issue.

[traceflow]

The app cannot be installed on Splunk Cloud due to the following issue:

Insecure http calls in python. In bin/ta_thehive_ce/modalert_thehive_ce_alert_helper.py, line 403, thehive_url is from lookup table and can be configured for insecure http calls, which is not allowed in Splunk Cloud. Please validate the url to make sure it starts with 'https://' before sending the request.

I forked the repository hoping to quickly fix it and submit a pull request but I cannot find the file nor the variable in any of the branches.

Can you fix it and upload a new version to Splunk Base so I can submit it for vetting again and test everything?

Thanks!

[remg427]

I have fixed it on version 1.0.1 (and turned repository public)