Doc update

jorritfolmer · Jan 7, 2018 · 762fa8c · 762fa8c
1 parent ae07bce
commit 762fa8c
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 2.5.0
+
+- Only process actual DMARC aggregate reports and ignore other XML files
+- Changed validation result field to include multiple XSD validations
+
 ## 2.4.1
 
 - Fixed issues that prevented addition of new inputs after clean install of TA-dmarc

diff --git a/README.md b/README.md
@@ -135,13 +135,9 @@ Second, because the reverse DNS record cannot really be trusted, another forward
 
 ### Validate XML setting
 
-DMARC XML aggregate reports can be validated against the DMARC RUA XML schema definition (XSD).
+DMARC XML aggregate reports can be validated against multiple DMARC RUA XML schema definition versions (XSD)
 This can be configured in the input with the checkbox "Validate XML"
-The result of the validation is added as new event fields in Splunk:
-
-- `vendor_vendor_rua_xsd_validation`: success or failure
-- `vendor_vendor_rua_xsd_validation_error`": validation error text, e.g: 
-  > Element 'sp': [facet 'enumeration'] The value '' is not an element of the set {'none', 'quarantine', 'reject'}., line 19
+The result of the validations is added as new event fields in Splunk: `vendor_rua_xsd_validations`
 
 ## DMARC aggregate reports
 
@@ -252,7 +248,10 @@ From the DMARC XML sample above, the following fields are created:
 |src_ip                                       |192.0.2.78           | CIM
 |user                                         |example.com          | CIM
 |tag                                          |authentication, insecure | CIM
-|vendor_rua_xsd_validation                    |success              | Add-on enrichment
+|vendor_rua_xsd_validations. rua_draft-dmarc-base-00-02.xsd.result  | pass   | Add-on enrichment
+|vendor_rua_xsd_validations. rua_rfc7489.xsd.result                 | fail   | Add-on enrichment
+|vendor_rua_xsd_validations. rua_rfc7489.xsd.info                   | Element 'report_metadata': This element is not expected. Expected is ( version )., line 3	 | Add-on enrichment
+|vendor_rua_xsd_validations. rua_ta_dmarc_relaxed_v01.xsd.result    | pass   | Add-on enrichment
 
 ## Advanced
 

diff --git a/app.manifest b/app.manifest
@@ -5,7 +5,7 @@
     "id": {
       "group": null,
       "name": "TA-dmarc",
-      "version": "2.4.1"
+      "version": "2.5.0"
     },
     "author": [
       {
@@ -50,4 +50,4 @@
       "Enterprise": "*"
     }
   }
-}
+}
diff --git a/default/app.conf b/default/app.conf
@@ -7,7 +7,7 @@ build = 1
 
 [launcher]
 author = Jorrit Folmer
-version = 2.4.1
+version = 2.5.0
 description = Add-on for ingesting DMARC XML aggregate reports into Splunk
 
 [ui]