From 6d0b8719920bad8525781ec25b279a164ac0fa18 Mon Sep 17 00:00:00 2001
From: Doug Erkkila <derkkila@users.noreply.github.com>
Date: Tue, 20 Sep 2022 14:09:06 -0400
Subject: [PATCH 1/4] Update appinspect_api.yml

Updated action name and supported versions
---
 .github/workflows/appinspect_api.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/appinspect_api.yml b/.github/workflows/appinspect_api.yml
index cd12212..2053040 100644
--- a/.github/workflows/appinspect_api.yml
+++ b/.github/workflows/appinspect_api.yml
@@ -51,11 +51,11 @@ jobs:
               env:
                   GHR_PATH: ./dist/github_app_for_splunk.spl
                   GITHUB_TOKEN: ${{ secrets.API_TOKEN }}
-            - name: Hello world action step
+            - name: Publish App to Splunkbase
               uses: ./.github/actions/appinspect_publish # Uses an action in the root directory
               with:
                 APP_ID: '5596'
                 APP_FILE: './dist/github_app_for_splunk.spl'
                 SPLUNK_USERNAME: ${{ secrets.SPLUNKBASE_USER }}
                 SPLUNK_PASSWORD: ${{ secrets.SPLUNKBASE_PASSWORD }}
-                SPLUNK_VERSION: '8.0,8.1'
+                SPLUNK_VERSION: '8.0,8.1,8.2,9.0'

From 98d1372fcd08898e03f5705007253250c53b62ff Mon Sep 17 00:00:00 2001
From: Doug Erkkila <derkkila@users.noreply.github.com>
Date: Tue, 20 Sep 2022 14:09:36 -0400
Subject: [PATCH 2/4] Update action.yml

Updated example version numbers
---
 .github/actions/appinspect_publish/action.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/actions/appinspect_publish/action.yml b/.github/actions/appinspect_publish/action.yml
index 7644449..ea0b2f4 100644
--- a/.github/actions/appinspect_publish/action.yml
+++ b/.github/actions/appinspect_publish/action.yml
@@ -15,7 +15,7 @@ inputs:
     description: 'The name of the file, for example "my_package.tar.gz".'
     required: true
   SPLUNK_VERSION:
-    description: 'The Splunk version(s) that the release is compatible with. For example, "6.7,7.0".'
+    description: 'The Splunk version(s) that the release is compatible with. For example, "8.0,8.1,8.2".'
     required: true
   VISIBILITY:
     description: 'true = The release is to be visible upon package validation success. false = if the release is to be hidden.'
@@ -27,4 +27,4 @@ inputs:
     default: ''
 runs:
   using: 'docker'
-  image: 'Dockerfile'
\ No newline at end of file
+  image: 'Dockerfile'

From 45b0b1e950aa94cddef197fa51f7bc5870f971dc Mon Sep 17 00:00:00 2001
From: Doug Erkkila <derkkila@users.noreply.github.com>
Date: Wed, 9 Nov 2022 10:54:41 -0500
Subject: [PATCH 3/4] Update default.meta

add sc_admin to write access for Splunk Cloud users and export all elements to system
---
 github_app_for_splunk/metadata/default.meta | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/github_app_for_splunk/metadata/default.meta b/github_app_for_splunk/metadata/default.meta
index b408019..1c8f783 100644
--- a/github_app_for_splunk/metadata/default.meta
+++ b/github_app_for_splunk/metadata/default.meta
@@ -2,7 +2,8 @@
 # Application-level permissions
 
 []
-access = read : [ * ], write : [ admin, power ]
+access = read : [ * ], write : [ admin, sc_admin, power ]
+export = system
 
 ### EVENT TYPES
 

From a27ba04ba476c080f444722d1a37f8622708fd15 Mon Sep 17 00:00:00 2001
From: Doug Erkkila <derkkila@users.noreply.github.com>
Date: Thu, 17 Nov 2022 09:54:41 -0500
Subject: [PATCH 4/4] Update savedsearches.conf

Disable lookup generation by default
---
 github_app_for_splunk/default/savedsearches.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/github_app_for_splunk/default/savedsearches.conf b/github_app_for_splunk/default/savedsearches.conf
index e91a7af..5b79f2f 100644
--- a/github_app_for_splunk/default/savedsearches.conf
+++ b/github_app_for_splunk/default/savedsearches.conf
@@ -139,6 +139,7 @@ action.send2uba.param.verbose = 0
 action.threat_add.param.verbose = 0
 alert.track = 0
 cron_schedule = 0 6 * * *
+disabled = 1
 description = This search will generate a lookup about the access to devsecops environment and write it to a lookup file
 dispatch.earliest_time = -30d@d
 dispatch.latest_time = now

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/splunk/github_app_for_splunk/compare/v1.2.4...v1.2.5.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/splunk/github_app_for_splunk/compare/v1.2.4...v1.2.5.patch" target="_blank">pFad Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/splunk/github_app_for_splunk/compare/v1.2.4...v1.2.5.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/splunk/github_app_for_splunk/compare/v1.2.4...v1.2.5.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>