Sentinel Lookback Mechanism

[noydavidi]

Added a lookback mechanism for fetching incidents.

Status

• In Progress
• Ready
• In Hold - (Reason for hold)

Related Issues

related: link to the issue

Must have

• Tests
• Documentation

[content-bot]

🤖 AI-Powered Code Review Available

You can leverage AI-powered code review to assist with this PR!

Available Commands:

• @marketplace-ai-reviewer start review - Initiate a full AI code review
• @marketplace-ai-reviewer re-review - Incremental review for new commits

[github-actions]

Coverage Report

File	Stmts	Miss	Cover	Missing
Packs/AzureSentinel/Integrations/AzureSentinel
AzureSentinel.py	814	72	91%	473, 475, 536, 538, 543, 553, 555, 560, 568, 575, 785–786, 788–790, 792, 822, 864, 871–872, 947–950, 952–953, 1097–1099, 1289–1290, 1404–1405, 1409–1411, 1419, 1421, 1423, 1425, 1431, 1512, 1607–1610, 1614, 1628–1632, 1640, 1644, 1772, 1777, 1898, 1905–1907, 1915–1916, 1965, 2432, 2437, 2495, 2499, 2501, 2503, 2505, 2510–2511
TOTAL	814	72	91%

Tests	Skipped	Failures	Errors	Time
120	0 💤	0 ❌	0 🔥	3.934s ⏱️

[marketplace-ai-reviewer]

🤖 Analysis started. Please wait for results...

[noydavidi]

[marketplace-ai-reviewer]

🤖 AI Review Disclaimer

This review was generated by an AI-powered tool and may contain inaccuracies. Please be advised, and we extend our sincere apologies for any inconvenience this may cause.

[marketplace-ai-reviewer]

Hi! Thanks for your contribution to the Azure Sentinel integration.

I've reviewed the PR and noticed a few architectural risks with the new lookback mechanism, specifically around potential incident drops, state size limits, and incorrect last_fetch_time advancement. There are also some minor YAML formatting tweaks needed, and the documentation should be simplified and updated using demisto-sdk generate-docs.

Let me know if you have any questions or need help adjusting the lookback logic!

Additionally, please address the following file-level notes:

• Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml: The .yml file must start with name or display as the first key at the root level.

@MLainer1, @noydavidi please review and approve the results generated by the AI Reviewer by responding 👍 on this comment.

[content-bot]

This PR was automatically updated by a GitHub Action

• AzureSentinel pack version was bumped to 1.6.3.

To stop automatic version bumps, add the ignore-auto-bump-version label to the github PR.

[content-bot]

Validate summary
The following errors were thrown as a part of this pr: .
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.

Verdict: PR can be force merged from validate perspective? ✅

[content-bot]

🔍 AI Triage Report Available

An automated triage report has been generated for this pipeline.

Status: failed
Report ID: cde20ced606bc0ba

📋 Triage Report
💡 Resolutions are available in the full report.

⚠️ AI-generated triage. Validate before acting.