Update pagination decision in task

plugins/palo_alto_cortex_xdr/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "1a737630103c5a3fb2d61444c2fefbb9",
-	"manifest": "58618c879c00000568c7d1e4da6bc0a1",
-	"setup": "cb9fd1212032e1f3d1d0246bf663c090",
+	"spec": "8125e2ef1c00b4a1402f087180e53f38",
+	"manifest": "65bd596c7372174f46013b4d0ce10b04",
+	"setup": "b2d24cbc8912756962fb0415a975bb53",
 	"schemas": [
 		{
 			"identifier": "allow_file/schema.py",
@@ -48,4 +48,4 @@
 			"hash": "64c151d95839f2c46a85d401b0d98e5f"
 		}
 	]
-}
+}

plugins/palo_alto_cortex_xdr/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.0
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Palo Alto Cortex XDR"
 Vendor = "rapid7"
-Version = "4.0.4"
+Version = "4.0.5"
 Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data"
 
 

plugins/palo_alto_cortex_xdr/help.md

@@ -927,6 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action
 
 # Version History
 
+* 4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2
 * 4.0.4 - Raise authentication errors if provided invalid credentials
 * 4.0.3 - `Monitor Incidents` - Add custom config exception handling
 * 4.0.2 - SDK bump to 6.1.4

plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_alerts/task.py

@@ -117,8 +117,7 @@ def get_alerts_palo_alto(self, state: dict, start_time: Optional[int], now: int,
         state[CURRENT_COUNT] = state.get(CURRENT_COUNT, 0) + results_count
 
         new_alerts, new_alert_hashes, last_alert_time = self._dedupe_and_get_highest_time(results, state)
-
-        is_paginating = state.get(CURRENT_COUNT) < total_count
+        is_paginating = results_count >= alert_limit
 
         if is_paginating:
             self.logger.info(f"Found total alerts={total_count}, limit={alert_limit}, is_paginating={is_paginating}")

plugins/palo_alto_cortex_xdr/plugin.spec.yaml

@@ -4,12 +4,12 @@ products: [insightconnect]
 name: palo_alto_cortex_xdr
 title: Palo Alto Cortex XDR
 description: Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data
-version: 4.0.4
+version: 4.0.5
 connection_version: 2
 cloud_ready: true
 sdk:
   type: slim
-  version: 6.2.0
+  version: 6.2.2
   user: nobody
 supported_versions: ["2024-07-15 Palo Alto Cortex XDR API"]
 vendor: rapid7
@@ -38,6 +38,7 @@ key_features:
   - "Add files to the block or allow lists"
 troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again."
 version_history:
+  - "4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2"
   - "4.0.4 - Raise authentication errors if provided invalid credentials"
   - "4.0.3 - `Monitor Incidents` - Add custom config exception handling"
   - "4.0.2 - SDK bump to 6.1.4"

plugins/palo_alto_cortex_xdr/setup.py

@@ -3,7 +3,7 @@
 
 
 setup(name="palo_alto_cortex_xdr-rapid7-plugin",
-      version="4.0.4",
+      version="4.0.5",
       description="Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data",
       author="rapid7",
       author_email="",