feat: Upgrade CIM to 6.0.0 (#896)

siddharth-khatsuriya · dvarasani-crest · commit a46eed1bcb7b · 2025-02-05T15:24:07.000+05:30
Added changes based on CIM 6.0.0 and CIM 5.3.2 changes Added Session ID in Authentication Model: https://cd.splunkdev.com/EnterpriseSecurity/sa-commoninformationmodel/-/merge_requests/545 Signature field description change in Intrusion Detection Model: https://cd.splunkdev.com/EnterpriseSecurity/sa-commoninformationmodel/-/merge_requests/542 Protocol Version description change in Network Traffic Model: https://cd.splunkdev.com/EnterpriseSecurity/sa-commoninformationmodel/-/merge_requests/544 Power field description change in Performance Model: https://cd.splunkdev.com/EnterpriseSecurity/sa-commoninformationmodel/-/merge_requests/543
diff --git a/pytest_splunk_addon/data_models/Authentication.json b/pytest_splunk_addon/data_models/Authentication.json
@@ -70,6 +70,11 @@
           "validity": "if(isnum(response_time) and response_time>0 AND response_time<3600,response_time,null())",
           "comment": "The amount of time it took to receive a response in the authentication event, in seconds."
         },
+        {
+          "name": "session_id",
+          "type": "optional",
+          "comment": "The unique identifier assigned to the login session."
+        },
         {
           "name": "signature",
           "type": "optional",
diff --git a/pytest_splunk_addon/data_models/Intrusion_Detection.json b/pytest_splunk_addon/data_models/Intrusion_Detection.json
@@ -74,7 +74,7 @@
         {
           "name": "signature",
           "type": "required",
-          "comment": "The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre. This is a string value. Use a signature_id field (not included in this data model) for numeric indicators."
+          "comment": "The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre."
         },
         {
           "name": "signature_id",
diff --git a/pytest_splunk_addon/data_models/Network_Traffic.json b/pytest_splunk_addon/data_models/Network_Traffic.json
@@ -187,7 +187,7 @@
           "type": "conditional",
           "condition": "protocol=ip",
           "expected_values": ["ipv4", "ipv6"],
-          "comment": "Version of the OSI layer 3 protocol."
+          "comment": "Version of the OSI layer 3 protocol, in lower case."
         },
         {
           "name": "response_time",
diff --git a/pytest_splunk_addon/data_models/Performance.json b/pytest_splunk_addon/data_models/Performance.json
@@ -78,7 +78,7 @@
                         {
                             "name": "power",
                             "type": "optional",
-                            "comment": "Amount of power consumed by the facilities resource, in Kw\/h."
+                            "comment": "Amount of power consumed by the facilities resource, in kW."
                         },
                         {
                             "name": "fan_speed",

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@`
`74`	`74`	`{`
`75`	`75`	`"name": "signature",`
`76`	`76`	`"type": "required",`
`77`		`- "comment": "The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre. This is a string value. Use a signature_id field (not included in this data model) for numeric indicators."`
	`77`	`+ "comment": "The name of the intrusion detected on the client (the src), such as PlugAndPlay_BO and JavaScript_Obfuscation_Fre."`
`78`	`78`	`},`
`79`	`79`	`{`
`80`	`80`	`"name": "signature_id",`
Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@`
`187`	`187`	`"type": "conditional",`
`188`	`188`	`"condition": "protocol=ip",`
`189`	`189`	`"expected_values": ["ipv4", "ipv6"],`
`190`		`- "comment": "Version of the OSI layer 3 protocol."`
	`190`	`+ "comment": "Version of the OSI layer 3 protocol, in lower case."`
`191`	`191`	`},`
`192`	`192`	`{`
`193`	`193`	`"name": "response_time",`
Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@`
`78`	`78`	`{`
`79`	`79`	`"name": "power",`
`80`	`80`	`"type": "optional",`
`81`		`- "comment": "Amount of power consumed by the facilities resource, in Kw\/h."`
	`81`	`+ "comment": "Amount of power consumed by the facilities resource, in kW."`
`82`	`82`	`},`
`83`	`83`	`{`
`84`	`84`	`"name": "fan_speed",`