|
61 | 61 | PROCESS_HEADERS = [element['header'] for element in PROCESS_INFO]
|
62 | 62 |
|
63 | 63 | MALOP_HEADERS = [
|
64 |
| - 'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'DecisionFailure', 'Suspects', 'AffectedMachine', 'InvolvedHash'] |
| 64 | + 'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'DecisionFailure', 'Suspects', |
| 65 | + 'AffectedMachine', 'InvolvedHash'] |
65 | 66 |
|
66 | 67 | SINGLE_MALOP_HEADERS = [
|
67 |
| - 'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'InvolvedHash', 'Severity', 'Machines', 'Users', "DecisionStatuses", "DetectionTypes", "DetectionEngines", "MitreTechniques", "MalopCloserName"] |
| 68 | + 'GUID', 'Link', 'CreationTime', 'Status', 'LastUpdateTime', 'InvolvedHash', 'Severity', |
| 69 | + 'Machines', 'Users', 'DecisionStatuses', 'DetectionTypes', 'DetectionEngines', |
| 70 | + 'MitreTechniques', 'MalopCloserName'] |
68 | 71 |
|
69 | 72 | DOMAIN_HEADERS = [
|
70 |
| - 'Name', 'Reputation', 'IsInternalDomain', 'WasEverResolved', 'WasEverResolvedAsASecondLevelDomain', 'Malicious', |
71 |
| - 'SuspicionsCount'] |
| 73 | + 'Name', 'Reputation', 'IsInternalDomain', 'WasEverResolved', |
| 74 | + 'WasEverResolvedAsASecondLevelDomain', 'Malicious', 'SuspicionsCount'] |
72 | 75 |
|
73 | 76 | USER_HEADERS = ['Username', 'Domain', 'LastMachineLoggedInTo', 'Organization', 'LocalSystem']
|
74 | 77 |
|
@@ -574,7 +577,7 @@ def poll_malops(client: Client, start_time):
|
574 | 577 |
|
575 | 578 | def query_malops(
|
576 | 579 | client: Client, total_result_limit: int = None, per_group_limit: int = None, template_context: str = None,
|
577 |
| - filters: list = None, guid_list: str = None) -> Any: |
| 580 | + filters: list = None, guid_list: Optional[List[str]] = None) -> Any: |
578 | 581 | demisto.info(f"guid list in query_malop function: {guid_list}")
|
579 | 582 | json_body = {
|
580 | 583 | 'totalResultLimit': int(total_result_limit) if total_result_limit else 10000,
|
@@ -1616,10 +1619,14 @@ def fetch_incidents(client: Client):
|
1616 | 1619 | offset = 0
|
1617 | 1620 | if not total_malops_fetched:
|
1618 | 1621 | total_malops_fetched = 0
|
1619 |
| - demisto.debug( |
1620 |
| - f"Polling starts.total_malops_fetched: {total_malops_fetched} offset: {offset} start_time: {start_time} end_time:{end_time}") |
| 1622 | + |
1621 | 1623 | malop_management_response = get_malop_management_data(client, start_time, end_time, offset)
|
1622 | 1624 | demisto.info(f"mmng/v2 response: {malop_management_response}")
|
| 1625 | + demisto.debug(( |
| 1626 | + f"Polling starts. total_malops_fetched: {total_malops_fetched} " |
| 1627 | + f"offset: {offset} start_time: {start_time} end_time: {end_time}" |
| 1628 | + )) |
| 1629 | + |
1623 | 1630 | edr_guid_list, non_edr_guid_list = [], []
|
1624 | 1631 | total_malops_available = malop_management_response["data"]["totalHits"]
|
1625 | 1632 | malop_management_response = malop_management_response["data"]["data"]
|
@@ -1706,8 +1713,11 @@ def fetch_incidents(client: Client):
|
1706 | 1713 | integration_context['offset'] = offset
|
1707 | 1714 | set_integration_context(integration_context)
|
1708 | 1715 | demisto.debug("Saved integration context data for mmng/v2")
|
1709 |
| - demisto.debug( |
1710 |
| - f"Polling ends. total_malops_available:{total_malops_available} total_malops_fetched: {total_malops_fetched} offset:{offset}") |
| 1716 | + demisto.debug(( |
| 1717 | + f"Polling ends. total_malops_available: {total_malops_available} " |
| 1718 | + f"total_malops_fetched: {total_malops_fetched} offset: {offset}" |
| 1719 | + )) |
| 1720 | + |
1711 | 1721 |
|
1712 | 1722 |
|
1713 | 1723 | def login(client: Client):
|
|
0 commit comments