diff --git a/plugins/palo_alto_cortex_xdr/.CHECKSUM b/plugins/palo_alto_cortex_xdr/.CHECKSUM index 8386ca89bc..ecba0eb240 100644 --- a/plugins/palo_alto_cortex_xdr/.CHECKSUM +++ b/plugins/palo_alto_cortex_xdr/.CHECKSUM @@ -1,5 +1,5 @@ { - "spec": "80c5cec0b5ce48e9cdb749e931679751", + "spec": "5f65f97ed0704bd87cb78e24eb9dc1b3", "manifest": "094c90db12918a2d28277d8b94124397", "setup": "67c9748687eb5d9ea0eccfccb53610e1", "schemas": [ diff --git a/plugins/palo_alto_cortex_xdr/help.md b/plugins/palo_alto_cortex_xdr/help.md index b327b2d135..1f2a247d4e 100644 --- a/plugins/palo_alto_cortex_xdr/help.md +++ b/plugins/palo_alto_cortex_xdr/help.md @@ -927,7 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action # Version History -* 4.0.3 - `Get Incidents` - Update `Hosts` output to map hostname and endpoint ID | `Monitor Incidents` - Add custom config exception handling +* 4.0.3 - `Monitor Incidents` - Add custom config exception handling * 4.0.2 - SDK bump to 6.1.4 * 4.0.1 - SDK Bump to 6.1.3 * 4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty and different typed output fields - updated to generic object | Added Monitor_alert tasks | SDK Bump to 6.1.2 diff --git a/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/util/util.py b/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/util/util.py index 779f6c66fd..70d8d98f2d 100644 --- a/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/util/util.py +++ b/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/util/util.py @@ -28,11 +28,11 @@ def split_list_values(input_list: list) -> list: for item in input_list: if isinstance(item, str): item_split = item.split(":") - if len(item_split) == 2: - output_list.append({"hostname": item_split[0], "endpoint_id": item_split[1]}) - else: - output_list.append({"hostname": item_split[0]}) - return output_list + output_list.extend(item_split) + + duplicates = set() + + return [item for item in output_list if not (item in duplicates or duplicates.add(item))] @staticmethod def send_items_to_platform_for_trigger( diff --git a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml index 3150a146e2..e66ac6eda7 100644 --- a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml +++ b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml @@ -38,7 +38,7 @@ key_features: - "Add files to the block or allow lists" troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again." version_history: - - "4.0.3 - `Get Incidents` - Update `Hosts` output to map hostname and endpoint ID | `Monitor Incidents` - Add custom config exception handling" + - "4.0.3 - `Monitor Incidents` - Add custom config exception handling" - "4.0.2 - SDK bump to 6.1.4" - "4.0.1 - SDK Bump to 6.1.3" - "4.0.0 - `Get Alerts`: Fixed issue where trigger was failing due to empty and different typed output fields - updated to generic object | Added Monitor_alert tasks | SDK Bump to 6.1.2" diff --git a/plugins/palo_alto_cortex_xdr/unit_test/test_get_incidents.py b/plugins/palo_alto_cortex_xdr/unit_test/test_get_incidents.py index 2e43e5b580..ca72e4df54 100644 --- a/plugins/palo_alto_cortex_xdr/unit_test/test_get_incidents.py +++ b/plugins/palo_alto_cortex_xdr/unit_test/test_get_incidents.py @@ -46,7 +46,7 @@ def check_error(): "host_count": 1, "xdr_url": "https://example.com/incident-view?caseId=1", "starred": False, - "hosts": [{"hostname": "example-host"}, {"hostname": "example-host-2"}], + "hosts": ["example-host", "example-host-2"], "users": ["administrator"], "incident_sources": ["XDR Agent"], "wildfire_hits": 4, diff --git a/plugins/palo_alto_cortex_xdr/unit_test/test_monitor_alerts.py b/plugins/palo_alto_cortex_xdr/unit_test/test_monitor_alerts.py index 6e83a79c41..23809875c9 100644 --- a/plugins/palo_alto_cortex_xdr/unit_test/test_monitor_alerts.py +++ b/plugins/palo_alto_cortex_xdr/unit_test/test_monitor_alerts.py @@ -174,7 +174,7 @@ def test_monitor_alerts_error_handling( error_msg: Union[str, PluginException], error_code: int, ) -> None: - self.maxDiff = None + # This if statement is to handle the "if not type response" statement specifically if error_code == 500: mocked_response = mock_conditions(200, file_name="monitor_alerts_faulty_response")