CS Falcon: fix fetch incidents issues #29898
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…o cs-falcon-fetch-limit-issue
Co-authored-by: Shelly Tzohar <[email protected]>
ilaner
force-pushed
the
cs_falcon_sorting_issue
branch
from
6a98d23
to
80fddab
Compare
ilaner
changed the title
| @@ -1372,7 +1372,7 @@ def get_idp_detections_ids(filter_arg=None, offset: int = 0, limit=INCIDENTS_PER | |||
| :rtype ``dict`` | |||
| """ | |||
| params = { | |||
| 'sort': 'created_timestamp.asc', | |||
| 'sort': 'start_time.asc', | |||
There was a problem hiding this comment.
so we are intentionally changing this or did you mean to preserve created_timestamp.asc
There was a problem hiding this comment.
this is the IDP endpoint, which supports sorting by the start time and not only by first_behavior.
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
Outdated
Show resolved
Hide resolved
| @@ -2505,6 +2505,21 @@ def migrate_last_run(last_run: dict[str, str] | list[dict]) -> list[dict]: | |||
| return [updated_last_run_detections, updated_last_run_incidents, {}] | |||
|
|
|||
|
|
|||
| def sort_incidents_summaries_by_ids_order(ids_order, full_incidents, id_field): | |||
There was a problem hiding this comment.
maybe change to this because it should work on both?
Suggested change
| def sort_incidents_summaries_by_ids_order(ids_order, full_incidents, id_field): | |
| def sort_summaries_by_ids_order(ids_order, full_incidents, id_field): |
| @@ -2552,7 +2571,7 @@ def fetch_incidents(): | |||
|
|
|||
| detections = filter_incidents_by_duplicates_and_limit(incidents_res=detections, | |||
| last_run=current_fetch_info_detections, | |||
| fetch_limit=fetch_limit, id_field='name') | |||
| fetch_limit=INCIDENTS_PER_FETCH, id_field='name') | |||
There was a problem hiding this comment.
is this intended? why?
relevant to the other places it was changed.
There was a problem hiding this comment.
Yes
This is the original issue @daryakoval handled: https://jira-hq.paloaltonetworks.local/browse/XSUP-27448
…rikeFalcon.py Co-authored-by: yuvalbenshalom <[email protected]>
ilaner
force-pushed
the
cs_falcon_sorting_issue
branch
from
f0c8035
to
8c49437
Compare
ilaner
force-pushed
the
cs_falcon_sorting_issue
branch
from
8c49437
to
b36970f
Compare
yuvalbenshalom
added a commit
that referenced
this pull request
Oct 23, 2023
This reverts commit 8832678.
yuvalbenshalom
added a commit
that referenced
this pull request
Oct 23, 2023
sapirshuker
pushed a commit
that referenced
this pull request
Dec 21, 2023
* fixed the parameter that send as a limit * update rn * update test playbook * Update Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_7.md Co-authored-by: Shelly Tzohar <[email protected]> * fixing test playbook * adding sort incidents by the ids order; fix time field issue * rename rn * bump version * added unitest * fix rn * save unitest fix * save format * save unitest fix * update docker * use created timestamp * start_time * RN * Update Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py Co-authored-by: yuvalbenshalom <[email protected]> * CR * typo * fixes * fixes * fixes * fixes * sort by created * fixes * fixes * simplify * back to offset * fix offset * remove sort * fixes * fix * fixes * updates * fix offset calc * fix * move calculate new offset * fix tests * fix * update limit * fixes --------- Co-authored-by: daryakoval <[email protected]> Co-authored-by: Darya Koval <[email protected]> Co-authored-by: Shelly Tzohar <[email protected]> Co-authored-by: yuvalbenshalom <[email protected]>
sapirshuker
pushed a commit
that referenced
this pull request
Dec 21, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
related: https://jira-dc.paloaltonetworks.com/browse/XSUP-29234?filter=-1