Developing for Splunk Enterprise

How to setup python script for Remedy WSDL authentication in a workflow action?

Motivator

I am configuring a Remedy integration with Splunk to use the Remedy WSDL feature to generate tickets in Remedy via Splunk. I have the python script setup and working. The snag I have run into is when trying to add a work flow action for manual ticket creation, I cannot figure out how to get the alert_actions script (which sets up the authentication to Remedy) to be used in the workflow action for manual ticket creation from the Splunk UI. I guess I need to know how to call the python script I have included below in a work flow action...

Any help would be greatly appreciated!

This is the code that works for the auto ticket creation using alert_actions.conf for the WSDL (I removed sensitive info):

#!/usr/bin/python

import logging

from suds.client import Client
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.client').setLevel(logging.DEBUG)

#import logging
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.client').setLevel(logging.DEBUG)
logging.getLogger('suds.transport').setLevel(logging.DEBUG)


#url = 'http://[server_name]:8081/arsys/WSDL/public/[server_name]/HPD_IncidentInterface_Create_WS'
url = 'http://[server_name]:8081/arsys/WSDL/public/[server_name]/HPD_IncidentInterface_Create_WS'

client = Client(url, username='$username$', password='$password$')

print client
user = client.factory.create('AuthenticationInfo')
user['userName'] = '$username$'
user['password'] = '$password$'
client.set_options(soapheaders=user)

result = client.service.HelpDesk_Submit_Service(
Reported_source='Systems Management',
Impact='3-Moderate/Limited',
Urgency='3-Medium',
Notes='Threat Detection Test',
Service_Type='User Service Request',
Action='CREATE',
First_Name='SSLContract',
Last_Name='Management',
Summary='Threat Detection Test 2',
Product_Name='SSL Certificate',
Product_Categorization_Tier_1='Software',
Product_Categorization_Tier_2='Application',
Product_Categorization_Tier_3='Information Security',
Categorization_Tier_1='Threat Management', 
Categorization_Tier_2='Remediate', 
Categorization_Tier_3='Worm', 
)
'''result = client.service.HelpDesk_Submit_Service(
Assigned_Group='cyber_security', 
Assigned_Group_Shift_Name='', 
Assigned_Support_Company='[Company_Name]', 
Assigned_Support_Organization='', 
Assignee='', 
Categorization_Tier_1='', 
Categorization_Tier_2='', 
Categorization_Tier_3='', 
CI_Name='', 
Closure_Manufacturer='', 
Closure_Product_Category_Tier1='', 
Closure_Product_Category_Tier2='', 
Closure_Product_Category_Tier3='', 
Closure_Product_Model_Version='', 
Closure_Product_Name='', 
Department='', 
First_Name='', 
Impact='4-Minor/Localized', 
Last_Name='', 
Lookup_Keyword='', 
Manufacturer='Remedy', 
Product_Categorization_Tier_1='' , 
Product_Categorization_Tier_2='', 
Product_Categorization_Tier_3='', 
Product_Model_Version='', 
Product_Name='Remedy',
Reported_Source='', #This should be of type Reported_SourceType
Resolution='', 
Resolution_Category_Tier_1= , 
Resolution_Category_Tier_2= , 
Resolution_Category_Tier_3= , 
Service_Type
Service_Type='User Service Restoration', 
Status='New',
Action='New' ,
Create_Request='',
Summary='Testing - Cyber Security - Ignore - Summary', 
Notes='Testing - Cyber Security - Ignore - Notes', 
Urgency='4-Low' , 
Work_Info_Summary= , 
Work_Info_Notes= , 
Work_Info_TypeType ,
Work_Info_Type= , 
Work_Info_Date= , 
#Work_Info_SourceType ,
#Work_Info_Source= , 
#Create_RequestType ,
#Work_Info_Locked= , 
#Work_Info_View_AccessType ,
#Work_Info_View_Access= , 
#Middle_Initial= , 
#Status_ReasonType,
#Status_Reason= , 
#Direct_Contact_First_Name= , 
#Direct_Contact_Middle_Initial= , 
#Direct_Contact_Last_Name= , 
#TemplateID= , 
#ServiceCI='tavm', 
#ServiceCI_ReconID= , 
#HPD_CI= , 
#HPD_CI_ReconID= , 
#HPD_CI_FormName= , 
#WorkInfoAttachment1Name= , 
#WorkInfoAttachment1Data= , 
#WorkInfoAttachment1OrigSize= , 
Login_ID='userid', 
#Incident_Number='INC999999',
#Direct_Contact_Company='[Company Name]'
)'''
print result

#remedy_prob.set_options(soapheaders=user)

#print client.service.queryModuleNames("param1") # this is an exposed method
#print client.last_received() # this is handy to see



#remedy_prob = suds.client.Client(prob_url)
#user = remedy_prob.factory.create('AuthenticationInfo')
##user['userName'] = 'user'
#user['password'] = 'password'
#remedy_prob.set_options(soapheaders=user)



#Service ( HPD_IncidentInterface_Create_WSService ) tns="urn:HPD_IncidentInterface_Create_WS"
#   Prefixes (1)
#      ns0 = "urn:HPD_IncidentInterface_Create_WS"
#   Ports (1):
#      (HPD_IncidentInterface_Create_WSPortTypeSoap)
#         Methods (1):
#            HelpDesk_Submit_Service(xs:string Assigned_Group, xs:string Assigned_Group_Shift_Name, xs:string Assigned_Support_Company, xs:string Assigned_Support_Organization, xs:string Assignee, xs:string Categorization_Tier_1, xs:string Categorization_Tier_2, xs:string Categorization_Tier_3, xs:string CI_Name, xs:string Closure_Manufacturer, xs:string Closure_Product_Category_Tier1, xs:string Closure_Product_Category_Tier2, xs:string Closure_Product_Category_Tier3, xs:string Closure_Product_Model_Version, xs:string Closure_Product_Name, xs:string Department, xs:string First_Name, ImpactType Impact, xs:string Last_Name, xs:string Lookup_Keyword, xs:string Manufacturer, xs:string Product_Categorization_Tier_1, xs:string Product_Categorization_Tier_2, xs:string Product_Categorization_Tier_3, xs:string Product_Model_Version, xs:string Product_Name, Reported_SourceType Reported_Source, xs:string Resolution, xs:string Resolution_Category_Tier_1, xs:string Resolution_Category_Tier_2, xs:string Resolution_Category_Tier_3, Service_TypeType Service_Type, StatusType Status, xs:string Action, Create_RequestType Create_Request, xs:string Summary, xs:string Notes, UrgencyType Urgency, xs:string Work_Info_Summary, xs:string Work_Info_Notes, Work_Info_TypeType Work_Info_Type, xs:dateTime Work_Info_Date, Work_Info_SourceType Work_Info_Source, Create_RequestType Work_Info_Locked, Work_Info_View_AccessType Work_Info_View_Access, xs:string Middle_Initial, Status_ReasonType Status_Reason, xs:string Direct_Contact_First_Name, xs:string Direct_Contact_Middle_Initial, xs:string Direct_Contact_Last_Name, xs:string TemplateID, xs:string ServiceCI, xs:string ServiceCI_ReconID, xs:string HPD_CI, xs:string HPD_CI_ReconID, xs:string HPD_CI_FormName, xs:string WorkInfoAttachment1Name, xs:base64Binary WorkInfoAttachment1Data, xs:int WorkInfoAttachment1OrigSize, xs:string Login_ID, xs:string Direct_Contact_Company, )
#         Types (13):
#            AuthenticationInfo
#            CreateInputMap
#            CreateOutputMap
#    (1000000163, new Value(4000));  // Impact - (High) 1000/2000/3000/4000 (Low)  

#newEntry.put(1000000162, new Value(4000));  // Urgency - (High) 1000/2000/3000/4000 (Low)  

#newEntry.put(1000000000, new Value("xyz")); // Description  

#newEntry.put(1000000151, new Value("xyz")); // Details  

#newEntry.put(1000000099, new Value(0));     // Service Type - 0/1/2/3  

#newEntry.put(240001002, new Value("xyz"));  // Product Name  

#newEntry.put(200000003, new Value("xyz"));  // Product Cat Tier 1  

#newEntry.put(240001002, new Value("xyz"));  // Product Cat Tier 2  

#newEntry.put(200000005, new Value("xyz"));  // Product Cat Tier 3  

#newEntry.put(1000000063, new Value("xyz")); // Operational Cat Tier 1  

#newEntry.put(1000000064, new Value("xyz")); // Operational Cat Tier 2  

#newEntry.put(1000000217, new Value("xyz")); // Assigned Group  

#newEntry.put(1000000054, new Value("xyz")); // Corporate ID  

#newEntry.put(2, new Value("Demo"));  
    Create_RequestType
#            ImpactType
#            Reported_SourceType
#            Service_TypeType
#            StatusType
#            Status_ReasonType
#            UrgencyType
#            Work_Info_SourceType
#            Work_Info_TypeType
#            Work_Info_View_AccessType
#
#

#newEntry.put(7, new Value(0));          // Status  

#newEntry.put(8, new Value("This record is created via Java API"));  // Short Description  

#newEntry.put
0 Karma
1 Solution

Explorer

With the BIG disclaimer that this is ugly ugly ugly:

Create a local specialised HTTP proxy that accepts username and password as additional URL arguments, sets appropriate Headers:, strips out the additional arguments, and then pushes the rest to the real backend. It's not ideal.

View solution in original post

Explorer

With the BIG disclaimer that this is ugly ugly ugly:

Create a local specialised HTTP proxy that accepts username and password as additional URL arguments, sets appropriate Headers:, strips out the additional arguments, and then pushes the rest to the real backend. It's not ideal.

View solution in original post

Motivator

It ended up being easier to set it up as a lookup in Splunk instead of a workflow action. Curious thing is, once I set it up as a lookup, I was able to make the lookup a workflow action!

0 Karma

Path Finder

interested in how you did this with lookup...???

0 Karma

Motivator

I put the script under the app directory's bin directory and then created an entry for lookup using an external script.

In lookup definitions, set to external.

In Command it will looks something like this: create_ticket.py coid tier1 tier2 tier3 impact urgency summary notes incident_number Msg

In supported fields: coid, tier1, tier2, tier3, impact, urgency, summary, notes, incident_number, Msg

Hopefully this helps you.

0 Karma

Path Finder

nice. tks v much

0 Karma

Motivator

You will need to import the suds library into Splunk Python (not supported).

0 Karma

New Member

How exactly are the parameters passed to the Python script?
Also - is there a way to let the user add some more info to the script (e.g. comment, Remedy ticket title, etc.)? Maybe open a dialog in the Splunk UI (I might be pushing it...)?
And how do you get the logged in user to the Python script (to be the Remedy ticket requester)?

0 Karma

Explorer

(ps. you could probably achieve the same with Apache mod_proxy and mod_rewrite ... but then you can do pretty much anything with mod_rewrite 🙂

0 Karma

Motivator

Still cannot get this working correctly, any help would be great! I'd be happy to share the rest of the code with the Splunk community...

0 Karma

Motivator

I have searched for the configs to setup the workflow_actions.conf but I don't see anything about pre-posting authentication... Surely there is a way to set this up...

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!