diff --git a/client/models/saved_searches.go b/client/models/saved_searches.go index dc86bacd..eb005571 100644 --- a/client/models/saved_searches.go +++ b/client/models/saved_searches.go @@ -12,171 +12,194 @@ type SavedSearchesEntry struct { } type SavedSearchObject struct { - Actions string `json:"actions,omitempty" url:"actions,omitempty"` - ActionEmail bool `json:"action.email,omitempty" url:"action.email"` - ActionEmailAuthPassword string `json:"action.email.auth_password,omitempty" url:"action.email.auth_password,omitempty"` - ActionEmailAuthUsername string `json:"action.email.auth_username,omitempty" url:"action.email.auth_username,omitempty"` - ActionEmailBCC string `json:"action.email.bcc,omitempty" url:"action.email.bcc,omitempty"` - ActionEmailCC string `json:"action.email.cc,omitempty" url:"action.email.cc,omitempty"` - ActionEmailCommand string `json:"action.email.command,omitempty" url:"action.email.command,omitempty"` - ActionEmailFormat string `json:"action.email.format,omitempty" url:"action.email.format,omitempty"` - ActionEmailFrom string `json:"action.email.from,omitempty" url:"action.email.from,omitempty"` - ActionEmailHostname string `json:"action.email.hostname,omitempty" url:"action.email.hostname,omitempty"` - ActionEmailIncludeResultsLink int `json:"action.email.include.results_link,string,omitempty" url:"action.email.include.results_link,omitempty"` - ActionEmailIncludeSearch int `json:"action.email.include.search,string,omitempty" url:"action.email.include.search,omitempty"` - ActionEmailIncludeTrigger int `json:"action.email.include.trigger,string,omitempty" url:"action.email.include.trigger,omitempty"` - ActionEmailIncludeTriggerTime int `json:"action.email.include.trigger_time,string,omitempty" url:"action.email.include.trigger_time,omitempty"` - ActionEmailIncludeViewLink int `json:"action.email.include.view_link,string,omitempty" url:"action.email.include.view_link,omitempty"` - ActionEmailInline bool `json:"action.email.inline" url:"action.email.inline"` - ActionEmailMailserver string `json:"action.email.mailserver,omitempty" url:"action.email.mailserver,omitempty"` - ActionEmailMaxResults int `json:"action.email.maxresults,omitempty" url:"action.email.maxresults,omitempty"` - ActionEmailMaxTime string `json:"action.email.maxtime,omitempty" url:"action.email.maxtime,omitempty"` - ActionEmailMessageAlert string `json:"action.email.message.alert,omitempty" url:"action.email.message.alert,omitempty"` - ActionEmailMessageReport string `json:"action.email.message.report,omitempty" url:"action.email.message.report,omitempty"` - ActionEmailPDFView string `json:"action.email.pdfview,omitempty" url:"action.email.pdfview,omitempty"` - ActionEmailPreprocessResults string `json:"action.email.preprocess_results,omitempty" url:"action.email.preprocess_results,omitempty"` - ActionEmailReportCIDFontList string `json:"action.email.reportCIDFontList,omitempty" url:"action.email.reportCIDFontList,omitempty"` - ActionEmailReportIncludeSplunkLogo bool `json:"action.email.reportIncludeSplunkLogo" url:"action.email.reportIncludeSplunkLogo"` - ActionEmailReportPaperOrientation string `json:"action.email.reportPaperOrientation,omitempty" url:"action.email.reportPaperOrientation,omitempty"` - ActionEmailReportPaperSize string `json:"action.email.reportPaperSize,omitempty" url:"action.email.reportPaperSize,omitempty"` - ActionEmailReportServerEnabled bool `json:"action.email.reportServerEnabled" url:"action.email.reportServerEnabled"` - ActionEmailReportServerURL string `json:"action.email.reportServerURL,omitempty" url:"action.email.reportServerURL,omitempty"` - ActionEmailSendCSV int `json:"action.email.sendcsv,string,omitempty" url:"action.email.sendcsv,omitempty"` - ActionEmailSendPDF bool `json:"action.email.sendpdf" url:"action.email.sendpdf"` - ActionEmailSendResults bool `json:"action.email.sendresults" url:"action.email.sendresults"` - ActionEmailSubject string `json:"action.email.subject,omitempty" url:"action.email.subject,omitempty"` - ActionEmailTo string `json:"action.email.to,omitempty" url:"action.email.to,omitempty"` - ActionEmailTrackAlert bool `json:"action.email.track_alert" url:"action.email.track_alert"` - ActionEmailTTL string `json:"action.email.ttl,omitempty" url:"action.email.ttl,omitempty"` - ActionEmailUseSSL bool `json:"action.email.use_ssl" url:"action.email.use_ssl"` - ActionEmailUseTLS bool `json:"action.email.use_tls" url:"action.email.use_tls"` - ActionEmailWidthSortColumns bool `json:"action.email.width_sort_columns" url:"action.email.width_sort_columns"` - ActionPagerdutyIntegrationURL string `json:"action.pagerduty.param.integration_url,omitempty" url:"action.pagerduty.param.integration_url"` - ActionPagerdutyIntegrationURLOverride string `json:"action.pagerduty.param.integration_url_override,omitempty" url:"action.pagerduty.param.integration_url_override"` - ActionPagerdutyParamCustDetails string `json:"action.pagerduty.param.custom_details,omitempty" url:"action.pagerduty.param.custom_details,omitempty"` - ActionPagerdutyParamIntKey string `json:"action.pagerduty.param.integration_key,omitempty" url:"action.pagerduty.param.integration_key,omitempty"` - ActionPagerdutyParamIntKeyOverride string `json:"action.pagerduty.param.integration_key_override,omitempty" url:"action.pagerduty.param.integration_key_override,omitempty"` - ActionPopulateLookup bool `json:"action.populate_lookup" url:"action.populate_lookup"` - ActionPopulateLookupCommand string `json:"action.populate_lookup.command,omitempty" url:"action.populate_lookup.command,omitempty"` - ActionPopulateLookupDest string `json:"action.populate_lookup.dest,omitempty" url:"action.populate_lookup.dest,omitempty"` - ActionPopulateLookupHostname string `json:"action.populate_lookup.hostname,omitempty" url:"action.populate_lookup.hostname,omitempty"` - ActionPopulateLookupMaxResults int `json:"action.populate_lookup.maxresults,omitempty" url:"action.populate_lookup.maxresults,omitempty"` - ActionPopulateLookupMaxTime int `json:"action.populate_lookup.maxtime,omitempty" url:"action.populate_lookup.maxtime,omitempty,omitempty"` - ActionPopulateLookupTrackAlert bool `json:"action.populate_lookup.track_alert" url:"action.populate_lookup.track_alert"` - ActionPopulateLookupTTL string `json:"action.populate_lookup.ttl,omitempty" url:"action.populate_lookup.ttl,omitempty"` - ActionRSS bool `json:"-" url:"action.rss"` - ActionRSSCommand string `json:"action.rss.command,omitempty" url:"action.rss.command,omitempty"` - ActionRSSHostname string `json:"action.rss.hostname,omitempty" url:"action.rss.hostname,omitempty"` - ActionRSSMaxResults int `json:"action.rss.maxresults,omitempty" url:"action.rss.maxresults,omitempty"` - ActionRSSMaxTime int `json:"action.rss.maxtime,omitempty" url:"action.rss.maxtime,omitempty"` - ActionRSSTrackAlert bool `json:"action.rss.track_alert" url:"action.rss.track_alert"` - ActionRSSTTL string `json:"action.rss.ttl,omitempty" url:"action.rss.ttl,omitempty"` - ActionScript bool `json:"-" url:"action.script"` - ActionScriptCommand string `json:"action.script.command,omitempty" url:"action.script.command,omitempty"` - ActionScriptFilename string `json:"action.script.filename,omitempty" url:"action.script.filename,omitempty"` - ActionScriptHostname string `json:"action.script.hostname,omitempty" url:"action.script.hostname,omitempty"` - ActionScriptMaxResults int `json:"action.script.maxresults,omitempty" url:"action.script.maxresults,omitempty"` - ActionScriptMaxTime int `json:"action.script.maxtime,omitempty" url:"action.script.maxtime,omitempty"` - ActionScriptTrackAlert bool `json:"action.script.track_alert" url:"action.script.track_alert"` - ActionScriptTTL string `json:"action.script.ttl,omitempty" url:"action.script.ttl,omitempty"` - ActionSnowEventParamAccount string `json:"action.snow_event.param.account,omitempty" url:"action.snow_event.param.account,omitempty"` - ActionSnowEventParamNode string `json:"action.snow_event.param.node,omitempty" url:"action.snow_event.param.node,omitempty"` - ActionSnowEventParamType string `json:"action.snow_event.param.type,omitempty" url:"action.snow_event.param.type,omitempty"` - ActionSnowEventParamResource string `json:"action.snow_event.param.resource,omitempty" url:"action.snow_event.param.resource,omitempty"` - ActionSnowEventParamSeverity int `json:"action.snow_event.param.severity,string,omitempty" url:"action.snow_event.param.severity,omitempty"` - ActionSnowEventParamDescription string `json:"action.snow_event.param.description,omitempty" url:"action.snow_event.param.description,omitempty"` - ActionSnowEventParamCiIdentifier string `json:"action.snow_event.param.ci_identifier,omitempty" url:"action.snow_event.param.ci_identifier,omitempty"` - ActionSnowEventParamCustomFields string `json:"action.snow_event.param.custom_fields,omitempty" url:"action.snow_event.param.custom_fields,omitempty"` - ActionSnowEventParamAdditionalInfo string `json:"action.snow_event.param.additional_info,omitempty" url:"action.snow_event.param.additional_info,omitempty"` - ActionSummaryIndex bool `json:"action.summary_index,omitempty" url:"action.summary_index"` - ActionSummaryIndexName string `json:"action.summary_index._name,omitempty" url:"action.summary_index._name,omitempty"` - ActionSummaryIndexCommand string `json:"action.summary_index.command,omitempty" url:"action.summary_index.command,omitempty"` - ActionSummaryIndexHostname string `json:"action.summary_index.hostname,omitempty" url:"action.summary_index.hostname,omitempty"` - ActionSummaryIndexInline bool `json:"action.summary_index.inline" url:"action.summary_index.inline"` - ActionSummaryIndexMaxResults int `json:"action.summary_index.maxresults,omitempty" url:"action.summary_index.maxresults,omitempty"` - ActionSummaryIndexMaxTime int `json:"action.summary_index.maxtime,omitempty" url:"action.summary_index.maxtime,omitempty"` - ActionSummaryIndexTrackAlert bool `json:"action.summary_index.track_alert" url:"action.summary_index.track_alert"` - ActionSummaryIndexTTL string `json:"action.summary_index.ttl,omitempty" url:"action.summary_index.ttl,omitempty"` - ActionCreateXsoarIncident string `json:"action.create_xsoar_incident,omitempty" url:"action.create_xsoar_incident"` - ActionCreateXsoarIncidentParamSendAllServers string `json:"action.create_xsoar_incident.param.send_all_servers,omitempty" url:"action.create_xsoar_incident.param.send_all_servers"` - ActionCreateXsoarIncidentParamServerUrl string `json:"action.create_xsoar_incident.param.server_url,omitempty" url:"action.create_xsoar_incident.param.server_url"` - ActionCreateXsoarIncidentParamIncidentName string `json:"action.create_xsoar_incident.param.incident_name,omitempty" url:"action.create_xsoar_incident.param.incident_name"` - ActionCreateXsoarIncidentParamDetails string `json:"action.create_xsoar_incident.param.details,omitempty" url:"action.create_xsoar_incident.param.details"` - ActionCreateXsoarIncidentParamCustomFields string `json:"action.create_xsoar_incident.param.custom_fields,omitempty" url:"action.create_xsoar_incident.param.custom_fields"` - ActionCreateXsoarIncidentParamSeverity string `json:"action.create_xsoar_incident.param.severity,omitempty" url:"action.create_xsoar_incident.param.severity"` - ActionCreateXsoarIncidentParamOccurred string `json:"action.create_xsoar_incident.param.occurred,omitempty" url:"action.create_xsoar_incident.param.occurred"` - ActionCreateXsoarIncidentParamType string `json:"action.create_xsoar_incident.param.type" url:"action.create_xsoar_incident.param.type"` - ActionSlackParamAttachment string `json:"action.slack.param.attachment,omitempty" url:"action.slack.param.attachment"` - ActionSlackParamChannel string `json:"action.slack.param.channel,omitempty" url:"action.slack.param.channel"` - ActionSlackParamFields string `json:"action.slack.param.fields,omitempty" url:"action.slack.param.fields"` - ActionSlackParamMessage string `json:"action.slack.param.message,omitempty" url:"action.slack.param.message"` - ActionSlackParamWebhookUrlOverride string `json:"action.slack.param.webhook_url_override,omitempty" url:"action.slack.param.webhook_url_override"` - ActionJiraServiceDeskParamAccount string `json:"action.jira_service_desk.param.account,omitempty" url:"action.jira_service_desk.param.account"` - ActionJiraServiceDeskParamJiraProject string `json:"action.jira_service_desk.param.jira_project,omitempty" url:"action.jira_service_desk.param.jira_project"` - ActionJiraServiceDeskParamJiraIssueType string `json:"action.jira_service_desk.param.jira_issue_type,omitempty" url:"action.jira_service_desk.param.jira_issue_type"` - ActionJiraServiceDeskParamJiraSummary string `json:"action.jira_service_desk.param.jira_summary,omitempty" url:"action.jira_service_desk.param.jira_summary"` - ActionJiraServiceDeskParamJiraPriority string `json:"action.jira_service_desk.param.jira_priority,omitempty" url:"action.jira_service_desk.param.jira_priority"` - ActionJiraServiceDeskParamJiraDescription string `json:"action.jira_service_desk.param.jira_description,omitempty" url:"action.jira_service_desk.param.jira_description"` - ActionWebhookParamUrl string `json:"action.webhook.param.url,omitempty" url:"action.webhook.param.url"` - AlertDigestMode bool `json:"alert.digest_mode" url:"alert.digest_mode"` - AlertExpires string `json:"alert.expires,omitempty" url:"alert.expires,omitempty"` - AlertSeverity int `json:"alert.severity,omitempty" url:"alert.severity,omitempty"` - AlertSuppress bool `json:"alert.suppress" url:"alert.suppress"` - AlertSuppressFields string `json:"alert.suppress.fields,omitempty" url:"alert.suppress.fields,omitempty"` - AlertSuppressPeriod string `json:"alert.suppress.period,omitempty" url:"alert.suppress.period,omitempty"` - AlertTrack bool `json:"alert.track" url:"alert.track"` - AlertComparator string `json:"alert_comparator,omitempty" url:"alert_comparator,omitempty"` - AlertCondition string `json:"alert_condition,omitempty" url:"alert_condition,omitempty"` - AlertThreshold string `json:"alert_threshold,omitempty" url:"alert_threshold,omitempty"` - AlertType string `json:"alert_type,omitempty" url:"alert_type,omitempty"` - AllowSkew string `json:"allow_skew,omitempty" url:"allow_skew,omitempty"` - AutoSummarize bool `json:"auto_summarize,omitempty" url:"auto_summarize,omitempty"` - AutoSummarizeCommand string `json:"auto_summarize.command,omitempty" url:"auto_summarize.command,omitempty"` - AutoSummarizeCronSchedule string `json:"auto_summarize.cron_schedule,omitempty" url:"auto_summarize.cron_schedule,omitempty"` - AutoSummarizeDispatchEarliestTime string `json:"auto_summarize.dispatch.earliest_time,omitempty" url:"auto_summarize.dispatch.earliest_time,omitempty"` - AutoSummarizeDispatchLatestTime string `json:"auto_summarize.dispatch.latest_time,omitempty" url:"auto_summarize.dispatch.latest_time,omitempty"` - AutoSummarizeDispatchTimeFormat string `json:"auto_summarize.dispatch.time_format,omitempty" url:"auto_summarize.dispatch.time_format,omitempty"` - AutoSummarizeDispatchTTL string `json:"auto_summarize.dispatch.ttl,omitempty" url:"auto_summarize.dispatch.ttl,omitempty"` - AutoSummarizeMaxDisabledBuckets int `json:"auto_summarize.max_disabled_buckets,omitempty" url:"auto_summarize.max_disabled_buckets,omitempty"` - AutoSummarizeMaxSummaryRatio float64 `json:"auto_summarize.max_summary_ratio,omitempty" url:"auto_summarize.max_summary_ratio,omitempty"` - AutoSummarizeMaxSummarySize int `json:"auto_summarize.max_summary_size,omitempty" url:"auto_summarize.max_summary_size,omitempty"` - AutoSummarizeMaxTime int `json:"auto_summarize.max_time,omitempty" url:"auto_summarize.max_time,omitempty"` - AutoSummarizeSuspendPeriod string `json:"auto_summarize.suspend_period,omitempty" url:"auto_summarize.suspend_period,omitempty"` - AutoSummarizeTimespan string `json:"auto_summarize.timespan,omitempty" url:"auto_summarize.timespan,omitempty"` - CronSchedule string `json:"cron_schedule,omitempty" url:"cron_schedule,omitempty"` - Description string `json:"description,omitempty" url:"description,omitempty"` - Disabled bool `json:"disabled" url:"disabled"` - DispatchBuckets int `json:"dispatch.buckets,omitempty" url:"dispatch.buckets,omitempty"` - DispatchEarliestTime string `json:"dispatch.earliest_time,omitempty" url:"dispatch.earliest_time,omitempty"` - DispatchIndexEarliest string `json:"dispatch.index_earliest,omitempty" url:"dispatch.index_earliest,omitempty"` - DispatchIndexLatest string `json:"dispatch.index_latest,omitempty" url:"dispatch.index_latest,omitempty"` - DispatchIndexedRealtime bool `json:"dispatch.indexedRealtime" url:"dispatch.indexedRealtime"` - DispatchIndexedRealtimeOffset int `json:"dispatch.indexedRealtimeOffset" url:"dispatch.indexedRealtimeOffset,omitempty"` - DispatchIndexedRealtimeMinspan int `json:"dispatch.indexedRealtimeMinspan" url:"dispatch.indexedRealtimeMinspan,omitempty"` - DispatchLatestTime string `json:"dispatch.latest_time,omitempty" url:"dispatch.latest_time,omitempty"` - DispatchLookups bool `json:"dispatch.lookups" url:"dispatch.lookups"` - DispatchMaxCount int `json:"dispatch.max_count,omitempty" url:"dispatch.max_count,omitempty"` - DispatchMaxTime int `json:"dispatch.max_time,omitempty" url:"dispatch.max_time,omitempty"` - DispatchReduceFreq int `json:"dispatch.reduce_freq,omitempty" url:"dispatch.reduce_freq,omitempty"` - DispatchRtBackfill bool `json:"dispatch.rt_backfill" url:"dispatch.rt_backfill"` - DispatchRtMaximumSpan int `json:"dispatch.rt_maxtimespan" url:"dispatch.rt_maxtimespan,omitempty"` - DispatchSpawnProcess bool `json:"dispatch.spawn_process" url:"dispatch.spawn_process"` - DispatchTimeFormat string `json:"dispatch.time_format,omitempty" url:"dispatch.time_format,omitempty"` - DispatchTTL string `json:"dispatch.ttl,omitempty" url:"dispatch.ttl,omitempty"` - DisplayView string `json:"displayview,omitempty" url:"displayview,omitempty"` - IsScheduled bool `json:"is_scheduled" url:"is_scheduled"` - IsVisible bool `json:"is_visible" url:"is_visible"` - MaxConcurrent int `json:"max_concurrent,omitempty" url:"max_concurrent,omitempty"` - NextScheduledTime string `json:"next_scheduled_time,omitempty" url:"next_scheduled_time,omitempty"` - QualifiedSearch string `json:"qualifiedSearch,omitempty" url:"qualifiedSearch,omitempty"` - RealtimeSchedule bool `json:"realtime_schedule" url:"realtime_schedule"` - RequestUIDispatchApp string `json:"request.ui_dispatch_app,omitempty" url:"request.ui_dispatch_app,omitempty"` - RequestUIDispatchView string `json:"request.ui_dispatch_view,omitempty" url:"request.ui_dispatch_view,omitempty"` - RestartOnSearchPeerAdd bool `json:"restart_on_searchpeer_add" url:"restart_on_searchpeer_add"` - RunOnStartup bool `json:"run_on_startup" url:"run_on_startup"` - ScheduleWindow string `json:"schedule_window,omitempty" url:"schedule_window,omitempty"` - SchedulePriority string `json:"schedule_priority,omitempty" url:"schedule_priority,omitempty"` - Search string `json:"search,omitempty" url:"search,omitempty"` - VSID string `json:"vsid,omitempty" url:"vsid,omitempty"` - WorkloadPool string `json:"workload_pool,omitempty" url:"workload_pool,omitempty"` + Actions string `json:"actions,omitempty" url:"actions,omitempty"` + ActionEmail bool `json:"action.email,omitempty" url:"action.email"` + ActionEmailAuthPassword string `json:"action.email.auth_password,omitempty" url:"action.email.auth_password,omitempty"` + ActionEmailAuthUsername string `json:"action.email.auth_username,omitempty" url:"action.email.auth_username,omitempty"` + ActionEmailBCC string `json:"action.email.bcc,omitempty" url:"action.email.bcc,omitempty"` + ActionEmailCC string `json:"action.email.cc,omitempty" url:"action.email.cc,omitempty"` + ActionEmailCommand string `json:"action.email.command,omitempty" url:"action.email.command,omitempty"` + ActionEmailFormat string `json:"action.email.format,omitempty" url:"action.email.format,omitempty"` + ActionEmailFrom string `json:"action.email.from,omitempty" url:"action.email.from,omitempty"` + ActionEmailHostname string `json:"action.email.hostname,omitempty" url:"action.email.hostname,omitempty"` + ActionEmailIncludeResultsLink int `json:"action.email.include.results_link,string,omitempty" url:"action.email.include.results_link,omitempty"` + ActionEmailIncludeSearch int `json:"action.email.include.search,string,omitempty" url:"action.email.include.search,omitempty"` + ActionEmailIncludeTrigger int `json:"action.email.include.trigger,string,omitempty" url:"action.email.include.trigger,omitempty"` + ActionEmailIncludeTriggerTime int `json:"action.email.include.trigger_time,string,omitempty" url:"action.email.include.trigger_time,omitempty"` + ActionEmailIncludeViewLink int `json:"action.email.include.view_link,string,omitempty" url:"action.email.include.view_link,omitempty"` + ActionEmailInline bool `json:"action.email.inline" url:"action.email.inline"` + ActionEmailMailserver string `json:"action.email.mailserver,omitempty" url:"action.email.mailserver,omitempty"` + ActionEmailMaxResults int `json:"action.email.maxresults,omitempty" url:"action.email.maxresults,omitempty"` + ActionEmailMaxTime string `json:"action.email.maxtime,omitempty" url:"action.email.maxtime,omitempty"` + ActionEmailMessageAlert string `json:"action.email.message.alert,omitempty" url:"action.email.message.alert,omitempty"` + ActionEmailMessageReport string `json:"action.email.message.report,omitempty" url:"action.email.message.report,omitempty"` + ActionEmailPDFView string `json:"action.email.pdfview,omitempty" url:"action.email.pdfview,omitempty"` + ActionEmailPreprocessResults string `json:"action.email.preprocess_results,omitempty" url:"action.email.preprocess_results,omitempty"` + ActionEmailReportCIDFontList string `json:"action.email.reportCIDFontList,omitempty" url:"action.email.reportCIDFontList,omitempty"` + ActionEmailReportIncludeSplunkLogo bool `json:"action.email.reportIncludeSplunkLogo" url:"action.email.reportIncludeSplunkLogo"` + ActionEmailReportPaperOrientation string `json:"action.email.reportPaperOrientation,omitempty" url:"action.email.reportPaperOrientation,omitempty"` + ActionEmailReportPaperSize string `json:"action.email.reportPaperSize,omitempty" url:"action.email.reportPaperSize,omitempty"` + ActionEmailReportServerEnabled bool `json:"action.email.reportServerEnabled" url:"action.email.reportServerEnabled"` + ActionEmailReportServerURL string `json:"action.email.reportServerURL,omitempty" url:"action.email.reportServerURL,omitempty"` + ActionEmailSendCSV int `json:"action.email.sendcsv,string,omitempty" url:"action.email.sendcsv,omitempty"` + ActionEmailSendPDF bool `json:"action.email.sendpdf" url:"action.email.sendpdf"` + ActionEmailSendResults bool `json:"action.email.sendresults" url:"action.email.sendresults"` + ActionEmailSubject string `json:"action.email.subject,omitempty" url:"action.email.subject,omitempty"` + ActionEmailTo string `json:"action.email.to,omitempty" url:"action.email.to,omitempty"` + ActionEmailTrackAlert bool `json:"action.email.track_alert" url:"action.email.track_alert"` + ActionEmailTTL string `json:"action.email.ttl,omitempty" url:"action.email.ttl,omitempty"` + ActionEmailUseSSL bool `json:"action.email.use_ssl" url:"action.email.use_ssl"` + ActionEmailUseTLS bool `json:"action.email.use_tls" url:"action.email.use_tls"` + ActionEmailWidthSortColumns bool `json:"action.email.width_sort_columns" url:"action.email.width_sort_columns"` + ActionPagerdutyIntegrationURL string `json:"action.pagerduty.param.integration_url,omitempty" url:"action.pagerduty.param.integration_url"` + ActionPagerdutyIntegrationURLOverride string `json:"action.pagerduty.param.integration_url_override,omitempty" url:"action.pagerduty.param.integration_url_override"` + ActionPagerdutyParamCustDetails string `json:"action.pagerduty.param.custom_details,omitempty" url:"action.pagerduty.param.custom_details,omitempty"` + ActionPagerdutyParamIntKey string `json:"action.pagerduty.param.integration_key,omitempty" url:"action.pagerduty.param.integration_key,omitempty"` + ActionPagerdutyParamIntKeyOverride string `json:"action.pagerduty.param.integration_key_override,omitempty" url:"action.pagerduty.param.integration_key_override,omitempty"` + ActionPopulateLookup bool `json:"action.populate_lookup" url:"action.populate_lookup"` + ActionPopulateLookupCommand string `json:"action.populate_lookup.command,omitempty" url:"action.populate_lookup.command,omitempty"` + ActionPopulateLookupDest string `json:"action.populate_lookup.dest,omitempty" url:"action.populate_lookup.dest,omitempty"` + ActionPopulateLookupHostname string `json:"action.populate_lookup.hostname,omitempty" url:"action.populate_lookup.hostname,omitempty"` + ActionPopulateLookupMaxResults int `json:"action.populate_lookup.maxresults,omitempty" url:"action.populate_lookup.maxresults,omitempty"` + ActionPopulateLookupMaxTime int `json:"action.populate_lookup.maxtime,omitempty" url:"action.populate_lookup.maxtime,omitempty,omitempty"` + ActionPopulateLookupTrackAlert bool `json:"action.populate_lookup.track_alert" url:"action.populate_lookup.track_alert"` + ActionPopulateLookupTTL string `json:"action.populate_lookup.ttl,omitempty" url:"action.populate_lookup.ttl,omitempty"` + ActionRSS bool `json:"-" url:"action.rss"` + ActionRSSCommand string `json:"action.rss.command,omitempty" url:"action.rss.command,omitempty"` + ActionRSSHostname string `json:"action.rss.hostname,omitempty" url:"action.rss.hostname,omitempty"` + ActionRSSMaxResults int `json:"action.rss.maxresults,omitempty" url:"action.rss.maxresults,omitempty"` + ActionRSSMaxTime int `json:"action.rss.maxtime,omitempty" url:"action.rss.maxtime,omitempty"` + ActionRSSTrackAlert bool `json:"action.rss.track_alert" url:"action.rss.track_alert"` + ActionRSSTTL string `json:"action.rss.ttl,omitempty" url:"action.rss.ttl,omitempty"` + ActionScript bool `json:"-" url:"action.script"` + ActionScriptCommand string `json:"action.script.command,omitempty" url:"action.script.command,omitempty"` + ActionScriptFilename string `json:"action.script.filename,omitempty" url:"action.script.filename,omitempty"` + ActionScriptHostname string `json:"action.script.hostname,omitempty" url:"action.script.hostname,omitempty"` + ActionScriptMaxResults int `json:"action.script.maxresults,omitempty" url:"action.script.maxresults,omitempty"` + ActionScriptMaxTime int `json:"action.script.maxtime,omitempty" url:"action.script.maxtime,omitempty"` + ActionScriptTrackAlert bool `json:"action.script.track_alert" url:"action.script.track_alert"` + ActionScriptTTL string `json:"action.script.ttl,omitempty" url:"action.script.ttl,omitempty"` + ActionSnowEventParamAccount string `json:"action.snow_event.param.account,omitempty" url:"action.snow_event.param.account,omitempty"` + ActionSnowEventParamNode string `json:"action.snow_event.param.node,omitempty" url:"action.snow_event.param.node,omitempty"` + ActionSnowEventParamType string `json:"action.snow_event.param.type,omitempty" url:"action.snow_event.param.type,omitempty"` + ActionSnowEventParamResource string `json:"action.snow_event.param.resource,omitempty" url:"action.snow_event.param.resource,omitempty"` + ActionSnowEventParamSeverity int `json:"action.snow_event.param.severity,string,omitempty" url:"action.snow_event.param.severity,omitempty"` + ActionSnowEventParamDescription string `json:"action.snow_event.param.description,omitempty" url:"action.snow_event.param.description,omitempty"` + ActionSnowEventParamCiIdentifier string `json:"action.snow_event.param.ci_identifier,omitempty" url:"action.snow_event.param.ci_identifier,omitempty"` + ActionSnowEventParamCustomFields string `json:"action.snow_event.param.custom_fields,omitempty" url:"action.snow_event.param.custom_fields,omitempty"` + ActionSnowEventParamAdditionalInfo string `json:"action.snow_event.param.additional_info,omitempty" url:"action.snow_event.param.additional_info,omitempty"` + ActionSummaryIndex bool `json:"action.summary_index,omitempty" url:"action.summary_index"` + ActionSummaryIndexName string `json:"action.summary_index._name,omitempty" url:"action.summary_index._name,omitempty"` + ActionSummaryIndexCommand string `json:"action.summary_index.command,omitempty" url:"action.summary_index.command,omitempty"` + ActionSummaryIndexHostname string `json:"action.summary_index.hostname,omitempty" url:"action.summary_index.hostname,omitempty"` + ActionSummaryIndexInline bool `json:"action.summary_index.inline" url:"action.summary_index.inline"` + ActionSummaryIndexMaxResults int `json:"action.summary_index.maxresults,omitempty" url:"action.summary_index.maxresults,omitempty"` + ActionSummaryIndexMaxTime int `json:"action.summary_index.maxtime,omitempty" url:"action.summary_index.maxtime,omitempty"` + ActionSummaryIndexTrackAlert bool `json:"action.summary_index.track_alert" url:"action.summary_index.track_alert"` + ActionSummaryIndexTTL string `json:"action.summary_index.ttl,omitempty" url:"action.summary_index.ttl,omitempty"` + ActionCreateXsoarIncident string `json:"action.create_xsoar_incident,omitempty" url:"action.create_xsoar_incident"` + ActionCreateXsoarIncidentParamSendAllServers string `json:"action.create_xsoar_incident.param.send_all_servers,omitempty" url:"action.create_xsoar_incident.param.send_all_servers"` + ActionCreateXsoarIncidentParamServerUrl string `json:"action.create_xsoar_incident.param.server_url,omitempty" url:"action.create_xsoar_incident.param.server_url"` + ActionCreateXsoarIncidentParamIncidentName string `json:"action.create_xsoar_incident.param.incident_name,omitempty" url:"action.create_xsoar_incident.param.incident_name"` + ActionCreateXsoarIncidentParamDetails string `json:"action.create_xsoar_incident.param.details,omitempty" url:"action.create_xsoar_incident.param.details"` + ActionCreateXsoarIncidentParamCustomFields string `json:"action.create_xsoar_incident.param.custom_fields,omitempty" url:"action.create_xsoar_incident.param.custom_fields"` + ActionCreateXsoarIncidentParamSeverity string `json:"action.create_xsoar_incident.param.severity,omitempty" url:"action.create_xsoar_incident.param.severity"` + ActionCreateXsoarIncidentParamOccurred string `json:"action.create_xsoar_incident.param.occurred,omitempty" url:"action.create_xsoar_incident.param.occurred"` + ActionCreateXsoarIncidentParamType string `json:"action.create_xsoar_incident.param.type" url:"action.create_xsoar_incident.param.type"` + ActionSlackParamAttachment string `json:"action.slack.param.attachment,omitempty" url:"action.slack.param.attachment"` + ActionSlackParamChannel string `json:"action.slack.param.channel,omitempty" url:"action.slack.param.channel"` + ActionSlackParamFields string `json:"action.slack.param.fields,omitempty" url:"action.slack.param.fields"` + ActionSlackParamMessage string `json:"action.slack.param.message,omitempty" url:"action.slack.param.message"` + ActionSlackParamWebhookUrlOverride string `json:"action.slack.param.webhook_url_override,omitempty" url:"action.slack.param.webhook_url_override"` + ActionJiraServiceDeskParamAccount string `json:"action.jira_service_desk.param.account,omitempty" url:"action.jira_service_desk.param.account"` + ActionJiraServiceDeskParamJiraProject string `json:"action.jira_service_desk.param.jira_project,omitempty" url:"action.jira_service_desk.param.jira_project"` + ActionJiraServiceDeskParamJiraIssueType string `json:"action.jira_service_desk.param.jira_issue_type,omitempty" url:"action.jira_service_desk.param.jira_issue_type"` + ActionJiraServiceDeskParamJiraSummary string `json:"action.jira_service_desk.param.jira_summary,omitempty" url:"action.jira_service_desk.param.jira_summary"` + ActionJiraServiceDeskParamJiraPriority string `json:"action.jira_service_desk.param.jira_priority,omitempty" url:"action.jira_service_desk.param.jira_priority"` + ActionJiraServiceDeskParamJiraDescription string `json:"action.jira_service_desk.param.jira_description,omitempty" url:"action.jira_service_desk.param.jira_description"` + ActionWebhookParamUrl string `json:"action.webhook.param.url,omitempty" url:"action.webhook.param.url"` + ActionMsTeamsPublishToChannel bool `json:"action.ms_teams_publish_to_channel,omitempty" url:"action.ms_teams_publish_to_channel"` + ActionMsTeamsPublishToChannelCommand string `json:"action.ms_teams_publish_to_channel.command,omitempty" url:"action.ms_teams_publish_to_channel.command"` + ActionMsTeamsPublishToChannelDescription string `json:"action.ms_teams_publish_to_channel.description,omitempty" url:"action.ms_teams_publish_to_channel.description"` + ActionMsTeamsPublishToChannelHostname string `json:"action.ms_teams_publish_to_channel.hostname,omitempty" url:"action.ms_teams_publish_to_channel.hostname"` + ActionMsTeamsPublishToChannelIconPath string `json:"action.ms_teams_publish_to_channel.icon_path,omitempty" url:"action.ms_teams_publish_to_channel.icon_path"` + ActionMsTeamsPublishToChannelMaxresults int `json:"action.ms_teams_publish_to_channel.maxresults,omitempty" url:"action.ms_teams_publish_to_channel.maxresults"` + ActionMsTeamsPublishToChannelMaxtime string `json:"action.ms_teams_publish_to_channel.maxtime,omitempty" url:"action.ms_teams_publish_to_channel.maxtime"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsActivityTitle string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_activity_title,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_activity_title"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsFieldsList string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_list,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_list"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsFieldsOrder string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_order,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_fields_order"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsImageLink string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_image_link,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_image_link"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialActionName string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_name,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_name"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialActionName2 string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_name2,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_name2"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialUrl string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_url,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_url"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialUrl2 string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_url2,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_action_url2"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionBody string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_body,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_body"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionBodycontenttype string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_bodycontenttype,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_bodycontenttype"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionName string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_name,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_name"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionTarget string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_target,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_potential_postaction_target"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsThemeColor string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_theme_color,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_theme_color"` + ActionMsTeamsPublishToChannelParamAlertMsTeamsUrl string `json:"action.ms_teams_publish_to_channel.param.alert_ms_teams_url,omitempty" url:"action.ms_teams_publish_to_channel.param.alert_ms_teams_url"` + ActionMsTeamsPublishToChannelTrackAlert bool `json:"action.ms_teams_publish_to_channel.track_alert,omitempty" url:"action.ms_teams_publish_to_channel.track_alert"` + ActionMsTeamsPublishToChannelTtl string `json:"action.ms_teams_publish_to_channel.ttl,omitempty" url:"action.ms_teams_publish_to_channel.ttl"` + AlertDigestMode bool `json:"alert.digest_mode" url:"alert.digest_mode"` + AlertExpires string `json:"alert.expires,omitempty" url:"alert.expires,omitempty"` + AlertSeverity int `json:"alert.severity,omitempty" url:"alert.severity,omitempty"` + AlertSuppress bool `json:"alert.suppress" url:"alert.suppress"` + AlertSuppressFields string `json:"alert.suppress.fields,omitempty" url:"alert.suppress.fields,omitempty"` + AlertSuppressPeriod string `json:"alert.suppress.period,omitempty" url:"alert.suppress.period,omitempty"` + AlertTrack bool `json:"alert.track" url:"alert.track"` + AlertComparator string `json:"alert_comparator,omitempty" url:"alert_comparator,omitempty"` + AlertCondition string `json:"alert_condition,omitempty" url:"alert_condition,omitempty"` + AlertThreshold string `json:"alert_threshold,omitempty" url:"alert_threshold,omitempty"` + AlertType string `json:"alert_type,omitempty" url:"alert_type,omitempty"` + AllowSkew string `json:"allow_skew,omitempty" url:"allow_skew,omitempty"` + AutoSummarize bool `json:"auto_summarize,omitempty" url:"auto_summarize,omitempty"` + AutoSummarizeCommand string `json:"auto_summarize.command,omitempty" url:"auto_summarize.command,omitempty"` + AutoSummarizeCronSchedule string `json:"auto_summarize.cron_schedule,omitempty" url:"auto_summarize.cron_schedule,omitempty"` + AutoSummarizeDispatchEarliestTime string `json:"auto_summarize.dispatch.earliest_time,omitempty" url:"auto_summarize.dispatch.earliest_time,omitempty"` + AutoSummarizeDispatchLatestTime string `json:"auto_summarize.dispatch.latest_time,omitempty" url:"auto_summarize.dispatch.latest_time,omitempty"` + AutoSummarizeDispatchTimeFormat string `json:"auto_summarize.dispatch.time_format,omitempty" url:"auto_summarize.dispatch.time_format,omitempty"` + AutoSummarizeDispatchTTL string `json:"auto_summarize.dispatch.ttl,omitempty" url:"auto_summarize.dispatch.ttl,omitempty"` + AutoSummarizeMaxDisabledBuckets int `json:"auto_summarize.max_disabled_buckets,omitempty" url:"auto_summarize.max_disabled_buckets,omitempty"` + AutoSummarizeMaxSummaryRatio float64 `json:"auto_summarize.max_summary_ratio,omitempty" url:"auto_summarize.max_summary_ratio,omitempty"` + AutoSummarizeMaxSummarySize int `json:"auto_summarize.max_summary_size,omitempty" url:"auto_summarize.max_summary_size,omitempty"` + AutoSummarizeMaxTime int `json:"auto_summarize.max_time,omitempty" url:"auto_summarize.max_time,omitempty"` + AutoSummarizeSuspendPeriod string `json:"auto_summarize.suspend_period,omitempty" url:"auto_summarize.suspend_period,omitempty"` + AutoSummarizeTimespan string `json:"auto_summarize.timespan,omitempty" url:"auto_summarize.timespan,omitempty"` + CronSchedule string `json:"cron_schedule,omitempty" url:"cron_schedule,omitempty"` + Description string `json:"description,omitempty" url:"description,omitempty"` + Disabled bool `json:"disabled" url:"disabled"` + DispatchBuckets int `json:"dispatch.buckets,omitempty" url:"dispatch.buckets,omitempty"` + DispatchEarliestTime string `json:"dispatch.earliest_time,omitempty" url:"dispatch.earliest_time,omitempty"` + DispatchIndexEarliest string `json:"dispatch.index_earliest,omitempty" url:"dispatch.index_earliest,omitempty"` + DispatchIndexLatest string `json:"dispatch.index_latest,omitempty" url:"dispatch.index_latest,omitempty"` + DispatchIndexedRealtime bool `json:"dispatch.indexedRealtime" url:"dispatch.indexedRealtime"` + DispatchIndexedRealtimeOffset int `json:"dispatch.indexedRealtimeOffset" url:"dispatch.indexedRealtimeOffset,omitempty"` + DispatchIndexedRealtimeMinspan int `json:"dispatch.indexedRealtimeMinspan" url:"dispatch.indexedRealtimeMinspan,omitempty"` + DispatchLatestTime string `json:"dispatch.latest_time,omitempty" url:"dispatch.latest_time,omitempty"` + DispatchLookups bool `json:"dispatch.lookups" url:"dispatch.lookups"` + DispatchMaxCount int `json:"dispatch.max_count,omitempty" url:"dispatch.max_count,omitempty"` + DispatchMaxTime int `json:"dispatch.max_time,omitempty" url:"dispatch.max_time,omitempty"` + DispatchReduceFreq int `json:"dispatch.reduce_freq,omitempty" url:"dispatch.reduce_freq,omitempty"` + DispatchRtBackfill bool `json:"dispatch.rt_backfill" url:"dispatch.rt_backfill"` + DispatchRtMaximumSpan int `json:"dispatch.rt_maxtimespan" url:"dispatch.rt_maxtimespan,omitempty"` + DispatchSpawnProcess bool `json:"dispatch.spawn_process" url:"dispatch.spawn_process"` + DispatchTimeFormat string `json:"dispatch.time_format,omitempty" url:"dispatch.time_format,omitempty"` + DispatchTTL string `json:"dispatch.ttl,omitempty" url:"dispatch.ttl,omitempty"` + DisplayView string `json:"displayview,omitempty" url:"displayview,omitempty"` + IsScheduled bool `json:"is_scheduled" url:"is_scheduled"` + IsVisible bool `json:"is_visible" url:"is_visible"` + MaxConcurrent int `json:"max_concurrent,omitempty" url:"max_concurrent,omitempty"` + NextScheduledTime string `json:"next_scheduled_time,omitempty" url:"next_scheduled_time,omitempty"` + QualifiedSearch string `json:"qualifiedSearch,omitempty" url:"qualifiedSearch,omitempty"` + RealtimeSchedule bool `json:"realtime_schedule" url:"realtime_schedule"` + RequestUIDispatchApp string `json:"request.ui_dispatch_app,omitempty" url:"request.ui_dispatch_app,omitempty"` + RequestUIDispatchView string `json:"request.ui_dispatch_view,omitempty" url:"request.ui_dispatch_view,omitempty"` + RestartOnSearchPeerAdd bool `json:"restart_on_searchpeer_add" url:"restart_on_searchpeer_add"` + RunOnStartup bool `json:"run_on_startup" url:"run_on_startup"` + ScheduleWindow string `json:"schedule_window,omitempty" url:"schedule_window,omitempty"` + SchedulePriority string `json:"schedule_priority,omitempty" url:"schedule_priority,omitempty"` + Search string `json:"search,omitempty" url:"search,omitempty"` + VSID string `json:"vsid,omitempty" url:"vsid,omitempty"` + WorkloadPool string `json:"workload_pool,omitempty" url:"workload_pool,omitempty"` } diff --git a/splunk/resource_splunk_saved_searches.go b/splunk/resource_splunk_saved_searches.go index 7038ef41..8ae75a71 100644 --- a/splunk/resource_splunk_saved_searches.go +++ b/splunk/resource_splunk_saved_searches.go @@ -690,6 +690,151 @@ func savedSearches() *schema.Resource { Description: "URL to send the HTTP POST request to. Must be accessible from the Splunk server.", ValidateFunc: validation.StringMatch(regexp.MustCompile(`^https?://[^\s]+$`), "Webhook URL is invalid"), }, + "action_ms_teams_publish_to_channel": { + Type: schema.TypeBool, + Computed: true, + Description: "The state of the msteams action. Read-only attribute. " + + "Value ignored on POST. Use actions to specify a list of enabled actions. Defaults to 0.", + }, + "action_ms_teams_publish_to_channel_command": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The search command (or pipeline) which is responsible for executing the action." + + "Generally the command is a template search pipeline which is realized with values from the saved search." + + "To reference saved search field values wrap them in $, for example to reference the savedsearch name use $name$, to reference the search use $search$.", + }, + "action_ms_teams_publish_to_channel_description": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "A brief description of the event.", + }, + "action_ms_teams_publish_to_channel_hostname": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Sets the hostname used in the web link (url) sent in msteams actions." + + "This value accepts two forms:hostname (for example, splunkserver, splunkserver.example.com)", + }, + "action_ms_teams_publish_to_channel_icon_path": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "URL of the picture to be used for messages publication for this alert.", + }, + "action_ms_teams_publish_to_channel_maxresults": { + Type: schema.TypeInt, + Optional: true, + Computed: true, + Description: "Sets the global maximum number of search results to send when action_ms_teams_publish_to_channel.action is enabled." + + "Defaults to 100.", + }, + "action_ms_teams_publish_to_channel_maxtime": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Valid values are Integer[m|s|h|d]." + + "Specifies the maximum amount of time the execution of an ms_teams action takes before the action is aborted. Defaults to 5m.", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_activity_title": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Activity Title of the message, can include dynamic results. ($result.field$) This field is required.", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_fields_list": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Comma separated list of fields to include in the message. Each field has to be a field resulting from the search.", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_fields_order": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Order fields in the message publication", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_image_link": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "URL of the picture to be used for messages publication for this alert.", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_action_name": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Label of the open URL potential action. (optional unless value is defined)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_action_name2": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: " Label of the second open URL potential action. (optional unless value is defined)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_url": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: " URl value for the open URL potential action URL. (optional unless label is defined)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_url2": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "URl value for the second open URL potential action URL. (optional unless label is defined)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_body": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: " The body of the POST request. (optional)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_bodycontenttype": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: " The body of the POST request. (optional)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_name": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Label of the HttpPOST potential action. (optional unless target is defined)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_target": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Target value for the HttpPOST potential action. (optional unless label is defined)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_theme_color": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Specifies a custom brand color for the card in hexadecimal code format. (optional, defaults to 0076D7)", + }, + "action_ms_teams_publish_to_channel_param_alert_ms_teams_url": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Webhook URL, overrides default URL in global setting if defined. (https is enforced and added if not present)", + }, + "action_ms_teams_publish_to_channel_track_alert": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Indicates whether the execution of this action signifies a trackable alert.", + }, + "action_ms_teams_publish_to_channel_ttl": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "Valid values are Integer[p].Specifies the minimum time-to-live in seconds of the search artifacts if this action is triggered. " + + "If p follows , int is the number of scheduled periods. Defaults to 86400 (24 hours)." + + "If no actions are triggered, the artifacts have their ttl determined by dispatch.ttl in savedsearches.conf.", + }, "alert_digest_mode": { Type: schema.TypeBool, Optional: true, @@ -1490,6 +1635,76 @@ func savedSearchesRead(d *schema.ResourceData, meta interface{}) error { if err = d.Set("action_webhook_param_url", entry.Content.ActionWebhookParamUrl); err != nil { return err } + + if err = d.Set("action_ms_teams_publish_to_channel", entry.Content.ActionMsTeamsPublishToChannel); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_command", entry.Content.ActionMsTeamsPublishToChannelCommand); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_description", entry.Content.ActionMsTeamsPublishToChannelDescription); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_hostname", entry.Content.ActionMsTeamsPublishToChannelHostname); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_icon_path", entry.Content.ActionMsTeamsPublishToChannelIconPath); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_maxresults", entry.Content.ActionMsTeamsPublishToChannelMaxresults); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_maxtime", entry.Content.ActionMsTeamsPublishToChannelMaxtime); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_activity_title", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsActivityTitle); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_fields_list", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsFieldsList); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_fields_order", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsFieldsOrder); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_image_link", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsImageLink); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_action_name", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialActionName); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_action_name2", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialActionName2); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_url", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialUrl); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_url2", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialUrl2); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_body", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionBody); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_bodycontenttype", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionBodycontenttype); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_name", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionName); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_target", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionTarget); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_theme_color", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsThemeColor); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_param_alert_ms_teams_url", entry.Content.ActionMsTeamsPublishToChannelParamAlertMsTeamsUrl); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_track_alert", entry.Content.ActionMsTeamsPublishToChannelTrackAlert); err != nil { + return err + } + if err = d.Set("action_ms_teams_publish_to_channel_ttl", entry.Content.ActionMsTeamsPublishToChannelTtl); err != nil { + return err + } if err = d.Set("alert_digest_mode", entry.Content.AlertDigestMode); err != nil { return err } @@ -1727,166 +1942,189 @@ func savedSearchesDelete(d *schema.ResourceData, meta interface{}) error { func getSavedSearchesConfig(d *schema.ResourceData) (savedSearchesObj *models.SavedSearchObject) { savedSearchesObj = &models.SavedSearchObject{ - Actions: d.Get("actions").(string), - ActionEmail: d.Get("action_email").(bool), - ActionEmailAuthPassword: d.Get("action_email_auth_password").(string), - ActionEmailAuthUsername: d.Get("action_email_auth_username").(string), - ActionEmailBCC: d.Get("action_email_bcc").(string), - ActionEmailCC: d.Get("action_email_cc").(string), - ActionEmailFormat: d.Get("action_email_format").(string), - ActionEmailFrom: d.Get("action_email_from").(string), - ActionEmailHostname: d.Get("action_email_hostname").(string), - ActionEmailIncludeResultsLink: d.Get("action_email_include_results_link").(int), - ActionEmailIncludeSearch: d.Get("action_email_include_search").(int), - ActionEmailIncludeTrigger: d.Get("action_email_include_trigger").(int), - ActionEmailIncludeTriggerTime: d.Get("action_email_include_trigger_time").(int), - ActionEmailIncludeViewLink: d.Get("action_email_include_view_link").(int), - ActionEmailInline: d.Get("action_email_inline").(bool), - ActionEmailMailserver: d.Get("action_email_mailserver").(string), - ActionEmailMaxResults: d.Get("action_email_max_results").(int), - ActionEmailMaxTime: d.Get("action_email_max_time").(string), - ActionEmailMessageAlert: d.Get("action_email_message_alert").(string), - ActionEmailMessageReport: d.Get("action_email_message_report").(string), - ActionEmailPDFView: d.Get("action_email_pdfview").(string), - ActionEmailPreprocessResults: d.Get("action_email_preprocess_results").(string), - ActionEmailReportCIDFontList: d.Get("action_email_report_cid_font_list").(string), - ActionEmailReportIncludeSplunkLogo: d.Get("action_email_report_include_splunk_logo").(bool), - ActionEmailReportPaperOrientation: d.Get("action_email_report_paper_orientation").(string), - ActionEmailReportPaperSize: d.Get("action_email_report_paper_size").(string), - ActionEmailReportServerEnabled: d.Get("action_email_report_server_enabled").(bool), - ActionEmailReportServerURL: d.Get("action_email_report_server_url").(string), - ActionEmailSendCSV: d.Get("action_email_send_csv").(int), - ActionEmailSendPDF: d.Get("action_email_send_pdf").(bool), - ActionEmailSendResults: d.Get("action_email_send_results").(bool), - ActionEmailSubject: d.Get("action_email_subject").(string), - ActionEmailTo: d.Get("action_email_to").(string), - ActionEmailTrackAlert: d.Get("action_email_track_alert").(bool), - ActionEmailTTL: d.Get("action_email_ttl").(string), - ActionEmailUseSSL: d.Get("action_email_use_ssl").(bool), - ActionEmailUseTLS: d.Get("action_email_use_tls").(bool), - ActionEmailWidthSortColumns: d.Get("action_email_width_sort_columns").(bool), - ActionPagerdutyIntegrationURL: d.Get("action_pagerduty_integration_url").(string), - ActionPagerdutyIntegrationURLOverride: d.Get("action_pagerduty_integration_url_override").(string), - ActionPagerdutyParamCustDetails: d.Get("action_pagerduty_custom_details").(string), - ActionPagerdutyParamIntKey: d.Get("action_pagerduty_integration_key").(string), - ActionPagerdutyParamIntKeyOverride: d.Get("action_pagerduty_integration_key_override").(string), - ActionPopulateLookupCommand: d.Get("action_populate_lookup_command").(string), - ActionPopulateLookupDest: d.Get("action_populate_lookup_dest").(string), - ActionPopulateLookupHostname: d.Get("action_populate_lookup_hostname").(string), - ActionPopulateLookupMaxResults: d.Get("action_populate_lookup_max_results").(int), - ActionPopulateLookupMaxTime: d.Get("action_populate_lookup_max_time").(int), - ActionPopulateLookupTrackAlert: d.Get("action_populate_lookup_track_alert").(bool), - ActionPopulateLookupTTL: d.Get("action_populate_lookup_ttl").(string), - ActionRSSCommand: d.Get("action_rss_command").(string), - ActionRSSHostname: d.Get("action_rss_hostname").(string), - ActionRSSMaxResults: d.Get("action_rss_max_results").(int), - ActionRSSMaxTime: d.Get("action_rss_max_time").(int), - ActionRSSTrackAlert: d.Get("action_rss_track_alert").(bool), - ActionRSSTTL: d.Get("action_rss_ttl").(string), - ActionScriptCommand: d.Get("action_script_command").(string), - ActionScriptFilename: d.Get("action_script_filename").(string), - ActionScriptHostname: d.Get("action_script_hostname").(string), - ActionScriptMaxResults: d.Get("action_script_max_results").(int), - ActionScriptMaxTime: d.Get("action_script_max_time").(int), - ActionScriptTrackAlert: d.Get("action_script_track_alert").(bool), - ActionScriptTTL: d.Get("action_script_ttl").(string), - ActionSnowEventParamAccount: d.Get("action_snow_event_param_account").(string), - ActionSnowEventParamNode: d.Get("action_snow_event_param_node").(string), - ActionSnowEventParamType: d.Get("action_snow_event_param_type").(string), - ActionSnowEventParamResource: d.Get("action_snow_event_param_resource").(string), - ActionSnowEventParamSeverity: d.Get("action_snow_event_param_severity").(int), - ActionSnowEventParamDescription: d.Get("action_snow_event_param_description").(string), - ActionSnowEventParamCiIdentifier: d.Get("action_snow_event_param_ci_identifier").(string), - ActionSnowEventParamCustomFields: d.Get("action_snow_event_param_custom_fields").(string), - ActionSnowEventParamAdditionalInfo: d.Get("action_snow_event_param_additional_info").(string), - ActionSummaryIndex: d.Get("action_summary_index").(bool), - ActionSummaryIndexCommand: d.Get("action_summary_index_command").(string), - ActionSummaryIndexHostname: d.Get("action_summary_index_hostname").(string), - ActionSummaryIndexInline: d.Get("action_summary_index_inline").(bool), - ActionSummaryIndexMaxResults: d.Get("action_summary_index_max_results").(int), - ActionSummaryIndexMaxTime: d.Get("action_summary_index_max_time").(int), - ActionSummaryIndexName: d.Get("action_summary_index_name").(string), - ActionSummaryIndexTrackAlert: d.Get("action_summary_index_track_alert").(bool), - ActionSummaryIndexTTL: d.Get("action_summary_index_ttl").(string), - ActionCreateXsoarIncident: d.Get("action_create_xsoar_incident").(string), - ActionCreateXsoarIncidentParamSendAllServers: d.Get("action_create_xsoar_incident_param_send_all_servers").(string), - ActionCreateXsoarIncidentParamServerUrl: d.Get("action_create_xsoar_incident_param_server_url").(string), - ActionCreateXsoarIncidentParamIncidentName: d.Get("action_create_xsoar_incident_param_incident_name").(string), - ActionCreateXsoarIncidentParamDetails: d.Get("action_create_xsoar_incident_param_details").(string), - ActionCreateXsoarIncidentParamCustomFields: d.Get("action_create_xsoar_incident_param_custom_fields").(string), - ActionCreateXsoarIncidentParamSeverity: d.Get("action_create_xsoar_incident_param_severity").(string), - ActionCreateXsoarIncidentParamOccurred: d.Get("action_create_xsoar_incident_param_occurred").(string), - ActionCreateXsoarIncidentParamType: d.Get("action_create_xsoar_incident_param_type").(string), - ActionSlackParamAttachment: d.Get("action_slack_param_attachment").(string), - ActionSlackParamChannel: d.Get("action_slack_param_channel").(string), - ActionSlackParamFields: d.Get("action_slack_param_fields").(string), - ActionSlackParamMessage: d.Get("action_slack_param_message").(string), - ActionSlackParamWebhookUrlOverride: d.Get("action_slack_param_webhook_url_override").(string), - ActionJiraServiceDeskParamAccount: d.Get("action_jira_service_desk_param_account").(string), - ActionJiraServiceDeskParamJiraProject: d.Get("action_jira_service_desk_param_jira_project").(string), - ActionJiraServiceDeskParamJiraIssueType: d.Get("action_jira_service_desk_param_jira_issue_type").(string), - ActionJiraServiceDeskParamJiraSummary: d.Get("action_jira_service_desk_param_jira_summary").(string), - ActionJiraServiceDeskParamJiraPriority: d.Get("action_jira_service_desk_param_jira_priority").(string), - ActionJiraServiceDeskParamJiraDescription: d.Get("action_jira_service_desk_param_jira_description").(string), - ActionWebhookParamUrl: d.Get("action_webhook_param_url").(string), - AlertComparator: d.Get("alert_comparator").(string), - AlertCondition: d.Get("alert_condition").(string), - AlertDigestMode: d.Get("alert_digest_mode").(bool), - AlertExpires: d.Get("alert_expires").(string), - AlertSeverity: d.Get("alert_severity").(int), - AlertSuppress: d.Get("alert_suppress").(bool), - AlertSuppressFields: d.Get("alert_suppress_fields").(string), - AlertSuppressPeriod: d.Get("alert_suppress_period").(string), - AlertThreshold: d.Get("alert_threshold").(string), - AlertTrack: d.Get("alert_track").(bool), - AlertType: d.Get("alert_type").(string), - AutoSummarize: d.Get("auto_summarize").(bool), - AutoSummarizeCommand: d.Get("auto_summarize_command").(string), - AutoSummarizeCronSchedule: d.Get("auto_summarize_cron_schedule").(string), - AutoSummarizeDispatchEarliestTime: d.Get("auto_summarize_dispatch_earliest_time").(string), - AutoSummarizeDispatchLatestTime: d.Get("auto_summarize_dispatch_latest_time").(string), - AutoSummarizeDispatchTimeFormat: d.Get("auto_summarize_dispatch_time_format").(string), - AutoSummarizeDispatchTTL: d.Get("auto_summarize_dispatch_ttl").(string), - AutoSummarizeMaxDisabledBuckets: d.Get("auto_summarize_max_disabled_buckets").(int), - AutoSummarizeMaxSummaryRatio: d.Get("auto_summarize_max_summary_ratio").(float64), - AutoSummarizeMaxSummarySize: d.Get("auto_summarize_max_summary_size").(int), - AutoSummarizeMaxTime: d.Get("auto_summarize_max_time").(int), - AutoSummarizeSuspendPeriod: d.Get("auto_summarize_suspend_period").(string), - AutoSummarizeTimespan: d.Get("auto_summarize_timespan").(string), - CronSchedule: d.Get("cron_schedule").(string), - Description: d.Get("description").(string), - Disabled: d.Get("disabled").(bool), - DispatchBuckets: d.Get("dispatch_buckets").(int), - DispatchEarliestTime: d.Get("dispatch_earliest_time").(string), - DispatchIndexEarliest: d.Get("dispatch_index_earliest").(string), - DispatchIndexLatest: d.Get("dispatch_index_latest").(string), - DispatchIndexedRealtime: d.Get("dispatch_indexed_realtime").(bool), - DispatchIndexedRealtimeOffset: d.Get("dispatch_indexed_realtime_offset").(int), - DispatchIndexedRealtimeMinspan: d.Get("dispatch_indexed_realtime_minspan").(int), - DispatchLatestTime: d.Get("dispatch_latest_time").(string), - DispatchLookups: d.Get("dispatch_lookups").(bool), - DispatchMaxCount: d.Get("dispatch_max_count").(int), - DispatchMaxTime: d.Get("dispatch_max_time").(int), - DispatchReduceFreq: d.Get("dispatch_reduce_freq").(int), - DispatchRtBackfill: d.Get("dispatch_rt_backfill").(bool), - DispatchRtMaximumSpan: d.Get("dispatch_rt_maximum_span").(int), - DispatchSpawnProcess: d.Get("dispatch_spawn_process").(bool), - DispatchTimeFormat: d.Get("dispatch_time_format").(string), - DispatchTTL: d.Get("dispatch_ttl").(string), - DisplayView: d.Get("display_view").(string), - IsScheduled: d.Get("is_scheduled").(bool), - IsVisible: d.Get("is_visible").(bool), - MaxConcurrent: d.Get("max_concurrent").(int), - RealtimeSchedule: d.Get("realtime_schedule").(bool), - RequestUIDispatchApp: d.Get("request_ui_dispatch_app").(string), - RequestUIDispatchView: d.Get("request_ui_dispatch_view").(string), - RestartOnSearchPeerAdd: d.Get("restart_on_searchpeer_add").(bool), - RunOnStartup: d.Get("run_on_startup").(bool), - ScheduleWindow: d.Get("schedule_window").(string), - SchedulePriority: d.Get("schedule_priority").(string), - Search: d.Get("search").(string), - VSID: d.Get("vsid").(string), - WorkloadPool: d.Get("workload_pool").(string), + Actions: d.Get("actions").(string), + ActionEmail: d.Get("action_email").(bool), + ActionEmailAuthPassword: d.Get("action_email_auth_password").(string), + ActionEmailAuthUsername: d.Get("action_email_auth_username").(string), + ActionEmailBCC: d.Get("action_email_bcc").(string), + ActionEmailCC: d.Get("action_email_cc").(string), + ActionEmailFormat: d.Get("action_email_format").(string), + ActionEmailFrom: d.Get("action_email_from").(string), + ActionEmailHostname: d.Get("action_email_hostname").(string), + ActionEmailIncludeResultsLink: d.Get("action_email_include_results_link").(int), + ActionEmailIncludeSearch: d.Get("action_email_include_search").(int), + ActionEmailIncludeTrigger: d.Get("action_email_include_trigger").(int), + ActionEmailIncludeTriggerTime: d.Get("action_email_include_trigger_time").(int), + ActionEmailIncludeViewLink: d.Get("action_email_include_view_link").(int), + ActionEmailInline: d.Get("action_email_inline").(bool), + ActionEmailMailserver: d.Get("action_email_mailserver").(string), + ActionEmailMaxResults: d.Get("action_email_max_results").(int), + ActionEmailMaxTime: d.Get("action_email_max_time").(string), + ActionEmailMessageAlert: d.Get("action_email_message_alert").(string), + ActionEmailMessageReport: d.Get("action_email_message_report").(string), + ActionEmailPDFView: d.Get("action_email_pdfview").(string), + ActionEmailPreprocessResults: d.Get("action_email_preprocess_results").(string), + ActionEmailReportCIDFontList: d.Get("action_email_report_cid_font_list").(string), + ActionEmailReportIncludeSplunkLogo: d.Get("action_email_report_include_splunk_logo").(bool), + ActionEmailReportPaperOrientation: d.Get("action_email_report_paper_orientation").(string), + ActionEmailReportPaperSize: d.Get("action_email_report_paper_size").(string), + ActionEmailReportServerEnabled: d.Get("action_email_report_server_enabled").(bool), + ActionEmailReportServerURL: d.Get("action_email_report_server_url").(string), + ActionEmailSendCSV: d.Get("action_email_send_csv").(int), + ActionEmailSendPDF: d.Get("action_email_send_pdf").(bool), + ActionEmailSendResults: d.Get("action_email_send_results").(bool), + ActionEmailSubject: d.Get("action_email_subject").(string), + ActionEmailTo: d.Get("action_email_to").(string), + ActionEmailTrackAlert: d.Get("action_email_track_alert").(bool), + ActionEmailTTL: d.Get("action_email_ttl").(string), + ActionEmailUseSSL: d.Get("action_email_use_ssl").(bool), + ActionEmailUseTLS: d.Get("action_email_use_tls").(bool), + ActionEmailWidthSortColumns: d.Get("action_email_width_sort_columns").(bool), + ActionPagerdutyIntegrationURL: d.Get("action_pagerduty_integration_url").(string), + ActionPagerdutyIntegrationURLOverride: d.Get("action_pagerduty_integration_url_override").(string), + ActionPagerdutyParamCustDetails: d.Get("action_pagerduty_custom_details").(string), + ActionPagerdutyParamIntKey: d.Get("action_pagerduty_integration_key").(string), + ActionPagerdutyParamIntKeyOverride: d.Get("action_pagerduty_integration_key_override").(string), + ActionPopulateLookupCommand: d.Get("action_populate_lookup_command").(string), + ActionPopulateLookupDest: d.Get("action_populate_lookup_dest").(string), + ActionPopulateLookupHostname: d.Get("action_populate_lookup_hostname").(string), + ActionPopulateLookupMaxResults: d.Get("action_populate_lookup_max_results").(int), + ActionPopulateLookupMaxTime: d.Get("action_populate_lookup_max_time").(int), + ActionPopulateLookupTrackAlert: d.Get("action_populate_lookup_track_alert").(bool), + ActionPopulateLookupTTL: d.Get("action_populate_lookup_ttl").(string), + ActionRSSCommand: d.Get("action_rss_command").(string), + ActionRSSHostname: d.Get("action_rss_hostname").(string), + ActionRSSMaxResults: d.Get("action_rss_max_results").(int), + ActionRSSMaxTime: d.Get("action_rss_max_time").(int), + ActionRSSTrackAlert: d.Get("action_rss_track_alert").(bool), + ActionRSSTTL: d.Get("action_rss_ttl").(string), + ActionScriptCommand: d.Get("action_script_command").(string), + ActionScriptFilename: d.Get("action_script_filename").(string), + ActionScriptHostname: d.Get("action_script_hostname").(string), + ActionScriptMaxResults: d.Get("action_script_max_results").(int), + ActionScriptMaxTime: d.Get("action_script_max_time").(int), + ActionScriptTrackAlert: d.Get("action_script_track_alert").(bool), + ActionScriptTTL: d.Get("action_script_ttl").(string), + ActionSnowEventParamAccount: d.Get("action_snow_event_param_account").(string), + ActionSnowEventParamNode: d.Get("action_snow_event_param_node").(string), + ActionSnowEventParamType: d.Get("action_snow_event_param_type").(string), + ActionSnowEventParamResource: d.Get("action_snow_event_param_resource").(string), + ActionSnowEventParamSeverity: d.Get("action_snow_event_param_severity").(int), + ActionSnowEventParamDescription: d.Get("action_snow_event_param_description").(string), + ActionSnowEventParamCiIdentifier: d.Get("action_snow_event_param_ci_identifier").(string), + ActionSnowEventParamCustomFields: d.Get("action_snow_event_param_custom_fields").(string), + ActionSnowEventParamAdditionalInfo: d.Get("action_snow_event_param_additional_info").(string), + ActionSummaryIndex: d.Get("action_summary_index").(bool), + ActionSummaryIndexCommand: d.Get("action_summary_index_command").(string), + ActionSummaryIndexHostname: d.Get("action_summary_index_hostname").(string), + ActionSummaryIndexInline: d.Get("action_summary_index_inline").(bool), + ActionSummaryIndexMaxResults: d.Get("action_summary_index_max_results").(int), + ActionSummaryIndexMaxTime: d.Get("action_summary_index_max_time").(int), + ActionSummaryIndexName: d.Get("action_summary_index_name").(string), + ActionSummaryIndexTrackAlert: d.Get("action_summary_index_track_alert").(bool), + ActionSummaryIndexTTL: d.Get("action_summary_index_ttl").(string), + ActionCreateXsoarIncident: d.Get("action_create_xsoar_incident").(string), + ActionCreateXsoarIncidentParamSendAllServers: d.Get("action_create_xsoar_incident_param_send_all_servers").(string), + ActionCreateXsoarIncidentParamServerUrl: d.Get("action_create_xsoar_incident_param_server_url").(string), + ActionCreateXsoarIncidentParamIncidentName: d.Get("action_create_xsoar_incident_param_incident_name").(string), + ActionCreateXsoarIncidentParamDetails: d.Get("action_create_xsoar_incident_param_details").(string), + ActionCreateXsoarIncidentParamCustomFields: d.Get("action_create_xsoar_incident_param_custom_fields").(string), + ActionCreateXsoarIncidentParamSeverity: d.Get("action_create_xsoar_incident_param_severity").(string), + ActionCreateXsoarIncidentParamOccurred: d.Get("action_create_xsoar_incident_param_occurred").(string), + ActionCreateXsoarIncidentParamType: d.Get("action_create_xsoar_incident_param_type").(string), + ActionSlackParamAttachment: d.Get("action_slack_param_attachment").(string), + ActionSlackParamChannel: d.Get("action_slack_param_channel").(string), + ActionSlackParamFields: d.Get("action_slack_param_fields").(string), + ActionSlackParamMessage: d.Get("action_slack_param_message").(string), + ActionSlackParamWebhookUrlOverride: d.Get("action_slack_param_webhook_url_override").(string), + ActionJiraServiceDeskParamAccount: d.Get("action_jira_service_desk_param_account").(string), + ActionJiraServiceDeskParamJiraProject: d.Get("action_jira_service_desk_param_jira_project").(string), + ActionJiraServiceDeskParamJiraIssueType: d.Get("action_jira_service_desk_param_jira_issue_type").(string), + ActionJiraServiceDeskParamJiraSummary: d.Get("action_jira_service_desk_param_jira_summary").(string), + ActionJiraServiceDeskParamJiraPriority: d.Get("action_jira_service_desk_param_jira_priority").(string), + ActionJiraServiceDeskParamJiraDescription: d.Get("action_jira_service_desk_param_jira_description").(string), + ActionWebhookParamUrl: d.Get("action_webhook_param_url").(string), + ActionMsTeamsPublishToChannel: d.Get("action_ms_teams_publish_to_channel").(bool), + ActionMsTeamsPublishToChannelCommand: d.Get("action_ms_teams_publish_to_channel_command").(string), + ActionMsTeamsPublishToChannelDescription: d.Get("action_ms_teams_publish_to_channel_description").(string), + ActionMsTeamsPublishToChannelHostname: d.Get("action_ms_teams_publish_to_channel_hostname").(string), + ActionMsTeamsPublishToChannelIconPath: d.Get("action_ms_teams_publish_to_channel_icon_path").(string), + ActionMsTeamsPublishToChannelMaxresults: d.Get("action_ms_teams_publish_to_channel_maxresults").(int), + ActionMsTeamsPublishToChannelMaxtime: d.Get("action_ms_teams_publish_to_channel_maxtime").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsActivityTitle: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_activity_title").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsFieldsList: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_fields_list").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsFieldsOrder: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_fields_order").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsImageLink: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_image_link").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialActionName: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_action_name").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialActionName2: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_action_name2").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialUrl: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_url").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialUrl2: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_url2").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionBody: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_body").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionBodycontenttype: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_bodycontenttype").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionName: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_name").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsPotentialPostactionTarget: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_potential_postaction_target").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsThemeColor: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_theme_color").(string), + ActionMsTeamsPublishToChannelParamAlertMsTeamsUrl: d.Get("action_ms_teams_publish_to_channel_param_alert_ms_teams_url").(string), + ActionMsTeamsPublishToChannelTrackAlert: d.Get("action_ms_teams_publish_to_channel_track_alert").(bool), + ActionMsTeamsPublishToChannelTtl: d.Get("action_ms_teams_publish_to_channel_ttl").(string), + AlertComparator: d.Get("alert_comparator").(string), + AlertCondition: d.Get("alert_condition").(string), + AlertDigestMode: d.Get("alert_digest_mode").(bool), + AlertExpires: d.Get("alert_expires").(string), + AlertSeverity: d.Get("alert_severity").(int), + AlertSuppress: d.Get("alert_suppress").(bool), + AlertSuppressFields: d.Get("alert_suppress_fields").(string), + AlertSuppressPeriod: d.Get("alert_suppress_period").(string), + AlertThreshold: d.Get("alert_threshold").(string), + AlertTrack: d.Get("alert_track").(bool), + AlertType: d.Get("alert_type").(string), + AutoSummarize: d.Get("auto_summarize").(bool), + AutoSummarizeCommand: d.Get("auto_summarize_command").(string), + AutoSummarizeCronSchedule: d.Get("auto_summarize_cron_schedule").(string), + AutoSummarizeDispatchEarliestTime: d.Get("auto_summarize_dispatch_earliest_time").(string), + AutoSummarizeDispatchLatestTime: d.Get("auto_summarize_dispatch_latest_time").(string), + AutoSummarizeDispatchTimeFormat: d.Get("auto_summarize_dispatch_time_format").(string), + AutoSummarizeDispatchTTL: d.Get("auto_summarize_dispatch_ttl").(string), + AutoSummarizeMaxDisabledBuckets: d.Get("auto_summarize_max_disabled_buckets").(int), + AutoSummarizeMaxSummaryRatio: d.Get("auto_summarize_max_summary_ratio").(float64), + AutoSummarizeMaxSummarySize: d.Get("auto_summarize_max_summary_size").(int), + AutoSummarizeMaxTime: d.Get("auto_summarize_max_time").(int), + AutoSummarizeSuspendPeriod: d.Get("auto_summarize_suspend_period").(string), + AutoSummarizeTimespan: d.Get("auto_summarize_timespan").(string), + CronSchedule: d.Get("cron_schedule").(string), + Description: d.Get("description").(string), + Disabled: d.Get("disabled").(bool), + DispatchBuckets: d.Get("dispatch_buckets").(int), + DispatchEarliestTime: d.Get("dispatch_earliest_time").(string), + DispatchIndexEarliest: d.Get("dispatch_index_earliest").(string), + DispatchIndexLatest: d.Get("dispatch_index_latest").(string), + DispatchIndexedRealtime: d.Get("dispatch_indexed_realtime").(bool), + DispatchIndexedRealtimeOffset: d.Get("dispatch_indexed_realtime_offset").(int), + DispatchIndexedRealtimeMinspan: d.Get("dispatch_indexed_realtime_minspan").(int), + DispatchLatestTime: d.Get("dispatch_latest_time").(string), + DispatchLookups: d.Get("dispatch_lookups").(bool), + DispatchMaxCount: d.Get("dispatch_max_count").(int), + DispatchMaxTime: d.Get("dispatch_max_time").(int), + DispatchReduceFreq: d.Get("dispatch_reduce_freq").(int), + DispatchRtBackfill: d.Get("dispatch_rt_backfill").(bool), + DispatchRtMaximumSpan: d.Get("dispatch_rt_maximum_span").(int), + DispatchSpawnProcess: d.Get("dispatch_spawn_process").(bool), + DispatchTimeFormat: d.Get("dispatch_time_format").(string), + DispatchTTL: d.Get("dispatch_ttl").(string), + DisplayView: d.Get("display_view").(string), + IsScheduled: d.Get("is_scheduled").(bool), + IsVisible: d.Get("is_visible").(bool), + MaxConcurrent: d.Get("max_concurrent").(int), + RealtimeSchedule: d.Get("realtime_schedule").(bool), + RequestUIDispatchApp: d.Get("request_ui_dispatch_app").(string), + RequestUIDispatchView: d.Get("request_ui_dispatch_view").(string), + RestartOnSearchPeerAdd: d.Get("restart_on_searchpeer_add").(bool), + RunOnStartup: d.Get("run_on_startup").(bool), + ScheduleWindow: d.Get("schedule_window").(string), + SchedulePriority: d.Get("schedule_priority").(string), + Search: d.Get("search").(string), + VSID: d.Get("vsid").(string), + WorkloadPool: d.Get("workload_pool").(string), } return savedSearchesObj }