Palo Alto Cortex - Get Alerts: Fixed issue where trigger was failing …

…due to empty or wrong typed output fields (#2535)

plugins/palo_alto_cortex_xdr/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "c77175f3585faa1db09a97c357011654",
-	"manifest": "f79c9c7271d57fcb642319749b9536c9",
-	"setup": "c545c3e46f9cc7d140c6715b6a3f4dca",
+	"spec": "4c4b12beb4b3a96ae6079eeb4876530c",
+	"manifest": "a31f3829257215b9a2c7033e63d20449",
+	"setup": "1de7057327642796416a3bc46dd6fc54",
 	"schemas": [
 		{
 			"identifier": "allow_file/schema.py",
@@ -13,7 +13,7 @@
 		},
 		{
 			"identifier": "get_endpoint_details/schema.py",
-			"hash": "fec6a33a072821327bbda3eea2eb1b5c"
+			"hash": "83ee203288356907ab97aae2f90c2154"
 		},
 		{
 			"identifier": "get_file_quarantine_status/schema.py",
@@ -33,11 +33,11 @@
 		},
 		{
 			"identifier": "monitor_incident_events/schema.py",
-			"hash": "adcff00aacbc67df84ba0422a2b821e5"
+			"hash": "c0d8b3266555065265c2bbeb5afaa260"
 		},
 		{
 			"identifier": "get_alerts/schema.py",
-			"hash": "12e2528bd2b1e7099d841c27abf42775"
+			"hash": "68d14f3d0df123680d51e25a205ace56"
 		},
 		{
 			"identifier": "get_incidents/schema.py",

plugins/palo_alto_cortex_xdr/.dockerignore

@@ -6,4 +6,4 @@ tests
 tests/**/*
 **/*.json
 **/*.tar
-**/*.gz
+**/*.gz

plugins/palo_alto_cortex_xdr/Dockerfile

@@ -1,4 +1,4 @@
-FROM rapid7/insightconnect-python-3-38-slim-plugin:5
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.0.1
 
 LABEL organization=rapid7
 LABEL sdk=python
@@ -12,7 +12,7 @@ RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
 ADD . /python/src
 
-RUN	python setup.py build && python setup.py install
+RUN python setup.py build && python setup.py install
 
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody

plugins/palo_alto_cortex_xdr/bin/icon_palo_alto_cortex_xdr

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Palo Alto Cortex XDR"
 Vendor = "rapid7"
-Version = "3.0.0"
+Version = "4.0.0"
 Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data"
 
 

plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/actions/get_endpoint_details/schema.py

@@ -63,7 +63,8 @@ class GetEndpointDetailsOutput(insightconnect_plugin_runtime.Output):
     }
   },
   "required": [
-    "endpoints"
+    "endpoints",
+    "total_count"
   ],
   "definitions": {
     "endpoint": {

plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/connection/connection.py

@@ -3,11 +3,6 @@
 
 # Custom imports below
 from ..util.api import CortexXdrAPI
-from datetime import datetime, timezone
-import secrets
-import string
-import hashlib
-import requests
 
 
 class Connection(insightconnect_plugin_runtime.Connection):
@@ -18,9 +13,9 @@ def __init__(self):
     def connect(self, params):
         self.logger.info("Connect: Connecting...")
 
-        api_key = params.get(Input.API_KEY).get("secretKey")
-        api_key_id = params.get(Input.API_KEY_ID)
-        fqdn = params.get(Input.URL)
+        api_key = params.get(Input.API_KEY, {}).get("secretKey")
+        api_key_id = params.get(Input.API_KEY_ID, "")
+        fqdn = params.get(Input.URL, "")
         fqdn = self.clean_up_fqdn(fqdn)
 
         security_level = params.get(Input.SECURITY_LEVEL)
@@ -39,4 +34,4 @@ def clean_up_fqdn(self, fqdn):
 
     def test(self):
         self.xdr_api.test_connection()
-        return {"status": "pass"}
+        return {"success": True}

plugins/palo_alto_cortex_xdr/icon_palo_alto_cortex_xdr/tasks/monitor_incident_events/schema.py

@@ -287,8 +287,7 @@ class MonitorIncidentEventsOutput(insightconnect_plugin_runtime.Output):
           "description": "XDR URL",
           "order": 27
         }
-      },
-      "required": []
+      }
     }
   }
 }