Skip to content

Commit 10b3b76

Browse files
derkkila-splunkderkkila-splunk
authored
Merge pull request #41 from felickz/main
Advanced Security Overview - Fix broken DrillDown deeplink to security alerts
2 parents bdb8ba7 + a7eb461 commit 10b3b76

File tree

1 file changed

+6
-7
lines changed

1 file changed

+6
-7
lines changed

github_app_for_splunk/default/data/ui/views/security_alert_overview.xml

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,9 @@
44
<query>
55
index=gh_vuln OR (`github_webhooks` alert.created_at=*)
66
| eval type=case((eventtype="GitHub::CodeScanning"), "Code Scanning Alert", (eventtype="GitHub::VulnerabilityAlert"), "Dependabot Alert", (eventtype="GitHub::SecretScanning"), "Secret Scanning Alert")
7-
| eval reason=case((type="Dependabot Alert"),'alert.affected_package_name',(type="Code Scanning Alert"), 'alert.rule.name', (type="Secret Scanning Alert"), 'alert.secret_type'), id=case((type="Dependabot Alert"),'alert.external_identifier',(type="Code Scanning Alert"), 'alert.rule.id', (type="Secret Scanning Alert"), 'alert.number'), severity=case((type="Dependabot Alert"),'alert.severity',(type="Code Scanning Alert"), 'alert.rule.security_severity_level', (type="Secret Scanning Alert"), "high")
8-
| stats latest(action) as status, earliest(alert.created_at) as created_at, latest(alert.number) as number by repository.full_name, reason, id, type, severity
7+
| eval url=case((eventtype="GitHub::CodeScanning"), 'alert.html_url', (eventtype="GitHub::VulnerabilityAlert"), 'repository.html_url'+"/security/dependabot/"+'alert.number', (eventtype="GitHub::SecretScanning"), 'alert.html_url')
8+
| eval reason=case((type="Dependabot Alert"),'alert.affected_package_name',(type="Code Scanning Alert"), 'alert.rule.name', (type="Secret Scanning Alert"), 'alert.secret_type'), id=case((type="Dependabot Alert"),'alert.external_identifier',(type="Code Scanning Alert"), 'alert.rule.id', (type="Secret Scanning Alert"), 'alert.number'), severity=case((type="Dependabot Alert"),'alert.severity',(type="Code Scanning Alert"), 'alert.rule.security_severity_level', (type="Secret Scanning Alert"), "high"), repository = 'repository.full_name'
9+
| stats latest(action) as status, earliest(alert.created_at) as created_at, latest(alert.number) as number by repository, reason, id, type, severity, url
910
| eval source=type
1011
| eval age = toString(round(now() - strptime(created_at, "%Y-%m-%dT%H:%M:%S")),"Duration")
1112
| search severity IN("*") status IN("*") type IN("*")
@@ -88,7 +89,7 @@
8889
<title>Open Alerts By Repository</title>
8990
<chart>
9091
<search base="baseSearch">
91-
<query>| search status IN("create","created") | stats count by repository.full_name</query>
92+
<query>| search status IN("create","created") | stats count by repository</query>
9293
</search>
9394
<option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option>
9495
<option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option>
@@ -239,11 +240,9 @@
239240
<search base="baseSearch">
240241
<query>|search severity IN($severityTkn$) status IN($statusTkn$) type IN($typeTkn$) | sort -age</query>
241242
</search>
242-
<fields>repository.full_name, reason, id, type,severity,status, created_at, age</fields>
243+
<fields>repository, reason, id, type,severity,status, created_at, age</fields>
243244
<drilldown target="_blank">
244-
<link>
245-
https://github.com/$row.repository.full_name|n$/security/$row.source$/$row.number$
246-
</link>
245+
<link>$row.url|n$</link>
247246
</drilldown>
248247
<option name="count">20</option>
249248
<option name="dataOverlayMode">none</option>

0 commit comments

Comments
 (0)