Email object and Email Activity updates. Deprecate Email URL Activity and Email File Activity. #1259
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
…favor of an updated email_activity class. Updated the email object to include domains, files, urls arrays. Updated the email_activity class to add the message_trace_uid ID. Updated the email_activity class to use the references[] for the Trace activity_id instead of the description URL. Updated the email_activity class description to reflect its SMTP protocol and the possible URLs and files attachments. Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
pagbabian-splunk
requested review from
floydtree,
Aniak5,
mikeradka,
zschmerber,
jonrau-at-queryai and
davemcatcisco
as code owners
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
…on to fail!! Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
…ed an at_least_one constraint on all the to and from attributes. Not all email logs have the 'to' and 'from' but must have at least those or 'smtp_to' and 'smtp_from' in the log. Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
davemcatcisco
requested changes
Nov 21, 2024
Aniak5
reviewed
Nov 22, 2024
Aniak5
reviewed
Nov 22, 2024
Aniak5
reviewed
Nov 22, 2024
|
Good suggestions all - I will update and convert from DRAFT. |
…ific usage.` for the domain and domains attributes in the dictionary. Added another references[] to the dictionary definition of message_trace_uid. Updated O365 to Office 365 in email.json Trace references[] to be consistent. Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
pagbabian-splunk
added
network_activity
Aniak5
reviewed
Nov 26, 2024
…ns seen in the email rather than senders or receivers. Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
Signed-off-by: Paul Agbabian <pagbabian@splunk.com>
mikeradka
approved these changes
Dec 2, 2024
jonrau-at-queryai
approved these changes
Dec 2, 2024
floydtree
approved these changes
Dec 2, 2024
davemcatcisco
approved these changes
Dec 3, 2024
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue: N/A
Description of changes:
Added
domainsfilesurlsandmessage_trace_uidto the dictionary for use with theemailobject andemail_activityclass.Deprecated the two other classes in favor of a single
email_activityclass where theemailobject can also hold files domains and urls.