From 9445e20d8f74d2e4a7678c2a7d5066281e924c9e Mon Sep 17 00:00:00 2001 From: munna-metron Date: Fri, 27 Oct 2023 10:53:35 +0530 Subject: [PATCH 1/6] Bug Fixes --- .../classifier-SentinelOne_Incident_Classifier.json | 3 ++- .../Integrations/SentinelOne-V2/SentinelOne-V2.py | 7 +++---- Packs/SentinelOne/ReleaseNotes/3_2_12.md | 13 +++++++++++++ Packs/SentinelOne/pack_metadata.json | 2 +- 4 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 Packs/SentinelOne/ReleaseNotes/3_2_12.md diff --git a/Packs/SentinelOne/Classifiers/classifier-SentinelOne_Incident_Classifier.json b/Packs/SentinelOne/Classifiers/classifier-SentinelOne_Incident_Classifier.json index 8777a949e5ca..98dd1be1ecfb 100644 --- a/Packs/SentinelOne/Classifiers/classifier-SentinelOne_Incident_Classifier.json +++ b/Packs/SentinelOne/Classifiers/classifier-SentinelOne_Incident_Classifier.json @@ -4,7 +4,8 @@ "feed": false, "id": "SentinelOne Classifier", "keyTypeMap": { - "SentinelOne Incident": "SentinelOne Incident" + "SentinelOne Incident": "SentinelOne Incident", + "incident": "SentinelOne Incident" }, "name": "SentinelOne Classifier", "transformer": { diff --git a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py index 7f50b0c0422f..17c65b8e9e34 100644 --- a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py +++ b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py @@ -3302,13 +3302,12 @@ def fetch_threats(client: Client, args): incidents_threats = [] current_fetch = args.get('current_fetch') incident_statuses = args.get('fetch_threat_incident_statuses') - resolved = 'true' if incident_statuses and 'RESOLVED' in incident_statuses else 'false' threats = client.get_threats_request(limit=args.get('fetch_limit'), created_after=args.get('last_fetch_date_string'), site_ids=args.get('fetch_site_ids'), incident_statuses=','.join(incident_statuses).lower() if incident_statuses else None, - resolved=resolved) + include_resolved_param=False) for threat in threats: rank = threat.get('rank') threat.update(get_mirroring_fields(args)) @@ -3434,8 +3433,8 @@ def main(): fetch_type = params.get('fetch_type', 'Threats') first_fetch_time = params.get('fetch_time', '3 days') fetch_severity = params.get('fetch_severity', []) - fetch_incidentStatus = params.get('fetch_incidentStatus', []) - fetch_threat_incident_statuses = params.get('fetch_threat_incident_statuses', []) + fetch_incidentStatus = params.get('fetch_incidentStatus', ["UNRESOLVED"]) + fetch_threat_incident_statuses = params.get('fetch_threat_incident_statuses', ["UNRESOLVED"]) fetch_threat_rank = int(params.get('fetch_threat_rank', 0)) fetch_limit = int(params.get('fetch_limit', 10)) fetch_site_ids = params.get('fetch_site_ids', None) diff --git a/Packs/SentinelOne/ReleaseNotes/3_2_12.md b/Packs/SentinelOne/ReleaseNotes/3_2_12.md new file mode 100644 index 000000000000..7214eb0241e8 --- /dev/null +++ b/Packs/SentinelOne/ReleaseNotes/3_2_12.md @@ -0,0 +1,13 @@ + +#### Integrations + +##### SentinelOne v2 + +- Bug fixes. + + +#### Classifiers + +##### SentinelOne Classifier + +- Bug fixes. diff --git a/Packs/SentinelOne/pack_metadata.json b/Packs/SentinelOne/pack_metadata.json index 000c6759c4d0..85ec2f45d420 100644 --- a/Packs/SentinelOne/pack_metadata.json +++ b/Packs/SentinelOne/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SentinelOne", "description": "Endpoint protection", "support": "partner", - "currentVersion": "3.2.11", + "currentVersion": "3.2.12", "author": "SentinelOne", "url": "https://www.sentinelone.com/support/", "email": "support@sentinelone.com", From 7f635f205111a38249d5426a9fcbed72ace345ea Mon Sep 17 00:00:00 2001 From: munna-metron Date: Fri, 27 Oct 2023 11:12:11 +0530 Subject: [PATCH 2/6] updated the docker image --- .../SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml | 2 +- Packs/SentinelOne/ReleaseNotes/3_2_12.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml index 76b559f95711..465861914e4b 100644 --- a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml +++ b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml @@ -2313,7 +2313,7 @@ script: description: IP Address. - contextPath: SentinelOne.MAC.mac description: MAC Address. - dockerimage: demisto/python3:3.10.13.75921 + dockerimage: demisto/python3:3.10.13.78960 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/SentinelOne/ReleaseNotes/3_2_12.md b/Packs/SentinelOne/ReleaseNotes/3_2_12.md index 7214eb0241e8..f9c3e09dcafe 100644 --- a/Packs/SentinelOne/ReleaseNotes/3_2_12.md +++ b/Packs/SentinelOne/ReleaseNotes/3_2_12.md @@ -3,6 +3,7 @@ ##### SentinelOne v2 +- Updated the Docker image to: *demisto/python3:3.10.13.78960*. - Bug fixes. From 706ea297a6565f7e802c001dd13258476ca8914f Mon Sep 17 00:00:00 2001 From: munna-metron Date: Fri, 27 Oct 2023 11:33:44 +0530 Subject: [PATCH 3/6] updated the release notes --- Packs/SentinelOne/ReleaseNotes/3_2_12.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/SentinelOne/ReleaseNotes/3_2_12.md b/Packs/SentinelOne/ReleaseNotes/3_2_12.md index f9c3e09dcafe..8351e85ae6b8 100644 --- a/Packs/SentinelOne/ReleaseNotes/3_2_12.md +++ b/Packs/SentinelOne/ReleaseNotes/3_2_12.md @@ -4,11 +4,11 @@ ##### SentinelOne v2 - Updated the Docker image to: *demisto/python3:3.10.13.78960*. -- Bug fixes. +- Improved the ***fetch-threats*** functionality, so that it will fetch the selected threat statuses from the configuration. #### Classifiers ##### SentinelOne Classifier -- Bug fixes. +- Fixed an issue where the **SentinelOne Classifier** unable to mapped with the Incident Type whose name is **incident** From 908541324c51c88aa270ca4c8cf9885230a3e705 Mon Sep 17 00:00:00 2001 From: munna-metron Date: Wed, 1 Nov 2023 16:16:48 +0530 Subject: [PATCH 4/6] making chages in threat request call --- Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py index 17c65b8e9e34..4775fb6c56a1 100644 --- a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py +++ b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py @@ -286,7 +286,7 @@ def get_threats_request(self, content_hash=None, mitigation_status=None, created siteIds=site_ids, rank=int(rank) if rank else None, keys_to_ignore=keys_to_ignore, - incidentStatuses=argToList(incident_statuses.lower() if incident_statuses is not None else None) + incidentStatuses=incident_statuses.lower() if incident_statuses is not None else None ) response = self._http_request(method='GET', url_suffix='threats', params=params, ok_codes=[200]) return response.get('data', {}) From c687e8100b0e0e11b0672a2f32abc72917d4e69b Mon Sep 17 00:00:00 2001 From: munna-metron Date: Wed, 1 Nov 2023 16:25:06 +0530 Subject: [PATCH 5/6] review comment fix --- Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py index 4775fb6c56a1..fb8851f1b6c4 100644 --- a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py +++ b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py @@ -286,7 +286,7 @@ def get_threats_request(self, content_hash=None, mitigation_status=None, created siteIds=site_ids, rank=int(rank) if rank else None, keys_to_ignore=keys_to_ignore, - incidentStatuses=incident_statuses.lower() if incident_statuses is not None else None + incidentStatuses=incident_statuses.lower() if incident_statuses else None ) response = self._http_request(method='GET', url_suffix='threats', params=params, ok_codes=[200]) return response.get('data', {}) From 9b00abf7543ce2c149005fc59ebd184d6e805ae7 Mon Sep 17 00:00:00 2001 From: munna-metron Date: Thu, 2 Nov 2023 10:32:46 +0530 Subject: [PATCH 6/6] fixed release notes --- Packs/SentinelOne/ReleaseNotes/3_2_12.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/SentinelOne/ReleaseNotes/3_2_12.md b/Packs/SentinelOne/ReleaseNotes/3_2_12.md index 8351e85ae6b8..e8d016a88580 100644 --- a/Packs/SentinelOne/ReleaseNotes/3_2_12.md +++ b/Packs/SentinelOne/ReleaseNotes/3_2_12.md @@ -4,11 +4,11 @@ ##### SentinelOne v2 - Updated the Docker image to: *demisto/python3:3.10.13.78960*. -- Improved the ***fetch-threats*** functionality, so that it will fetch the selected threat statuses from the configuration. +- Improved implementation of the ***fetch-threats*** functionality, so that it will fetch the selected threat statuses from the configuration. #### Classifiers ##### SentinelOne Classifier -- Fixed an issue where the **SentinelOne Classifier** unable to mapped with the Incident Type whose name is **incident** +- Fixed an issue where the **SentinelOne Classifier** unable to mapped with the Incident Type whose name is **incident**.