Skip to content

Commit

Permalink
Update unit tests | Update how we paginate based on last run time | C…
Browse files Browse the repository at this point in the history 
…hange how custom config is named in line with other plugins | Update SDK | Update error handling to return response data in data field
  • Loading branch information
@ablakley-r7
ablakley-r7 committed Jan 10, 2025
1 parent fb72663 commit 1b8c10c
Show file tree
Hide file tree
Showing 12 changed files with 32,999 additions and 239 deletions.
6 changes: 3 additions & 3 deletions plugins/palo_alto_cortex_xdr/.CHECKSUM
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"spec": "8125e2ef1c00b4a1402f087180e53f38",
"manifest": "65bd596c7372174f46013b4d0ce10b04",
"setup": "b2d24cbc8912756962fb0415a975bb53",
"spec": "20b20f453b280248a08c322b6a6181fc",
"manifest": "890583ee056a00ff5e7a235cbe4b4243",
"setup": "1909f54fc45c060127294dc9e92c0133",
"schemas": [
{
"identifier": "allow_file/schema.py",
Expand Down
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ from sys import argv

Name = "Palo Alto Cortex XDR"
Vendor = "rapid7"
Version = "4.0.5"
Version = "4.0.6"
Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data"


Expand Down
1 change: 1 addition & 0 deletions plugins/palo_alto_cortex_xdr/help.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -927,6 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action

# Version History

* 4.0.6 - Update `MonitorAlerts` to resume alert monitoring from the last task run time | Update error handling to log additional data
* 4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2
* 4.0.4 - Raise authentication errors if provided invalid credentials
* 4.0.3 - `Monitor Incidents` - Add custom config exception handling
Expand Down
291 changes: 102 additions & 189 deletions plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_alerts/task.py
View file

Large diffs are not rendered by default.

27 changes: 20 additions & 7 deletions plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/util/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -447,8 +447,17 @@ def get_response_alerts(self, post_body: dict) -> Tuple[list, int, int]:
endpoint = "public_api/v1/alerts/get_alerts"

url = f"{fqdn}{endpoint}"

response = self.build_request(url=url, headers=headers, post_body=post_body)
try:
response = self.build_request(url=url, headers=headers, post_body=post_body)
except PluginException as error:
if isinstance(error.data, Response):
raise APIException(
cause=error.cause,
assistance=error.assistance,
data=error.data.text,
status_code=error.data.status_code,
)
raise error

response = self._handle_401(response=response, url=url, post_body=post_body)

Expand Down Expand Up @@ -502,20 +511,24 @@ def build_request(self, url: str, headers: dict, post_body: dict) -> Response:
request = requests.Request(method="post", url=url, headers=headers, json=post_body)

custom_config_exceptions = {
HTTPStatusCodes.BAD_REQUEST: PluginException(cause="API Error. ", assistance="Bad request, invalid JSON."),
HTTPStatusCodes.BAD_REQUEST: PluginException(
cause=PluginException.causes.get(PluginException.Preset.BAD_REQUEST),
assistance="Bad request, invalid JSON.",
),
HTTPStatusCodes.UNAUTHORIZED: PluginException(
cause="API Error. ", assistance="Authorization failed. Check your API Key ID & API Key."
cause=PluginException.causes.get(PluginException.Preset.INVALID_CREDENTIALS),
assistance="Authorization failed. Check your API Key ID & API Key.",
),
HTTPStatusCodes.PAYMENT_REQUIRED: PluginException(
cause="API Error. ",
cause=PluginException.causes.get(PluginException.Preset.UNAUTHORIZED),
assistance="Unauthorized access. User does not have the required license type to run this API.",
),
HTTPStatusCodes.FORBIDDEN: PluginException(
cause="API Error. ",
cause=PluginException.causes.get(PluginException.Preset.UNAUTHORIZED),
assistance="Forbidden. The provided API Key does not have the required RBAC permissions to run this API.",
),
HTTPStatusCodes.NOT_FOUND: PluginException(
cause="API Error. ",
cause=PluginException.causes.get(PluginException.Preset.NOT_FOUND),
assistance=f"The object at {url} does not exist. Check the FQDN connection setting and try again.",
),
}
Expand Down
3 changes: 2 additions & 1 deletion plugins/palo_alto_cortex_xdr/plugin.spec.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ products: [insightconnect]
name: palo_alto_cortex_xdr
title: Palo Alto Cortex XDR
description: Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data
version: 4.0.5
version: 4.0.6
connection_version: 2
cloud_ready: true
sdk:
Expand Down Expand Up @@ -38,6 +38,7 @@ key_features:
- "Add files to the block or allow lists"
troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again."
version_history:
- "4.0.6 - Update `MonitorAlerts` to resume alert monitoring from the last task run time | Update error handling to log additional data"
- "4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2"
- "4.0.4 - Raise authentication errors if provided invalid credentials"
- "4.0.3 - `Monitor Incidents` - Add custom config exception handling"
Expand Down
2 changes: 1 addition & 1 deletion plugins/palo_alto_cortex_xdr/setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@


setup(name="palo_alto_cortex_xdr-rapid7-plugin",
version="4.0.5",
version="4.0.6",
description="Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data",
author="rapid7",
author_email="",
Expand Down
105 changes: 105 additions & 0 deletions plugins/palo_alto_cortex_xdr/unit_test/expected/monitor_alerts_full_next_page_state.json.exp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
{"current_count": 200,
"last_alert_hash": ["a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404",
"a502a9c50798186882ad8dc91ac2b38eb185c404"],
"last_search_from": 100,
"last_search_to": 200,
"query_end_time": 1706539560000,
"query_start_time": 1706453160000}
Loading

0 comments on commit 1b8c10c

Please sign in to comment.