Skip to content

Commit

Permalink
Implement potential trigger patch
Browse files Browse the repository at this point in the history
  • Loading branch information
cmcnally-r7 committed Oct 28, 2024
1 parent 72388c1 commit 98ab88b
Show file tree
Hide file tree
Showing 7 changed files with 15 additions and 12 deletions.
6 changes: 3 additions & 3 deletions plugins/palo_alto_cortex_xdr/.CHECKSUM
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"spec": "5f65f97ed0704bd87cb78e24eb9dc1b3",
"manifest": "094c90db12918a2d28277d8b94124397",
"setup": "67c9748687eb5d9ea0eccfccb53610e1",
"spec": "ffba693b9bcf2a7cdbb351c5820c4ed8",
"manifest": "58618c879c00000568c7d1e4da6bc0a1",
"setup": "cb9fd1212032e1f3d1d0246bf663c090",
"schemas": [
{
"identifier": "allow_file/schema.py",
Expand Down
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ from sys import argv

Name = "Palo Alto Cortex XDR"
Vendor = "rapid7"
Version = "4.0.3"
Version = "4.0.4"
Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data"


Expand Down
1 change: 1 addition & 0 deletions plugins/palo_alto_cortex_xdr/help.md
Original file line number Diff line number Diff line change
Expand Up @@ -927,6 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action

# Version History

* 4.0.4 - `Get Incidents` - Update `Hosts` output to map hostname and endpoint ID
* 4.0.3 - `Monitor Incidents` - Add custom config exception handling
* 4.0.2 - SDK bump to 6.1.4
* 4.0.1 - SDK Bump to 6.1.3
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,12 @@ def split_list_values(input_list: list) -> list:
for item in input_list:
if isinstance(item, str):
item_split = item.split(":")
output_list.extend(item_split)
if len(item_split) == 2:
output_list.append({"hostname": item_split[0], "endpoint_id": item_split[1]})
else:
output_list.append({"hostname": item_split[0]})

duplicates = set()

return [item for item in output_list if not (item in duplicates or duplicates.add(item))]
return output_list

@staticmethod
def send_items_to_platform_for_trigger(
Expand Down
3 changes: 2 additions & 1 deletion plugins/palo_alto_cortex_xdr/plugin.spec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ products: [insightconnect]
name: palo_alto_cortex_xdr
title: Palo Alto Cortex XDR
description: Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data
version: 4.0.3
version: 4.0.4
connection_version: 2
cloud_ready: true
sdk:
Expand Down Expand Up @@ -38,6 +38,7 @@ key_features:
- "Add files to the block or allow lists"
troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again."
version_history:
- "4.0.4 - `Get Incidents` - Update `Hosts` output to map hostname and endpoint ID"
- "4.0.3 - `Monitor Incidents` - Add custom config exception handling"
- "4.0.2 - SDK bump to 6.1.4"
- "4.0.1 - SDK Bump to 6.1.3"
Expand Down
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@


setup(name="palo_alto_cortex_xdr-rapid7-plugin",
version="4.0.3",
version="4.0.4",
description="Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data",
author="rapid7",
author_email="",
Expand Down
4 changes: 2 additions & 2 deletions plugins/palo_alto_cortex_xdr/unit_test/test_get_incidents.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ def check_error():
"host_count": 1,
"xdr_url": "https://example.com/incident-view?caseId=1",
"starred": False,
"hosts": ["example-host", "example-host-2"],
"hosts": [{"hostname": "example-host"}, {"hostname": "example-host-2"}],
"users": ["administrator"],
"incident_sources": ["XDR Agent"],
"wildfire_hits": 4,
Expand All @@ -67,7 +67,7 @@ def check_error():
}
if MockTrigger.actual == expected:
return True
TestCase.maxDiff = None

TestCase.assertDictEqual(TestCase(), MockTrigger.actual, expected)


Expand Down

0 comments on commit 98ab88b

Please sign in to comment.