add function annotation and bake the default index into the get_all_indexes function

pyth0n1c · pyth0n1c · commit bf725752a9d8 · 2024-10-15T20:07:17.000-04:00
diff --git a/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py b/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py
@@ -172,13 +172,11 @@ def configure_hec(self):
             # Retrieve all available indexes on the splunk instance
             all_indexes = self.get_all_indexes()
 
-            indexes = f"{self.sync_obj.replay_index}," + ",".join(all_indexes)
-
             res = self.get_conn().inputs.create(
                 name="DETECTION_TESTING_HEC",
                 kind="http",
                 index=self.sync_obj.replay_index,
-                indexes=indexes, # This allows the HEC to write to all indexes
+                indexes=",".join(all_indexes), # This allows the HEC to write to all indexes
                 useACK=True,
             )
             self.hec_token = str(res.token)
@@ -187,12 +185,13 @@ def configure_hec(self):
         except Exception as e:
             raise (Exception(f"Failure creating HEC Endpoint: {str(e)}"))
 
-    def get_all_indexes(self):
+    def get_all_indexes(self) -> list[str]:
         """
         Retrieve a list of all indexes in the Splunk instance
         """
         try:
-            indexes = []
+            # Always include the special, default replay index here
+            indexes = [self.sync_obj.replay_index]
             res = self.get_conn().indexes
             for index in res.list():
                 indexes.append(index.name)
