From 8953966185dbd085eb8529ac8c30bdb22b6b0d74 Mon Sep 17 00:00:00 2001
From: ablakley-r7 <96182471+ablakley-r7@users.noreply.github.com>
Date: Mon, 6 Jan 2025 13:25:11 +0000
Subject: [PATCH] Update pagination decision in task

---
 plugins/palo_alto_cortex_xdr/.CHECKSUM                    | 8 ++++----
 plugins/palo_alto_cortex_xdr/Dockerfile                   | 2 +-
 .../palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr    | 2 +-
 plugins/palo_alto_cortex_xdr/help.md                      | 1 +
 .../tasks/monitor_alerts/task.py                          | 3 +--
 plugins/palo_alto_cortex_xdr/plugin.spec.yaml             | 5 +++--
 plugins/palo_alto_cortex_xdr/setup.py                     | 2 +-
 7 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/plugins/palo_alto_cortex_xdr/.CHECKSUM b/plugins/palo_alto_cortex_xdr/.CHECKSUM
index 9004d2c8d6..a397f11ffb 100644
--- a/plugins/palo_alto_cortex_xdr/.CHECKSUM
+++ b/plugins/palo_alto_cortex_xdr/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "1a737630103c5a3fb2d61444c2fefbb9",
-	"manifest": "58618c879c00000568c7d1e4da6bc0a1",
-	"setup": "cb9fd1212032e1f3d1d0246bf663c090",
+	"spec": "8125e2ef1c00b4a1402f087180e53f38",
+	"manifest": "65bd596c7372174f46013b4d0ce10b04",
+	"setup": "b2d24cbc8912756962fb0415a975bb53",
 	"schemas": [
 		{
 			"identifier": "allow_file/schema.py",
@@ -48,4 +48,4 @@
 			"hash": "64c151d95839f2c46a85d401b0d98e5f"
 		}
 	]
-}
\ No newline at end of file
+}
diff --git a/plugins/palo_alto_cortex_xdr/Dockerfile b/plugins/palo_alto_cortex_xdr/Dockerfile
index 721f85e435..dcf4ac13dd 100755
--- a/plugins/palo_alto_cortex_xdr/Dockerfile
+++ b/plugins/palo_alto_cortex_xdr/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.0
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.2
 
 LABEL organization=rapid7
 LABEL sdk=python
diff --git a/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr b/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr
index 63eb79421e..0eb0b5296c 100755
--- a/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr
+++ b/plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Palo Alto Cortex XDR"
 Vendor = "rapid7"
-Version = "4.0.4"
+Version = "4.0.5"
 Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data"
 
 
diff --git a/plugins/palo_alto_cortex_xdr/help.md b/plugins/palo_alto_cortex_xdr/help.md
index 84b7f16c78..c29b746945 100644
--- a/plugins/palo_alto_cortex_xdr/help.md
+++ b/plugins/palo_alto_cortex_xdr/help.md
@@ -927,6 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action
 
 # Version History
 
+* 4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2
 * 4.0.4 - Raise authentication errors if provided invalid credentials
 * 4.0.3 - `Monitor Incidents` - Add custom config exception handling
 * 4.0.2 - SDK bump to 6.1.4
diff --git a/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_alerts/task.py b/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_alerts/task.py
index ebdb989687..50882d0595 100644
--- a/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_alerts/task.py
+++ b/plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_alerts/task.py
@@ -117,8 +117,7 @@ def get_alerts_palo_alto(self, state: dict, start_time: Optional[int], now: int,
         state[CURRENT_COUNT] = state.get(CURRENT_COUNT, 0) + results_count
 
         new_alerts, new_alert_hashes, last_alert_time = self._dedupe_and_get_highest_time(results, state)
-
-        is_paginating = state.get(CURRENT_COUNT) < total_count
+        is_paginating = results_count >= alert_limit
 
         if is_paginating:
             self.logger.info(f"Found total alerts={total_count}, limit={alert_limit}, is_paginating={is_paginating}")
diff --git a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml
index f262787174..7b1877ab55 100644
--- a/plugins/palo_alto_cortex_xdr/plugin.spec.yaml
+++ b/plugins/palo_alto_cortex_xdr/plugin.spec.yaml
@@ -4,12 +4,12 @@ products: [insightconnect]
 name: palo_alto_cortex_xdr
 title: Palo Alto Cortex XDR
 description: Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data
-version: 4.0.4
+version: 4.0.5
 connection_version: 2
 cloud_ready: true
 sdk:
   type: slim
-  version: 6.2.0
+  version: 6.2.2
   user: nobody
 supported_versions: ["2024-07-15 Palo Alto Cortex XDR API"]
 vendor: rapid7
@@ -38,6 +38,7 @@ key_features:
   - "Add files to the block or allow lists"
 troubleshooting: "Isolate Endpoint fails with 500 error - This will happen if an isolation action (Isolate or Unisolate) is in progress on the selected endpoint. Wait a few minutes and try again."
 version_history:
+  - "4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2"
   - "4.0.4 - Raise authentication errors if provided invalid credentials"
   - "4.0.3 - `Monitor Incidents` - Add custom config exception handling"
   - "4.0.2 - SDK bump to 6.1.4"
diff --git a/plugins/palo_alto_cortex_xdr/setup.py b/plugins/palo_alto_cortex_xdr/setup.py
index d31f400a7e..97ca1af2a7 100755
--- a/plugins/palo_alto_cortex_xdr/setup.py
+++ b/plugins/palo_alto_cortex_xdr/setup.py
@@ -3,7 +3,7 @@
 
 
 setup(name="palo_alto_cortex_xdr-rapid7-plugin",
-      version="4.0.4",
+      version="4.0.5",
       description="Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data",
       author="rapid7",
       author_email="",