Splunk: Feature Add - Boolean to use event_id as SDI

[zamastyle]

Please ensure your pull request (PR) adheres to the following guidelines:

• Please refer to our contributing documentation for any questions on submitting a pull request, link: Contribution Guide

Pull Request Checklist

Please check if your PR fulfills the following requirements:

• Testing of all the changes has been performed (for bug fixes / features)
• The manual_readme_content.md has been reviewed and added / updated if needed (for bug fixes / features)
• Use the following format for the PR description: <App Name>: <PR Type> - <PR Description>
• Provide release notes as part of the PR submission which describe high level points about the changes for the upcoming GA release.
• Verify all checks are passing.
• Do NOT use the next branch of the forked repo. Create separate feature branch for raising the PR.
• Do NOT submit updates to dependencies unless it fixes an issue.

Pull Request Type

Please check the type of change your PR introduces:

• New App
• Bugfix
• Feature
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no api changes)
• Documentation
• Other (please describe):

Security Considerations (REQUIRED)

• If you are exposing any endpoints using a REST handler,
  please document them in the manual_readme_content.md.
• If this is a new connector or you are adding new actions
  • Please document in the manual_readme_content.md all methods (eg, OAuth) used to authenticate
    with the service that the connector is integrating with.
  • If any actions are unable to run on SOAR Cloud, please document this in the manual_readme_content.md.
• Are you introducing any new cryptography modules? If yes, please elaborate their purpose:
• Are you are accessing the file system? If yes, please verify that you are only accessing paths returned through
  the Vault API.
• Are you are marking code to be ignored by Semgrep with nosemgrep?
  If yes, please provide justification in an additional comment next to the ignored code.

Release Notes (REQUIRED)

• Provide release notes as part of the PR submission which describe high level points about the changes for the upcoming GA release.

Added 'use_event_id_sdi' parameter to asset config to allow updated event ingestion into the original container

What is the current behavior? (OPTIONAL)

• Describe the current behavior that you are modifying.

The app currently uses a hash of the full event as the source data identifier which causes any updates to the event to be re-ingested as a wholly new container.

What is the new behavior? (OPTIONAL)

• Describe the behavior or changes that are being added by this PR.

A boolean has been added to the asset config to allow using the event_id field value as the SDI. This changes the behavior to ingest any updated events as new artifacts under the original event container.

Other information (OPTIONAL)

• Any other information that is important to this PR such as screenshots of how the component looks before and after the change.

Pay close attention to (OPTIONAL)

• Any specific code change or test case points which must be addressed/reviewed at the time of GA release.

Screenshots (if relevant)

---

Thanks for contributing!

[splunk-soar-connectors-bot]

Thank you for your submission! We have a total of 24 PRs open right now, and we are working hard on all of them! We will take a look as soon as we can.

[splunk-soar-connectors-bot]

@zamastyle Static Tests results for commit 033459d - https://drive.google.com/file/d/1Ek9FOOA33gBaJAis5ahwJlt8NkVcjca2/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Compile Tests results for commit 033459d - https://drive.google.com/file/d/12VsUN0y0up4ye0QJWlaXs_e2ZXqEtqzc/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Static Tests results for commit 616a055 - https://drive.google.com/file/d/1yb_bURwbpb9ltC1zEM8_ewJ4l9hdQ4qE/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Compile Tests results for commit 616a055 - https://drive.google.com/file/d/1iYuSInyi7Qj8gHJoV80MWuHjJC4blXmW/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Static Tests results for commit bd93a01 - https://drive.google.com/file/d/10hTAuSfYx3Ixc8aV2ILxzzjKIKctKcbO/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Compile Tests results for commit bd93a01 - https://drive.google.com/file/d/1Qet7bwMtG-xoDBeloyHnyRFtrh4_tZ_R/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Static Tests results for commit d87ab8e - https://drive.google.com/file/d/163gVJQfsRGmtnJpAuyxK2m44QLsBqlN8/view?usp=drivesdk

[splunk-soar-connectors-bot]

@zamastyle Compile Tests results for commit d87ab8e - https://drive.google.com/file/d/1maIyBqmqQbWqoWCl4LqW_unxglvypBjU/view?usp=drivesdk

[splunk-soar-connectors-bot]

@phantom-jacob Static Tests results for commit 789a29c - https://drive.google.com/file/d/16MOZ1GWxw__JhZqB_Rrf4B43WRioJ8NV/view?usp=drivesdk

[splunk-soar-connectors-bot]

@phantom-jacob Static Tests results for commit faca1a4 - https://drive.google.com/file/d/19RNWfbTQscWAN097UuSgVqWAvglU1Pmq/view?usp=drivesdk

[splunk-soar-connectors-bot]

@phantom-jacob Compile Tests results for commit faca1a4 - https://drive.google.com/file/d/1pMOP16eR4xLGP3RBjpjTKo_frpiujjoA/view?usp=drivesdk