feat!: sdkify splunk

.gitignore

@@ -0,0 +1,3 @@
+splunk.tgz
+__pycache__/
+*.egg-info/

.pre-commit-config.yaml

@@ -8,13 +8,13 @@ default_stages: [pre-commit]
 # This is a template for connector pre-commit hooks
 repos:
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v4.2.0
+    rev: v4.1.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
         args: [--verbose]
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v6.0.0
+    rev: v5.0.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
@@ -27,7 +27,7 @@ repos:
       - id: check-json
       - id: check-yaml
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.13.0
+    rev: v0.11.7
     hooks:
       - id: ruff
         args: [ "--fix", "--unsafe-fixes"] # Allow unsafe fixes (ruff pretty strict about what it can fix)
@@ -48,9 +48,10 @@ repos:
       - id: mdformat
         exclude: "release_notes/.*"
   - repo: https://github.com/returntocorp/semgrep
-    rev: v1.89.0
+    rev: v1.136.0
     hooks:
       - id: semgrep
+        additional_dependencies: ["setuptools==81.0.0"]
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.5.0
     hooks:
@@ -60,7 +61,7 @@ repos:
         exclude: "README.md"
   # Central hooks
   - repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v2.0.5
+    rev: v2.1.0
     hooks:
       - id: build-docs
         language: python
@@ -70,9 +71,6 @@ repos:
         language: python
         additional_dependencies: ["local-hooks"]
         args: ['.']
-      - id: package-app-dependencies
-        language: python
-        additional_dependencies: ["local-hooks"]
       - id: notice-file
         language: python
         additional_dependencies: ["local-hooks"]

LICENSE

@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright (c) 2016-2025 Splunk Inc.
+   Copyright (c) Splunk Inc.
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

NOTICE

@@ -1,12 +1,3 @@
-Splunk SOAR App: Splunk
-Copyright (c) 2016-2025 Splunk Inc.
+Splunk SOAR App: splunk
+Copyright (c) 2016-2026 Splunk Inc.
 Third Party Software Attributions:
-
-@@@@============================================================================
-
-Library: splunk-sdk - 2.1.0
-Homepage: http://github.com/splunk/splunk-sdk-python
-License: Apache Software License
-License Text:
-
-Please navigate to http://github.com/splunk/splunk-sdk-python to obtain a copy of the license.

manual_readme_content.md

@@ -168,14 +168,29 @@ For sending events to Splunk Platform, the User configured in the asset would re
 
 - Use the integer status field to set custom status values (e.g., 1 for 'New', 2 for 'In Progress', etc.). Similarly, use the integer disposition field for custom disposition values (e.g., 0 for 'Undetermined').
 
+## Make Request
+
+- This action allows executing arbitrary Splunk REST API calls using the asset's configured
+  credentials and connection settings.
+
+- The **endpoint** parameter is appended to the base URL derived from the asset's device and port
+  (e.g., `https://<device>:<port>/`). Do not include the base URL in the endpoint parameter.
+  Example: `services/search/jobs`, `services/server/info`
+
+- The **verify_ssl** parameter defaults to the asset's **Verify Server Certificate** setting if
+  not explicitly provided.
+
+- Authentication uses the asset's API token (Bearer) or username/password, consistent with all
+  other actions in this app.
+
 ## On Poll
 
 - There are two approaches to polling as mentioned below.
 
   - POLL NOW (Manual polling)
 
     - It will fetch the data every time as per the corresponding asset configuration
-      parameters. It doesn’t store the last run context of the fetched data.
+      parameters. It doesn't store the last run context of the fetched data.
 
   - Scheduled/Interval Polling
 
@@ -281,9 +296,9 @@ There can exist more such characters apart from the ones listed above.
 The app uses HTTP/ HTTPS protocol for communicating with the Splunk server. Below are the default
 ports used by Splunk SOAR.
 
-|         SERVICE NAME | TRANSPORT PROTOCOL | PORT |
+| SERVICE NAME | TRANSPORT PROTOCOL | PORT |
 |----------------------|--------------------|------|
-|         http | tcp | 80 |
-|         https | tcp | 443 |
+| http | tcp | 80 |
+| https | tcp | 443 |
 
 8089 is the default port used by Splunk Server.

pyproject.toml

@@ -1,79 +1,135 @@
-# Ruff linting
+[project]
+name = "splunk"
+version = "3.0.5"
+description = "This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions"
+license = "Copyright (c) 2016-2026 Splunk Inc."
+requires-python = ">=3.13, <3.15"
+authors = []
+dependencies = [
+    "splunk-sdk>=2.1.1",
+    "splunk-soar-sdk>=3.20.1",
+    "beautifulsoup4>=4.12.0",
+    "python-dateutil>=2.9.0",
+    "requests>=2.33.0",
+    "xmltodict>=0.13.0",
+]
+
+
+[tool.soar.app]
+main_module = "src.app:app"
+
+### YOU SHOULD NOT NEED TO TOUCH ANYTHING BELOW THIS LINE ###
+
+[dependency-groups]
+dev = [
+    "coverage>=7.6.7,<8",
+    "mypy>=1.2.0,<2",
+    "pre-commit>=4.2.0,<5",
+    "pytest>=7.4.2,<8",
+    "pytest-mock>=3.14.0,<4",
+    "pytest-watch>=4.2.0,<5",
+    "ruff>=0.11.6,<1",
+]
+
+[[tool.uv.index]]
+url = "https://pypi.python.org/simple"
+
+[tool.uv]
+environments = [
+    "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.13'",
+    "sys_platform == 'linux' and platform_machine == 'aarch64' and python_version == '3.13'",
+    "sys_platform == 'darwin' and platform_machine == 'x86_64' and python_version == '3.13'",
+    "sys_platform == 'darwin' and platform_machine == 'arm64' and python_version == '3.13'",
+    "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.14'",
+    "sys_platform == 'linux' and platform_machine == 'aarch64' and python_version == '3.14'",
+    "sys_platform == 'darwin' and platform_machine == 'x86_64' and python_version == '3.14'",
+    "sys_platform == 'darwin' and platform_machine == 'arm64' and python_version == '3.14'",
+]
+required-environments = [
+    "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.13'",
+    "sys_platform == 'linux' and platform_machine == 'x86_64' and python_version == '3.14'",
+]
+
 [tool.ruff]
-line-length = 145
-target-version = "py39"
+output-format = "full"
+fix = true
+target-version = "py313"
 
 [tool.ruff.lint]
-select = [ # Auto-fixable rules only
-    "I",    # isort
-    "UP",   # pyupgrade
-    "F401", # unused imports
-    "RUF"   # ruff rules
+select = [
+    "ERA",
+    "YTT",
+    "S",
+    "B",
+    "A",
+    "DTZ",
+    "T10",
+    "ISC",
+    "PT",
+    "SIM",
+    "PTH",
+    "E",
+    "F",
+    "W",
+    "PL",
+    "UP",
+    "RUF",
 ]
-
 ignore = [
-    "RUF012", # Not auto-fixable (remove eventually)
-    "RUF001" # Not auto-fixable (remove eventually)
+    "E402",
+    "E501",
+    "PT006",
+    "PT007",
+    "PTH123",
+    "PLR",
 ]
 
-[tool.ruff.lint.per-file-ignores]
-"__init__.py" = ["F401", "UP035"]  # __init__.py file exceptions
+dummy-variable-rgx = "^(_+|(_+[a-zA-Z0-9_]*[a-zA-Z0-9]+?))$"
 
-# Keep complexity below 28
-[tool.ruff.lint.mccabe]
-max-complexity = 28
+[tool.ruff.lint.per-file-ignores]
+"tests/**/*" = [
+    "ANN",
+    "S",
+]
+"src/**/*" = [
+    "PT",
+]
 
-[tool.ruff.lint.isort]
-combine-as-imports = true
-lines-after-imports = 2
+[tool.ruff.lint.pyupgrade]
+keep-runtime-typing = true
 
 [tool.ruff.format]
-quote-style = "double"
-indent-style = "space"
-skip-magic-trailing-comma = false
-line-ending = "auto"
+docstring-code-format = true
 
-# HTML linting
 [tool.djlint]
 profile = "django"
 extension = "html"
 indent = 2
-
-# Auto-fixable rules only
 include = "H008,H009,H010,H014,H024,H026,H033,T028,T034"
-
-# Ignore troublesome rules that aren't auto-fixable or causing issues
 ignore = "D004,D018,H005,H006,H007,H011,H012,H013,H015,H016,H017,H019,H020,H021,H022,H023,H025,H029,H030,H031,H035,H036,H037,J004,J018,T001,T002,T003,T027,T032"
 
-# Markdown linting
 [tool.mdformat]
 wrap = true
 number = true
 
-# Semgrep configuration
 [tool.semgrep]
 config = [
-    "p/python", # Built-in Python rules
-    "semgrep", # Look for our other rules
-    "r/typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml" # TypeScript React security rule
+    "p/python",
+    "semgrep",
+    "r/typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml",
 ]
 ignore-patterns = [
-    "node_modules/",
-    "build/",
     "dist/",
     "vendor/",
     "env/",
     ".env/",
     "venv/",
     ".venv/",
-    ".tox/",
-    "*.min.js",
     "test/",
     "tests/",
-    "*_test.go",
     ".semgrep",
     "wheels/",
     ".html",
-    "*.md",
-    "*.svg"
+    ".md",
+    ".svg",
 ]

release_notes/unreleased.md

@@ -1 +1,5 @@
 **Unreleased**
+
+* Migrated app to Splunk SOAR SDK
+* Modernized app, structure, and dependencies
+* Universal api make request action