From b0406c559c7f4a1cee5f05add7802a7bf08c6867 Mon Sep 17 00:00:00 2001 From: LiorQM Date: Mon, 3 Mar 2025 17:07:06 +0200 Subject: [PATCH 1/5] updated last run to latest incident time and allowed more than 1 day in last run time --- Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py index 9108dd349028..e47fb67dc2ac 100644 --- a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py +++ b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py @@ -1410,7 +1410,7 @@ def fetch_dlp_incidents_as_incidents( # set the new incident IDs to avoid duplicates on next fetch set_demisto_integration_context("dlp_incident_ids", new_incident_ids, "append") - + last_run_timestamp = max(new_incidents, key=lambda k: k["timestamp"]) + 1 else: last_run_timestamp = end_time_number @@ -1547,10 +1547,7 @@ def get_last_run( last_run_time = ticket_last_run.get("time") last_run_id = ticket_last_run.get("id") else: - if incident_type == "dlp_incident": - last_run_time = "1 Day" - else: - last_run_time = args.get("first_fetch", "3 Days") + last_run_time = args.get("first_fetch", "3 Days") first_fetch = arg_to_datetime(arg=last_run_time, arg_name="First fetch time", From f050efbdc460a0bc8105c163f736ae60908c5a7e Mon Sep 17 00:00:00 2001 From: LiorQM Date: Mon, 3 Mar 2025 17:32:44 +0200 Subject: [PATCH 2/5] updated release notes --- Packs/Netskope/ReleaseNotes/4_0_7.md | 6 ++++++ Packs/Netskope/pack_metadata.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 Packs/Netskope/ReleaseNotes/4_0_7.md diff --git a/Packs/Netskope/ReleaseNotes/4_0_7.md b/Packs/Netskope/ReleaseNotes/4_0_7.md new file mode 100644 index 000000000000..0769e392d01b --- /dev/null +++ b/Packs/Netskope/ReleaseNotes/4_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Netskope (API v2) + +Updated last run time for DLP incidents diff --git a/Packs/Netskope/pack_metadata.json b/Packs/Netskope/pack_metadata.json index e805ec906c72..b8e837640b13 100644 --- a/Packs/Netskope/pack_metadata.json +++ b/Packs/Netskope/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Netskope", "description": "Cloud access security broker that enables to find, understand, and secure cloud apps.", "support": "xsoar", - "currentVersion": "4.0.6", + "currentVersion": "4.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From 7662a3f6352b6d9e892d83929a19022ac84b0c04 Mon Sep 17 00:00:00 2001 From: LiorQM Date: Mon, 3 Mar 2025 17:35:48 +0200 Subject: [PATCH 3/5] added extraction for max incident --- .../Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py index e47fb67dc2ac..a92702a91cb6 100644 --- a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py +++ b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.py @@ -1,9 +1,10 @@ -import demistomock as demisto # noqa: F401 -from CommonServerPython import * # noqa: F401 import copy +from collections.abc import Callable from http import HTTPStatus from typing import Any, NamedTuple -from collections.abc import Callable + +import demistomock as demisto # noqa: F401 +from CommonServerPython import * # noqa: F401 MAX_IDS_NUMBER = 289262 DEFAULT_WAIT_TIME = 5 @@ -1410,7 +1411,7 @@ def fetch_dlp_incidents_as_incidents( # set the new incident IDs to avoid duplicates on next fetch set_demisto_integration_context("dlp_incident_ids", new_incident_ids, "append") - last_run_timestamp = max(new_incidents, key=lambda k: k["timestamp"]) + 1 + last_run_timestamp = max(new_incidents, key=lambda k: k["timestamp"])["timestamp"] + 1 else: last_run_timestamp = end_time_number From 3d80edf4c1fb720d9daa559ed90c2bb5f5bb43d8 Mon Sep 17 00:00:00 2001 From: LiorQM Date: Mon, 3 Mar 2025 17:48:21 +0200 Subject: [PATCH 4/5] updated docker tag --- Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml index 928a432cd065..3994bb448a9d 100644 --- a/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml +++ b/Packs/Netskope/Integrations/NetskopeAPIv2/NetskopeAPIv2.yml @@ -1285,7 +1285,7 @@ script: name: lastUpdate description: Gets the list of incidents that were modified since the last update time. Note that this method is here for debugging purposes. The get-modified-remote-data command is used as part of a Mirroring feature, which is available in Cortex XSOAR from version 6.1. name: get-modified-remote-data - dockerimage: demisto/python3:3.11.10.116949 + dockerimage: demisto/python3:3.12.8.1983910 isfetch: true ismappable: true isremotesyncin: true From 5dfdab191af174dbed3d81202a19e600c5531814 Mon Sep 17 00:00:00 2001 From: LiorQM Date: Mon, 3 Mar 2025 17:55:31 +0200 Subject: [PATCH 5/5] updated release notes for docker image --- Packs/Netskope/ReleaseNotes/4_0_7.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Packs/Netskope/ReleaseNotes/4_0_7.md b/Packs/Netskope/ReleaseNotes/4_0_7.md index 0769e392d01b..e4e7b05196fb 100644 --- a/Packs/Netskope/ReleaseNotes/4_0_7.md +++ b/Packs/Netskope/ReleaseNotes/4_0_7.md @@ -3,4 +3,6 @@ ##### Netskope (API v2) +- Updated the Docker image to: *demisto/python3:3.12.8.1983910*. + Updated last run time for DLP incidents