REST Profiler for Splunk

Most HTTP alert actions make you retype an endpoint, headers, and credentials into every alert — in plain text. REST Profiler takes a different approach: requests are profiles managed once on a dedicated configuration page with all secrets encrypted in Splunk secure storage, then reused everywhere. Typical use cases: - Notify through any SMS or messaging gateway— call Twilio, Kavenegar, or any HTTP SMS API with the alert's fields templated into the request body. - Exchange security incidents (IODEF— deliver RFC 7970 IODEF XML incident documents to a CSIRT/CERT endpoint, with mutual-TLS client-certificate authentication where required. - Create and update tickets— open incidents in ServiceNow, Jira, or any REST-capable ITSM tool, one ticket per triggering result row. - Trigger SOAR / automation platforms— kick off playbooks via webhook with validated delivery (expected status codes, response-content checks) and automatic retry with exponential backoff. - Send chat notifications— post to Slack, Microsoft Teams, Mattermost, or any incoming-webhook endpoint. - Integrate with internal systems— reach services behind a corporate proxy (HTTP/HTTPS/SOCKS5, with separate proxy credentials), including self-signed or private-CA TLS endpoints. Feature highlights: - Reusable profiles: create, edit, clone, delete from a dedicated UI. - Exact request Preview(secrets masked) and live Test send per profile. - All HTTP methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS. - Authentication: none, HTTP Basic, token/bearer (custom header and prefix), and mutual TLS* (client certificate, optional encrypted private-key passphrase). - Secrets (passwords, tokens, certificates, passphrases) encrypted in Splunk secure storage; never shown in previews or logs. - Per-row result delivery: send each triggering result as a JSON, XML, or form-urlencoded body, as URL query parameters, or through a custom `$field$` template in the body and URL. - Reliability controls per profile: request timeout, retry with exponential backoff (connection errors, optionally HTTP 5xx/429), rate limiting between requests, and response validation (expected status codes, required body content). - Proxy support per profile: HTTP, HTTPS, or SOCKS5, with a separate proxy-authentication option. - `| restprofilersend` search command for ad-hoc and scheduled execution. - Monitoring dashboard, configurable logging level, and a built-in Search view.