Skip to content

Commit

Permalink
Palo Alto Cortex XDR | Undo change to list split for get incidents tr…
Browse files Browse the repository at this point in the history
…igger (#2903)

* Undo change to list split for get incidents trigger

* Black formatting

* Remove self.maxdiff in unit test

* Update spec file
  • Loading branch information
cmcnally-r7 authored Oct 28, 2024
1 parent 6fc3c0a commit 72388c1
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 10 deletions.
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"spec": "80c5cec0b5ce48e9cdb749e931679751",
"spec": "5f65f97ed0704bd87cb78e24eb9dc1b3",
"manifest": "094c90db12918a2d28277d8b94124397",
"setup": "67c9748687eb5d9ea0eccfccb53610e1",
"schemas": [
Expand Down
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/help.md
Original file line number Diff line number Diff line change
Expand Up @@ -927,7 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action

# Version History

* 4.0.3 - `Get Incidents` - Update `Hosts` output to map hostname and endpoint ID | `Monitor Incidents` - Add custom config exception handling
* 4.0.3 - `Monitor Incidents` - Add custom config exception handling
* 4.0.2 - SDK bump to 6.1.4
* 4.0.1 - SDK Bump to 6.1.3
* 4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty and different typed output fields - updated to generic object | Added Monitor_alert tasks | SDK Bump to 6.1.2
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@ def split_list_values(input_list: list) -> list:
for item in input_list:
if isinstance(item, str):
item_split = item.split(":")
if len(item_split) == 2:
output_list.append({"hostname": item_split[0], "endpoint_id": item_split[1]})
else:
output_list.append({"hostname": item_split[0]})
return output_list
output_list.extend(item_split)

duplicates = set()

return [item for item in output_list if not (item in duplicates or duplicates.add(item))]

@staticmethod
def send_items_to_platform_for_trigger(
Expand Down
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/plugin.spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ key_features:
- "Add files to the block or allow lists"
troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again."
version_history:
- "4.0.3 - `Get Incidents` - Update `Hosts` output to map hostname and endpoint ID | `Monitor Incidents` - Add custom config exception handling"
- "4.0.3 - `Monitor Incidents` - Add custom config exception handling"
- "4.0.2 - SDK bump to 6.1.4"
- "4.0.1 - SDK Bump to 6.1.3"
- "4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty and different typed output fields - updated to generic object | Added Monitor_alert tasks | SDK Bump to 6.1.2"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ def check_error():
"host_count": 1,
"xdr_url": "https://example.com/incident-view?caseId=1",
"starred": False,
"hosts": [{"hostname": "example-host"}, {"hostname": "example-host-2"}],
"hosts": ["example-host", "example-host-2"],
"users": ["administrator"],
"incident_sources": ["XDR Agent"],
"wildfire_hits": 4,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ def test_monitor_alerts_error_handling(
error_msg: Union[str, PluginException],
error_code: int,
) -> None:
self.maxDiff = None

# This if statement is to handle the "if not type response" statement specifically
if error_code == 500:
mocked_response = mock_conditions(200, file_name="monitor_alerts_faulty_response")
Expand Down

0 comments on commit 72388c1

Please sign in to comment.