REST API reference for the Upgrade Readiness App
Use the REST API to run scans programmatically on your Splunk platform instance.
Endpoints that contain jura apply only to jQuery scans.
Authentication and authorization
To use this REST API, you must have write permissions to the Upgrade Readiness App.
/services/pura_app_list
https://<host>:<mPort>/services/pura_app_list?type={scan_type}
Lists the apps for a user by the scan type
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
GET
Fetches the list of apps for a user by the scan type.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"name": <folder_name_of_apps>,
"label": <user_friendly_name_of_app>,
"type": <type_of_app>,
"link": <link_of_app_on_splunkbase>,
"version": <version_of_app>,
"app_path": <path_of_installed_application>"
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_app_list?type=splunkbase -X GET
Response
{
"name":"conf_editor",
"label":"Conf Editor",
"type":"Splunkbase-Dual",
"link":"https://splunkbase.splunk.com/app/5393/",
"visible":"ENABLED",
"version":"0.1.1",
"app_path":"/opt/splunk/etc/apps/conf_editor"
}
/services/pura_dismiss_app
https://<host>:<mPort>/services/pura_dismiss_app
Dismisses an application path.
Usage details
To use this endpoint, a previous scan must be available for this user.
POST
Writes an entry for a specified app path in the KV store for the user and updates the JSON report accordingly.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app | String | Required. Folder name of the app containing the file path you want to dismiss. |
| app_path | String | Required. The absolute app path in which the file is present. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_dismiss_file -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private"}' -X POST
Response
{
"success": true,
"message": "App: conf_editor_private successfully registered for dismissing the app for user: admin on host: so1. The periodic notification would skip this dismissed app."
}
/services/pura_export_report
https://<host>:<mPort>/services/pura_export_report?ID={scan_ID}&format={file_format}&app_name={app_name}&app_path={app_path}
Fetches a JSON or CSV report for a given scan_ID and app_path.
Usage details
To use this endpoint, a previous scan result must be available, and you must know its scan_ID and app_path.
GET
Fetches the JSON or CSV report for a previous scan, given a scan_ID.
Request parameters
| Name | Type | Description |
|---|---|---|
| ID | String | Required. The scan ID of a completed scan run by this user. |
| format | String | Required. The format of the report. |
| app_name | String | Required. Name of the app (folder name). |
| app_path | String | Required. The absolute path of the installed app. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"apps": [ <list_of_apps> ],
"summary": { <dict_of_summary_of_scan> },
"scan_ID": <ID_of_the_scan_report>
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and JSON response
Request
curl -k -u username:password https://localhost:8089/services/pura_export_report?ID=admin_1615290732&format=JSON&app_name="conf_editor_private"&app_path="/opt/splunk/etc/apps/conf_editor_private" -X GET
Response
{
"apps": [
{
"name": "conf_editor_private",
"label": "Conf Editor Private",
"version": "1.0.0",
"app_path": "/opt/splunk/etc/apps/conf_editor_private",
"summary": {
"Passed": 2,
"Blocker": 0,
"Warning": 1,
"Skipped": 0,
"type": "Private App",
"app_link": "",
"dismiss_app": 1,
"dismiss_app_date": "1614862371",
"Status": "WARNING"
},
"checks": [
{
"name": "Python in custom Mako templates",
"result": "PASSED",
"messages": [
],
"required_action": "None"
},
{
"description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
"name": "Python scripts",
"result": "WARNING",
"messages": [
{
"message_filename": "/opt/splunk/etc/apps/conf_editor_private/bin/report.py",
"code": [
"@@ -2,6 +2,7 @@\n import sys\n import requests\n import datetime\n+from io import open\n \n if __name__ == \"__main__\":\n if len(sys.argv) > 1 and sys.argv[1] == \"--execute\":"
],
"result": "warning",
"message_line": null,
"dismissed": 0,
"message": "@@ -2,6 +2,7 @@\n import sys\n import requests\n import datetime\n+from io import open\n \n if __name__ == \"__main__\":\n if len(sys.argv) > 1 and sys.argv[1] == \"--execute\":\nFile: /opt/splunk/etc/apps/abuseipdb_0/bin/report.py"
}
],
"required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
},
{
"description": "Splunk Python SDK Check",
"name": "Splunk Python SDK Check",
"result": "PASSED",
"messages": [
],
"required_action": "None"
}
],
"details": "This app is not compatible with Python 3.",
"required_action": "Update this app or uninstall it. If you do nothing, the app will fail."
}
],
"scan_ID": "admin_1615290732"
}
/services/pura_scan_deployment
https://<host>:<mPort>/services/pura_scan_deployment
Triggers a new Python scan of the apps installed on the Splunk platform instance for which you have at least read permission.
Usage details
To use this endpoint, a scan must not be running.
POST
Starts a scan and writes progress in the KV store.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| apps | String | Required. List of apps to scan. Obtain this information from the /pura_app_list/ endpoint. |
| app.name | String | Required. Name of the app (folder_name). |
| app.label | String | Required. User-friendly name of the app. |
| app.type | String | Required. Type of the app. |
| app.link | String | Link to the app on Splunkbase. |
| app.version | String | Version of the app. |
| app.app_path | String | Path of the installed app. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_scan_deployment -H 'Content-Type: application/json' -d '{"apps":[{"name": "conf_editor", "type": "Splunkbase-Dual", "label": "Conf Editor", "link": "https://splunkbase.splunk.com/app/5393/", "version": "0.1.1", "app_path": "/opt/splunk/etc/apps/conf_editor"}]} -X POST
Response
{
"status": true,
"message": "Scan called"
}
/services/jura_scan_deployment
https://<host>:<mPort>/services/jura_scan_deployment
Triggers a new jQuery scan of the apps installed on the Splunk platform instance for which you have at least read permission.
Usage details
To use this endpoint, a scan must not be running.
POST
Starts a scan and writes progress in the KV store.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| apps | String | Required. List of apps to scan. Obtain this information from the /pura_app_list/ endpoint. |
| app.name | String | Required. Name of the app (folder_name). |
| app.label | String | Required. User-friendly name of the app. |
| app.type | String | Required. Type of the app. |
| app.link | String | Link to the app on Splunkbase. |
| app.version | String | Version of the app. |
| app.app_path | String | Path of the installed app. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_scan_deployment -H 'Content-Type: application/json' -d '{"apps":[{"name": "sample_jura_app", "type": "Private App", "label": "Conf Editor", "link": "", "version": "0.1.1", "app_path": "/opt/splunk/etc/apps/sample_jura_app"}]'} -X POST
Response
{
"status": true,
"message": "Scan called"
}
/services/pura_schedule_scan
https://<host>:<mPort>/services/pura_schedule_scan
Schedules a scan at a custom time or at the default time at 1:00 AM daily.
Returns the custom scan details from the KV store if stored.
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
POST
Schedules a scan at the given time interval. By default, if no time is specified, the scan is scheduled for 1:00 AM daily.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| schedule_scan_type | String | Required. Type of scan. Accepted values are custom or default.
|
| day | String | Required. Day interval. For example, 2 runs the scan every 2 days. |
| hours | String | Required. Hours of the time at which the scan is to be run. |
| minutes | String | Required. Minutes of the time at which the scan is to be run. |
| am_pm | String | Required. AM or PM |
| time_offset | String | Required.The offset of the timezone. For example, +5:30. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Scan called"
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_schedule_scan -H 'Content-Type: application/json' -d '{"schedule_scan_type": "default"}' -X POST
Response
{
"status": true,
"message": "Schedule scan details saved"
}
GET
Returns the scan schedule details saved in the KV store.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"user": <user>,
"host": <hostname>,
"day": <day_interval>,
"minutes": <minutes_value_in_time>,
"hours": <hours_value_in_time>,
"am_pm": <am_or_pm>",
"schedule_scan_type": <default_or_custom>,
"timestamp": <timestamp_at_which_details_were_saved>"
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_schedule_scan -X GET
Response
{
"name":"conf_editor",
"user":"admin",
"host":"so1",
"day":"1",
"hours":"12",
"minutes":"22",
"am_pm":"AM"
"schedule_scan_type": "custom",
"timestamp": "1615286051",
"_user": "nobody",
"_key": "60474f23dbe8a80b2d1c22e0"
}
/services/pura_sendemail
https://<host>:<mPort>/services/pura_sendemail
Email a specific app report to the specified email addresses and app.
Usage details
To use this endpoint, you must complete a scan and correctly configure email details.
POST
Sends the app report as an email to the specified email addresses.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app_name | String | Required. Name of the app (folder name). |
| app_path | String | Required. The absolute path to the application. |
| subject | String | Required. The subject of the email. |
| receiver | String | Required. A comma-separated list of email addresses to whom the report is to be mailed. |
| body | String | Required. Body of the email. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Email sent"
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_sendemail -H 'Content-Type: application/json' -d '{"app_name": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "subject": "Subject of the email", "receiver": "email1@email.com, email2@email.com", "body": "Body of the email"}' -X POST
Response
{
"status": true,
"message": "Email sent"
}
/services/pura_read_progress
https://<host>:<mPort>/services/pura_read_progress
Reads current progress for an ongoing or completed Python scan.
Usage details
To use this endpoint, you must be running a scan or have completed a scan.
GET
Reads current progress of an ongoing scan on the instance from the KV store or fetches the previous scan results for the user.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": <status_of_scan>,
"message": <message_related_to_status>,
"progress": <progress_percentage_value>,
"results": { <dict_of_results_for scan> }
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_read_progress -X GET
Response when scan is in progress
{
"message": "1 apps out of 8 scanned. Scanning App: Splunk Add-on Example",
"progress": 12,
"results": {},
"status": "IN_PROGRESS"
}
Response when scan is complete
{
"status": "COMPMLETE",
"progress": 100,
"results": {
"apps": [
{
"name": "conf_editor",
"label": "Conf Editor",
"version": "0.1.1",
"app_path": "/opt/splunk/etc/apps/conf_editor",
"summary": {
"Passed": 0,
"Blocker": 0,
"Warning": 0,
"Skipped": 0,
"Status": "PASSED",
"type": "Splunkbase-Dual",
"app_link": "https://splunkbase.splunk.com/app/5393/",
"dismiss_app": 0,
"dismiss_app_date": ""
},
"details": "This app is compatible with Python 3.",
"required_action": "None",
"checks": [
{
"description": "Splunk Python SDK Check",
"name": "Splunk Python SDK Check",
"result": "success",
"messages": [
]
}
]
}
],
"summary": {
"splunkbase": 1,
"splunk_supported": 0,
"private": 0,
"public_passed": 1,
"public_blocker": 0,
"public_warning": 0,
"public_unknown": 0,
"private_passed": 0,
"private_blocker": 0,
"private_warning": 0,
"private_unknown": 0,
"scan_completion_time": 1615289038
},
"scan_ID": "admin_1615289038"
},
"message": "Deployment scanned successfully for user: admin",
"progress": 100,
"host_name": "so1"
}
/services/jura_read_progress
https://<host>:<mPort>/services/jura_read_progress
Reads current progress for an ongoing or completed jQuery scan.
Usage details
To use this endpoint, you must be running a scan or have completed a scan.
GET
Reads current progress of an ongoing scan on the instance from the KV store or fetches the previous scan results for the user.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": <status_of_scan>,
"message": <message_related_to_status>,
"progress": <progress_percentage_value>,
"results": { <dict_of_results_for scan> }
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_read_progress -X GET
Response when scan is in progress
{
"message": "1 apps out of 8 scanned. Scanning App: Splunk Add-on Example",
"progress": 12,
"results": {},
"status": "IN_PROGRESS"
}
Response when scan is complete
{
"status": "COMPLETE",
"results": {
"summary": {
"scan_completion_time": 1631116022,
"private_dismissed": 0,
"private_passed": 0,
"public_warning": 0,
"splunk_supported": 0,
"public_dismissed": 0,
"splunkbase": 0,
"private_blocker": 1,
"private_warning": 0,
"private_unknown": 0,
"public_passed": 0,
"public_unknown": 0,
"private": 1,
"public_blocker": 0
},
"scan_ID": "splunk-system-user_1631116022",
"apps": [
{
"app_path": "/opt/splunk/etc/apps/sample_jura_app",
"name": "sample_jura_app",
"label": "sample_jura_app",
"version": "1.0.0",
"summary": {
"Skipped": 0,
"type": "Private App",
"dismiss_app": 0,
"app_link": "",
"dismiss_app_date": "",
"Passed": 0,
"Warning": 0,
"Status": "BLOCKER",
"Blocker": 3
},
"checks": [
{
"name": "Splunk dashboard jQuery version check",
"messages": [
{
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml",
"result": "warning",
"message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
"code": "1.0",
"line": null,
"message_line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk dashboard jQuery version check"
},
{
"name": "Splunk jQuery version check",
"messages": [
{
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js",
"result": "warning",
"message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application. Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
"code": "",
"line": null,
"message_line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk jQuery version check"
},
{
"name": "Splunk internal library check",
"messages": [
{
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js",
"result": "warning",
"message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
"code": "",
"line": null,
"message_line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk internal library check"
}
],
"required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
"details": "This app is not compatible with jQuery 3.5."
}
],
"host": "so1"
},
"progress": 100,
"message": "Starting a new scan",
"host_name": "so1"
}
/services/pura_cancel_scan
https://<host>:<mPort>/services/pura_cancel_scan
Cancels an ongoing Python scan for the user on the instance.
Usage details
To use this endpoint, you must be running a scan.
DELETE
Sets a canceled flag for the ongoing scan which restricts the scan from writing further progress in the KV store and allows the thread to return.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": COMPLETE,
"message": <message_for_cancellation>,
"progress": 100
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_cancel_scan -X DELETE
Response
{
"status": "COMPLETE",
"message": "Scan for user: admin on host: localhost cancelled successfully",
"progress": 100
}
/services/jura_cancel_scan
https://<host>:<mPort>/services/jura_cancel_scan
Cancels an ongoing jQuery scan for the user on the instance.
Usage details
To use this endpoint, you must be running a scan.
DELETE
Sets a canceled flag for the ongoing scan which restricts the scan from writing further progress in the KV store and allows the thread to return.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": COMPLETE,
"message": <message_for_cancellation>,
"progress": 100
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_cancel_scan -X DELETE
Response
{
"status": "COMPLETE",
"message": "Scan for user: admin on host: localhost cancelled successfully",
"progress": 100
}
/services/pura_dismiss_file
https://<host>:<mPort>/services/pura_dismiss_file
Dismisses a file path from the scan report and omits it from future scans.
Usage details
To use this endpoint, a previous scan must be available for this user.
POST
Writes an entry for a specified file path in the KV store for a user and updates the JSON report by removing the file path entry.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app | String | Required. Folder name of the app containing the file path you want to dismiss. |
| check | String | Required. The name of the check containing the file path you want to dismiss. |
| file_path | String | Required. The file path you want to dismiss. |
| app_path | String | Required. The absolute app path in which the file is present. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_dismiss_file -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "check": "All Python scripts", "file_path": "/opt/splunk/etc/apps/conf_editor_private/bin/__init__.py", "app_path": "/opt/splunk/etc/apps/conf_editor_private"}' -X POST
Response
{
"message": "File: /opt/splunk/etc/apps/conf_editor_private/bin/__init__.py for check: All Python scripts for app: Conf Editor Private successfully registered for dismissing for user: admin on host: cds.local. The fresh scan results would skip this file.",
"success": true
}
/services/pura_remote_dismiss_app
https://<host>:<mPort>/services/pura_remote_dismiss_app
Dismisses an application path for the merged Python report of local and remote instances.
Usage details
To use this endpoint, a previous scan must be available for this user.
POST
Writes an entry for a specified app path in the KV store for the user and updates the JSON report accordingly.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app | String | Required. Folder name of the app containing the file path you want to dismiss. |
| app_path | String | Required. The absolute app path in which the file is present. |
| remote_Host | String | Required. Hostname in the scan report. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_remote_dismiss_app -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "remote_host": "so1"}' -X POST
Response
{
"message": "App: conf_editor_private successfully registered for dismissing the app for user: admin on host: so1. The periodic notification would skip this dismissed app.",
"success": true
}
/services/jura_remote_dismiss_app
https://<host>:<mPort>/services/jura_remote_dismiss_app
Dismisses an application path for the merged jQuery report of local and remote instances.
Usage details
To use this endpoint, a previous scan must be available for this user.
POST
Writes an entry for a specified app path in the KV store for the user and updates the JSON report accordingly.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app | String | Required. Folder name of the app containing the file path you want to dismiss. |
| app_path | String | Required. The absolute app path in which the file is present. |
| remote_Host | String | Required. Hostname in the scan report. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_remote_dismiss_app -H 'Content-Type: application/json' -d '{"app": "sample_jura_app", "app_path": "/opt/splunk/etc/apps/sample_jura_app", "remote_host": "so1"}' -X POST
Response
{
"success": true,
"message": "App: sample_jura_app successfully registered for dismissing the app on host: so1. The periodic notification would skip this dismissed app."
}
/services/pura_remote_dismiss_file
https://<host>:<mPort>/services/pura_remote_dismiss_file
Dismisses a file path for the merged Python report from local and remote scan report and skips it in future scans.
Usage details
To use this endpoint, a previous scan must be available for this user.
POST
Writes an entry for a specified file path in the KV store for a user and updates the JSON report by removing the file path entry.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app | String | Required. Folder name of the app containing the file path you want to dismiss. |
| check | String | Required. The name of the check containing the file path you want to dismiss. |
| file_path | String | Required. The file path you want to dismiss. |
| app_path | String | Required. The absolute app path in which the file is present. |
| remote_Host | String | Required. Hostname in the scan report. |
| instance | String | Whether the dismissed file is present in local instance, remote instance, or both the instances. Possible values are local, remote, or both. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_remote_dismiss_file -H 'Content-Type: application/json' -d '{"app": "conf_editor_private", "check": "All Python scripts", "file_path": "/opt/splunk/etc/apps/conf_editor_private/bin/__init__.py", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "remote_host": "so1", "instance": "local"}' -X POST
Response
{
"message": "File: /opt/splunk/etc/apps/conf_editor_private/bin/__init__.py for check: All Python scripts for app: Conf Editor Private successfully registered for dismissing for user: admin on host: cds.local. The fresh scan results would skip this file.",
"success": true
}
/services/jura_remote_dismiss_file
https://<host>:<mPort>/services/jura_remote_dismiss_file
Dismisses a file path for the merged jQuery report from local and remote scan report and skips it in future scans.
Usage details
To use this endpoint, a previous scan must be available for this user.
POST
Writes an entry for a specified file path in the KV store for a user and updates the JSON report by removing the file path entry.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app | String | Required. Folder name of the app containing the file path you want to dismiss. |
| check | String | Required. The name of the check containing the file path you want to dismiss. |
| file_path | String | Required. The file path you want to dismiss. |
| app_path | String | Required. The absolute app path in which the file is present. |
| remote_Host | String | Required. Hostname in the scan report. |
| instance | String | Whether the dismissed file is present in local instance, remote instance, or both the instances. Possible values are local, remote, or both. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": <success_message>
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_remote_dismiss_file -H 'Content-Type: application/json' -d '{"app": "sample_jura_app", "check": "Splunk dashboard jQuery version check", "file_path": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml", "app_path": "/opt/splunk/etc/apps/sample_jura_app", "remote_host": "so1", "instance": "local"}' -X POST
Response
{
"success": true,
"message": "File: /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml for check: Splunk dashboard jQuery version check for app: sample_jura_app successfully registered for dismissing on host: so1. The fresh scan results would skip this file."
}
/services/pura_remote_result
https://<host>:<mPort>/services/pura_remote_result
Reads the latest merged Python scan report of the local and remote instances.
Usage details
To use this endpoint, you must have completed a scheduled scan and have a merged scan report.
GET
Reads the latest merged scan report of the local and remote instances.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": <status_of_scan>,
"message": <message_related_to_status>,
"progress": <progress_percentage_value>,
"results": { <dict_of_results_for scan> }
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_remote_result -X GET
Response when scan is completed
{
"status":"COMPLETE",
"results":{
"apps": [
{
"name": "private3",
"label": "private 3",
"version": "3.0.0",
"app_path": "/opt/splunk/etc/apps/private3",
"summary": {
"Passed": 2,
"Blocker": 0,
"Warning": 1,
"Skipped": 0,
"type": "Private App",
"app_link": "",
"dismiss_app": 1,
"dismiss_app_date": "1626329392",
"Status": "DISMISSED"
},
"checks": [
{
"name": "Python in custom Mako templates",
"result": "PASSED",
"messages": [
],
"required_action": "None"
},
{
"description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
"name": "Python scripts",
"result": "WARNING",
"messages": [
{
"message_filename": ".../bin/test.py",
"code": [
"@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")"
],
"result": "warning",
"message_line": null,
"dismissed": 0,
"message": "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")\nFile: /opt/splunk/etc/apps/private3/bin/test.py",
"instance": "local",
"identical": 0
}
],
"required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
},
{
"description": "Splunk Python SDK Check",
"name": "Splunk Python SDK Check",
"result": "PASSED",
"messages": [
]
}
],
"details": "This app is not compatible with Python 3.",
"required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
"remote_version": null
}
],
"summary": {
"splunkbase": 0,
"splunk_supported": 0,
"private": 2,
"public_passed": 0,
"public_blocker": 0,
"public_warning": 0,
"public_unknown": 0,
"private_passed": 0,
"private_blocker": 1,
"private_warning": 0,
"private_unknown": 0,
"private_dismissed": 0,
"public_dismissed": 0,
"scan_completion_time": 1627038604
},
"scan_ID": "splunk-system-user_1626329281",
"host": "so1"
},
"message":"Remote scan details successfully for user: admin",
"progress": 100
}
/services/jura_remote_result
https://<host>:<mPort>/services/jura_remote_result
Reads the latest merged jQuery scan report of the local and remote instances.
Usage details
To use this endpoint, you must have completed a scheduled scan and have a merged scan report.
GET
Reads the latest merged scan report of the local and remote instances.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": <status_of_scan>,
"message": <message_related_to_status>,
"progress": <progress_percentage_value>,
"results": { <dict_of_results_for scan> }
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_remote_result -X GET
Response when scan is completed
{
"status": "COMPLETE",
"results": {
"summary": {
"scan_completion_time": 1631116022,
"private_dismissed": 0,
"public_warning": 0,
"splunk_supported": 0,
"public_dismissed": 0,
"splunkbase": 0,
"private_blocker": 1,
"private_warning": 0,
"private_unknown": 0,
"public_blocker": 0,
"public_passed": 0,
"public_unknown": 0,
"private": 1,
"private_passed": 0
},
"scan_ID": "splunk-system-user_1631116022",
"apps": [
{
"app_path": "/opt/splunk/etc/apps/sample_jura_app",
"summary": {
"Skipped": 0,
"type": "Private App",
"dismiss_app": 0,
"app_link": "",
"dismiss_app_date": "",
"Passed": 0,
"Warning": 0,
"Status": "BLOCKER",
"Blocker": 3
},
"version": "1.0.0",
"name": "sample_jura_app",
"remote_version": "",
"checks": [
{
"name": "Splunk dashboard jQuery version check",
"messages": [
{
"instance": "local",
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml",
"message_line": null,
"result": "warning",
"message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
"code": "1.0",
"identical": 0,
"line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk dashboard jQuery version check"
},
{
"name": "Splunk jQuery version check",
"messages": [
{
"instance": "local",
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js",
"message_line": null,
"result": "warning",
"message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application. Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
"code": "",
"identical": 0,
"line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk jQuery version check"
},
{
"name": "Splunk internal library check",
"messages": [
{
"instance": "local",
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js",
"message_line": null,
"result": "warning",
"message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
"code": "",
"identical": 0,
"line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk internal library check"
}
],
"label": "sample_jura_app",
"required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
"details": "This app is not compatible with jQuery 3.5."
}
],
"host": "so1"
},
"progress": 100,
"message": "Remote scan details successfully for user: admin"
}
/services/pura_remote_schedule_scan
https://<host>:<mPort>/services/pura_remote_schedule_scan
Schedules a Python scan at a custom time or at the default time at 1 AM daily based on user inputs.
Returns the custom scan details from the KV store if stored.
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
POST
Schedules a scan at the given time interval. By default, if no time is specified, the scan is scheduled for 1:00 AM daily.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| schedule_scan_type | String | Required. Type of scan. Accepted values are custom or default.
|
| day | String | Required. Day interval. For example, 2 runs the scan every 2 days. |
| hours | String | Required. Hours of the time at which the scan is to be run. |
| minutes | String | Required. Minutes of the time at which the scan is to be run. |
| am_pm | String | Required. AM or PM |
| time_offset | String | Required.The offset of the timezone. For example, +5:30. |
| disabled | String | Whether the schedule scan is to disabled or not. Value should be either 0 or 1. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_remote_schedule_scan --data '{"disabled":"1","schedule_scan_type": "custom","day": "1","hours": "5", "minutes":"5", "am_pm": "am", "time_offset": "+0:00"}' -X POST
Response
{
"status": true,
"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
GET
Returns the scan schedule details saved in the KV store.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"user": <user>,
"host": <hostname>,
"day": <day_interval>,
"minutes": <minutes_value_in_time>,
"hours": <hours_value_in_time>,
"am_pm": <am_or_pm>",
"schedule_scan_type": <default_or_custom>,
"timestamp": <timestamp_at_which_details_were_saved>,
"disabled": "<Whether the scan is disabled or not>"
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_remote_schedule_scan -X GET
Response
{
"name":"conf_editor",
"user":"admin",
"host":"so1",
"day":"1",
"hours":"12",
"minutes":"22",
"am_pm":"AM"
"schedule_scan_type": "custom",
"timestamp": "1615286051",
"disabled":"0",
"_user": "nobody",
"_key": "60474f23dbe8a80b2d1c22e0"
}
/services/jura_remote_schedule_scan
https://<host>:<mPort>/services/jura_remote_schedule_scan
Schedules a jQuery scan at a custom time or at the default time at 4 AM daily based on user inputs.
Returns the custom scan details from the KV store if stored.
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
POST
Schedules a scan at the given time interval. By default, if no time is specified, the scan is scheduled for 1:00 AM daily.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| schedule_scan_type | String | Required. Type of scan. Accepted values are custom or default.
|
| day | String | Required. Day interval. For example, 2 runs the scan every 2 days. |
| hours | String | Required. Hours of the time at which the scan is to be run. |
| minutes | String | Required. Minutes of the time at which the scan is to be run. |
| am_pm | String | Required. AM or PM |
| time_offset | String | Required.The offset of the timezone. For example, +5:30. |
| disabled | String | Whether the scheduled scan is disabled or not. Value can be either 0 or 1. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_remote_schedule_scan --data '{"disabled":"1","schedule_scan_type": "custom","day": "1","hours": "5", "minutes":"5", "am_pm": "am", "time_offset": "+0:00"}' -X POST
Response
{
"status": true,
"message": "Successfully updated the remote scheduled scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
GET
Returns the scan schedule details saved in the KV store.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"user": <user>,
"host": <hostname>,
"day": <day_interval>,
"minutes": <minutes_value_in_time>,
"hours": <hours_value_in_time>,
"am_pm": <am_or_pm>",
"schedule_scan_type": <default_or_custom>,
"timestamp": <timestamp_at_which_details_were_saved>,
"disabled": "<Whether the scan is disabled or not>"
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_remote_schedule_scan -X GET
Response
{
"name":"conf_editor",
"user":"admin",
"host":"so1",
"day":"1",
"hours":"12",
"minutes":"22",
"am_pm":"AM"
"schedule_scan_type": "custom",
"timestamp": "1615286051",
"disabled":"0",
"_user": "nobody",
"_key": "60474f23dbe8a80b2d1c22e0"
}
/services/pura_remote_export_report
https://<host>:<mPort>/services/pura_remote_export_report?ID={scan_ID}&format={file_format}&app_name={app_name}&app_path={app_path}&host={host}
Fetches a JSON or CSV report for a given Python scan_ID and app path.
Usage details
To use this endpoint, a previous scan result must be available, and you must know its scan_ID and app_path.
GET
Fetches the JSON or CSV report for a previous scan, given a scan_ID.
Request parameters
| Name | Type | Description |
|---|---|---|
| ID | String | Required. The scan ID of a completed scan run by this user. |
| format | String | Required. The format of the report. |
| app_name | String | Required. Name of the app (folder name). |
| app_path | String | Required. The absolute path of the installed app. |
| host | String | Required. Hostname of the instance in the scan report. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"apps": [ <list_of_apps> ],
"summary": { <dict_of_summary_of_scan> },
"scan_ID": <ID_of_the_scan_report>
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and JSON response
Request
curl -k -u username:password https://localhost:8089/services/pura_remote_export_report?ID=admin_1615290732&format=JSON&app_name="conf_editor_private"&app_path="/opt/splunk/etc/apps/conf_editor_private" -X GET
Response
{
"apps": [
{
"name": "private3",
"label": "Valtix",
"version": "1.0.0",
"app_path": "/opt/splunk/etc/apps/private3",
"summary": {
"Passed": 1,
"Blocker": 1,
"Warning": 1,
"Skipped": 0,
"type": "Private App",
"app_link": "",
"dismiss_app": 0,
"dismiss_app_date": "",
"Status": "BLOCKER"
},
"checks": [
{
"name": "Python in custom Mako templates",
"result": "BLOCKER",
"messages": [
{
"message": null,
"dismissed": 0,
"message_filename": ".../bin/test_mako.html",
"message_line": 1,
"code": [
"@@ -1 +1,2 @@\n-rows = [i for i in xrange(1000)]\n+from six.moves import range\n+rows = [i for i in range(1000)]"
],
"instance": "local",
"identical": 0
},
{
"message": null,
"dismissed": 0,
"message_filename": ".../bin/test_mako2.html",
"message_line": 2,
"code": [
"@@ -1,2 +1,3 @@\n+from six.moves import range\n \n-rows = [[v for v in xrange(0,10)] for row in xrange(0,10)]\n+rows = [[v for v in range(0,10)] for row in range(0,10)]"
],
"instance": "local",
"identical": 0
}
],
"required_action": "Check to ensure that Mako templates are upgraded to be compatible with Python 3."
},
{
"description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
"name": "Python scripts",
"result": "WARNING",
"messages": [
{
"message_filename": ".../bin/test_fail.py",
"code": [
"@@ -1,4 +1,6 @@\n-print 'this should give error'\n-[i for i in xrange(1000)]\n+from __future__ import print_function\n+from six.moves import range\n+print('this should give error')\n+[i for i in range(1000)]\n print(\"this should not give error\")\n print(\"this should not give error\")"
],
"result": "warning",
"message_line": null,
"dismissed": 0,
"message": "@@ -1,4 +1,6 @@\n-print 'this should give error'\n-[i for i in xrange(1000)]\n+from __future__ import print_function\n+from six.moves import range\n+print('this should give error')\n+[i for i in range(1000)]\n print(\"this should not give error\")\n print(\"this should not give error\")\nFile: /opt/splunk/etc/apps/private3/bin/test_fail.py",
"instance": "local",
"identical": 0
}
],
"required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
},
{
"description": "Splunk Python SDK Check",
"name": "Splunk Python SDK Check",
"result": "PASSED",
"messages": [
]
}
],
"details": "This app is not compatible with Python 3.",
"required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
"remote_version": ""
}
],
"scan_ID": "splunk-system-user_1627040106"
}
/services/jura_remote_export_report
https://<host>:<mPort>/services/jura_remote_export_report?ID={scan_ID}&format={file_format}&app_name={app_name}&app_path={app_path}&host={host}
Fetches a JSON or CSV report for a given jQuery scan_ID and app path.
Usage details
To use this endpoint, a previous scan result must be available, and you must know its scan_ID and app_path.
GET
Fetches the JSON or CSV report for a previous scan, given a scan_ID.
Request parameters
| Name | Type | Description |
|---|---|---|
| ID | String | Required. The scan ID of a completed scan run by this user. |
| format | String | Required. The format of the report. |
| app_name | String | Required. Name of the app (folder name). |
| app_path | String | Required. The absolute path of the installed app. |
| host | String | Required. Hostname of the instance in the scan report. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"apps": [ <list_of_apps> ],
"summary": { <dict_of_summary_of_scan> },
"scan_ID": <ID_of_the_scan_report>
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and JSON response
Request
curl -k -u username:password 'https://localhost:8089/services/jura_remote_export_report?ID="splunk-system-user_1631116022"&format="json"&app_name="sample_jura_app"&app_path="/opt/splunk/etc/apps/sample_jura_app"&host="so1"'
Response
{
"scan_ID": "splunk-system-user_1631116022",
"apps": [
{
"app_path": "/opt/splunk/etc/apps/sample_jura_app",
"name": "sample_jura_app",
"label": "sample_jura_app",
"summary": {
"Skipped": 0,
"type": "Private App",
"dismiss_app": 0,
"app_link": "",
"dismiss_app_date": "",
"Passed": 0,
"Warning": 0,
"Status": "BLOCKER",
"Blocker": 3
},
"remote_version": "",
"version": "1.0.0",
"checks": [
{
"name": "Splunk dashboard jQuery version check",
"messages": [
{
"instance": "local",
"dismissed": 0,
"message_filename": ".../default/data/ui/views/sample_b.xml",
"result": "warning",
"message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
"code": "1.0",
"identical": 0,
"message_line": null
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk dashboard jQuery version check"
},
{
"name": "Splunk jQuery version check",
"messages": [
{
"instance": "local",
"dismissed": 0,
"message_filename": ".../appserver/static/libs/jquery-2.2.4.min.js",
"result": "warning",
"message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application. Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
"code": "",
"identical": 0,
"message_line": null
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk jQuery version check"
},
{
"name": "Splunk internal library check",
"messages": [
{
"instance": "local",
"dismissed": 0,
"message_filename": ".../appserver/static/script_1.js",
"result": "warning",
"message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
"code": "",
"identical": 0,
"message_line": null
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk internal library check"
}
],
"required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
"details": "This app is not compatible with jQuery 3.5."
}
]
}
/services/pura_remote_sendemail
https://<host>:<mPort>/services/pura_remote_sendemail
Email a specific Python app report to the specified email addresses and app.
Usage details
To use this endpoint, you must complete a scan and correctly configure email details.
POST
Sends the app report as an email to the specified email addresses.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app_name | String | Required. Name of the app (folder name). |
| app_path | String | Required. The absolute path to the application. |
| subject | String | Required. The subject of the email. |
| receiver | String | Required. A comma-separated list of email addresses to whom the report is to be mailed. |
| body | String | Required. Body of the email. |
| remote_host | String | Required. Hostname present in the scan report. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Email sent"
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_sendemail -H 'Content-Type: application/json' -d '{"app_name": "conf_editor_private", "app_path": "/opt/splunk/etc/apps/conf_editor_private", "subject": "Subject of the email", "receiver": "email1@email.com, email2@email.com", "body": "Body of the email", "remote_host": "so1"}' -X POST
Response
{
"status": true,
"message": "Email sent"
}
/services/jura_remote_sendemail
https://<host>:<mPort>/services/jura_remote_sendemail
Email a specific jQuery app report to the specified email addresses and app.
Usage details
To use this endpoint, you must complete a scan and correctly configure email details.
POST
Sends the app report as an email to the specified email addresses.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| app_name | String | Required. Name of the app (folder name). |
| app_path | String | Required. The absolute path to the application. |
| subject | String | Required. The subject of the email. |
| receiver | String | Required. A comma-separated list of email addresses to whom the report is to be mailed. |
| body | String | Required. Body of the email. |
| remote_host | String | Required. Hostname present in the scan report. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Email sent"
} |
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/jura_remote_sendemail -H 'Content-Type: application/json' -d '{"app_name": "sample_jura_app", "app_path": "/opt/splunk/etc/apps/sample_jura_app", "subject": "Subject of the email", "receiver": ["email1@email.com", "email2@email.com"], "body": "Body of the email", "remote_host": "so1"}' -X POST
Response
{
"status": true,
"message": "Email sent"
}
/services/pura_latest_report
https://<host>:<mPort>/services/pura_latest_report
Get the latest scheduled Python scan report.
Usage details
To use this endpoint, a scheduled scan must be completed.
GET
Get the latest scheduled scan report.
Request parameters
| Name | Type | Description |
|---|---|---|
| ID | String | Required. The scan ID of a completed scan run by this user. |
| pura_apps | String | Required. Comma separated list of app names (folder name). |
Returned values
| Name | Description |
|---|---|
| 200 | {
"apps": [ ],
"summary": {},
"scan_ID": <ID_of_the_scan_report>,
"host": "<host>"
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and JSON response
Request
curl -k -u username:password https://localhost:8089/services/pura_latest_report?pura_apps="private_app1,private_app2" -X GET
Response
{
"apps": [
{
"name": "private_app1",
"label": "private_app1",
"version": "3.0.0",
"app_path": "/opt/splunk/etc/apps/private_app1",
"summary": {
"Passed": 2,
"Blocker": 0,
"Warning": 1,
"Skipped": 0,
"type": "Private App",
"app_link": "",
"dismiss_app": 1,
"dismiss_app_date": "1626329392",
"Status": "DISMISSED"
},
"checks": [
{
"name": "Python in custom Mako templates",
"result": "PASSED",
"messages": [
],
"required_action": "None"
},
{
"description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
"name": "Python scripts",
"result": "WARNING",
"messages": [
{
"message_filename": ".../bin/test.py",
"code": [
"@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")"
],
"result": "warning",
"message_line": null,
"dismissed": 0,
"message": "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")\nFile: /opt/splunk/etc/apps/private_app1/bin/test.py",
"instance": "local",
"identical": 0
}
],
"required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
},
{
"description": "Splunk Python SDK Check",
"name": "Splunk Python SDK Check",
"result": "PASSED",
"messages": [
]
}
],
"details": "This app is not compatible with Python 3.",
"required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
"remote_version": null
},
{
"name": "private_app2",
"label": "private_app2",
"version": "3.0.0",
"app_path": "/opt/splunk/etc/apps/private_app2",
"summary": {
"Passed": 2,
"Blocker": 0,
"Warning": 1,
"Skipped": 0,
"type": "Private App",
"app_link": "",
"dismiss_app": 1,
"dismiss_app_date": "1626329400",
"Status": "DISMISSED"
},
"checks": [
{
"name": "Python in custom Mako templates",
"result": "PASSED",
"messages": [
],
"required_action": "None"
},
{
"description": "Check for the existence of Python scripts, which must be upgraded to be cross-compatible with Python 2 and 3 for the upcoming Splunk Enterprise Python 3 release. ",
"name": "Python scripts",
"result": "WARNING",
"messages": [
{
"message_filename": ".../bin/test.py",
"code": [
"@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")"
],
"result": "warning",
"message_line": null,
"dismissed": 0,
"message": "@@ -1 +1,2 @@\n-print \"this should fail\"\n+from __future__ import print_function\n+print(\"this should fail\")\nFile: /opt/splunk/etc/apps/private_app2/bin/test.py",
"instance": "local",
"identical": 0
}
],
"required_action": "Update these Python scripts to be dual-compatible with Python 2 and 3."
},
{
"description": "Splunk Python SDK Check",
"name": "Splunk Python SDK Check",
"result": "PASSED",
"messages": [
]
}
],
"details": "This app is not compatible with Python 3.",
"required_action": "Update this app or uninstall it. If you do nothing, the app will fail.",
"remote_version": null
}
],
"scan_ID": "splunk-system-user_1626329281"
}
/services/jura_latest_report
https://<host>:<mPort>/services/jura_latest_report
Get the latest scheduled jQuery scan report.
Usage details
To use this endpoint, a scheduled scan must be completed.
GET
Get the latest scheduled scan report.
Request parameters
| Name | Type | Description |
|---|---|---|
| jura_apps | String | Required. Comma separated list of app names (folder name). |
Returned values
| Name | Description |
|---|---|
| 200 | {
"apps": [ ],
"summary": {},
"scan_ID": <ID_of_the_scan_report>,
"host": "<host>"
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and JSON response
Request
curl -k -u username:password https://localhost:8089/services/jura_latest_report?jura_apps="sample_jura_app" -X GET
Response
{
"summary": {
"scan_completion_time": 1631116022,
"private_dismissed": 0,
"private_passed": 0,
"public_warning": 0,
"splunk_supported": 0,
"public_dismissed": 0,
"splunkbase": 0,
"private_blocker": 1,
"private_warning": 0,
"private_unknown": 0,
"public_passed": 0,
"public_unknown": 0,
"private": 1,
"public_blocker": 0
},
"scan_ID": "splunk-system-user_1631116022",
"apps": [
{
"app_path": "/opt/splunk/etc/apps/sample_jura_app",
"name": "sample_jura_app",
"label": "sample_jura_app",
"version": "1.0.0",
"summary": {
"Skipped": 0,
"type": "Private App",
"dismiss_app": 0,
"app_link": "",
"dismiss_app_date": "",
"Passed": 0,
"Warning": 0,
"Status": "BLOCKER",
"Blocker": 3
},
"checks": [
{
"name": "Splunk dashboard jQuery version check",
"messages": [
{
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml",
"result": "warning",
"message": "Version attribute of the dashboard /opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml is set to 1.0. Change the version attribute in the root node of your Simple XML dashboard to '<dashboard version=\"1.1\">' OR '<form version=\"1.1\">'. Other dashboard versions introduce vulnerabilities into your apps and are not permitted in Splunk Cloud Platform.",
"code": "1.0",
"line": null,
"message_line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/default/data/ui/views/sample_b.xml"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk dashboard jQuery version check"
},
{
"name": "Splunk jQuery version check",
"messages": [
{
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js",
"result": "warning",
"message": "The jQuery 2.2.4 shipped along with your application introduces vulnerabilities into your application. Splunk apps must use jQuery version 3.5 or higher. Lower versions are no longer permitted in Splunk Cloud Platform.",
"code": "",
"line": null,
"message_line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/libs/jquery-2.2.4.min.js"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk jQuery version check"
},
{
"name": "Splunk internal library check",
"messages": [
{
"dismissed": 0,
"message_filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js",
"result": "warning",
"message": "This /opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js is importing the following dependencies which are not supported or externally documented by Splunk. <badimport>splunkjs/mvc/simplexml/ready",
"code": "",
"line": null,
"message_line": null,
"filename": "/opt/splunk/etc/apps/sample_jura_app/appserver/static/script_1.js"
}
],
"result": "BLOCKER",
"required_action": "None",
"description": "Splunk internal library check"
}
],
"required_action": "Update this app or request to uninstall it. If you do nothing, the app will fail in future Splunk upgrades that use jQuery 3.5.",
"details": "This app is not compatible with jQuery 3.5."
}
],
"host": "so1"
}
/services/pura_manage_remote_scan
https://<host>:<mPort>/services/pura_manage_remote_scan
Updates the schedule scan details in scripted input of the host.
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
POST
Updates the scripted input according to the schedule scan details specified.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| schedule_scan_type | String | Required. Type of scan. Accepted values are custom or default.
|
| day | String | Required. Day interval. For example, 2 runs the scan every 2 days. |
| hours | String | Required. Hours of the time at which the scan is to be run. |
| minutes | String | Required. Minutes of the time at which the scan is to be run. |
| am_pm | String | Required. AM or PM |
| disabled | String | Whether the schedule scan is to disabled or not. Value should be either 0 or 1. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "Successfully updated the remote schedule scan details for user <user> on host <host>."
}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
}
|
Example request and response
Request
curl -k -u username:password 'https://localhost:8089/services/pura_manage_remote_scan?disabled=1&schedule_scan_type =custom&day=1&hours=5&minutes=5&am_pm="am" &time_offset="+0:00"' -X POST
Response
{
"status": true,
"message": "Successfully updated the remote schedule scan details for user <user> on host <host>. It will be reflected after 2 hours."
}
/services/pura_user_records
https://<host>:<mPort>/services/pura_user_records
View or update the user Python version upgrade requests.
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
POST
Submit a Python version upgrade request.
Request parameters
None.
Payload
| Name | Type | Description |
|---|---|---|
| action | String | Required. Requested Python version. Possible values are Python2, Python3, or Force Python3. |
Returned values
| Name | Description |
|---|---|
| 200 | {
"status": true,
"message": "User records inserted successfully"
}
|
| 400, 403, 404, or 500 | {
"success": false,
"error_type" : "OTHER",
"message" : "Something went Wrong!"}
}
|
Example request and response
Request
curl -k -u username:password https://localhost:8089/services/pura_user_records -H 'Content-Type:application/json' -d '{"action":"Python3"}' -X POST
Response
{
"status": true,
"message": "User records inserted successfully"
}
GET
Gets the user Python version upgrade request records.
Request parameters
None.
Returned values
| Name | Description |
|---|---|
| 200 | {
"current_timezone_offset" :
"+05:30" // to show the time
as per user's current timezone "
"records" :
[
{
host_name:"",
user_name:"",
user_role:""
action:"",
request_timestamp: "",
description: "",
stack_ID: "",
}]}
|
| 400, 403, 404, or 500 | {
"status": false,
"message": <failure_cause>
} |
Example request and response
Request
curl -k -u username:password 'https://localhost:8089/services/pura_user_records' -X GET
Response
{
"current_timezone_offset": "+05:30",
"records": [
{
"host_name": "sh-i-090da0788f8203adb",
"user_name": "admin",
"user_role": "role1|role2|role3",
"action": "Python3",
"request_timestamp": "23 Jul 2021 13:43:01 +UTC",
"description": "Request to upgrade Python3",
"stack_ID": "noble-newt-947"
}
]
}
/services/pura_check_python_version
https://<host>:<mPort>/services/pura_check_python_version
Get the current Python version on the server.
Usage details
To use this endpoint, you must have permission to see the apps on your instance.
GET
Get the current Python version on the server.
Request parameters
None
Returned values
| Name | Description |
|---|---|
| 200 | 0/1/2 0 => Current python version on server is python2, can request to python3 or force_python3 1 => Current python version on server is python2 but already requested python 3 or force_python 3, can request to retract back to python2 2 => Current python version on server is either python3 or force_python3 |
| 400, 403, 404, or 500 | {"success" : false,
"error_type" : "OTHER",
"message" : "Something
went Wrong!"}
|
Example request and JSON response
Request
curl -k -u username:password https://localhost:8089/services/pura_check_python_version -H 'Content-Type:application/json' -X GET
Response
2
Last modified on 21 January, 2022
| Act on Splunk Platform Compatibility scan results with the Upgrade Readiness App | Release notes for the Upgrade Readiness App |
This documentation applies to the following versions of Splunk® Enterprise: 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1
Download manual
Feedback submitted, thanks!