Skip to content

Fix PhishER fetch-incidents missed messages / EIR-14074#44296

Open
marcom-kb4 wants to merge 1 commit into
demisto:contrib/marcom-kb4_contrib/knowbe4-phisher-fetch-lookbackfrom
marcom-kb4:contrib/knowbe4-phisher-fetch-lookback
Open

Fix PhishER fetch-incidents missed messages / EIR-14074#44296
marcom-kb4 wants to merge 1 commit into
demisto:contrib/marcom-kb4_contrib/knowbe4-phisher-fetch-lookbackfrom
marcom-kb4:contrib/knowbe4-phisher-fetch-lookback

Conversation

@marcom-kb4
Copy link
Copy Markdown
Contributor

@marcom-kb4 marcom-kb4 commented May 13, 2026
edited by marketplace-content-sync
Loading

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

EIR-14207

Description

PhishER indexes messages asynchronously; reported_at can lag by hours. Messages with reported_at below the last-run cursor were permanently lost.

  • Added look_back parameter (default 15 min) to widen the fetch window
  • Adopted XSOAR SDK lookback helpers for built-in dedup (found_incident_ids)
  • Migrated legacy {last_fetch} lastRun shape transparently on first run
  • Closed fetch window to reported_at:{start TO end} to bound each query
  • Bumped pack to 1.0.20

Must have

  • Tests
  • Documentation

relates: https://jira-dc.paloaltonetworks.com/browse/CIAC-16776

@marcom-kb4
Fix PhishER fetch-incidents missed messages / EIR-14074
8ffdf3e 
PhishER indexes messages asynchronously; reported_at can lag by hours.
Messages with reported_at below the last-run cursor were permanently lost.

- Added look_back parameter (default 15 min) to widen the fetch window
- Adopted XSOAR SDK lookback helpers for built-in dedup (found_incident_ids)
- Migrated legacy {last_fetch} lastRun shape transparently on first run
- Closed fetch window to reported_at:{start TO end} to bound each query
- Bumped pack to 1.0.20
@content-bot content-bot added Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack labels May 13, 2026
@content-bot content-bot changed the base branch from master to contrib/marcom-kb4_contrib/knowbe4-phisher-fetch-lookback May 13, 2026 18:22
@content-bot content-bot requested a review from kamalq97 May 13, 2026 18:22
@content-bot
Copy link
Copy Markdown
Contributor

content-bot commented May 13, 2026

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @kamalq97 will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

@content-bot
Copy link
Copy Markdown
Contributor

content-bot commented May 13, 2026

Hi @marcom-kb4, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

@content-bot
Copy link
Copy Markdown
Contributor

content-bot commented May 13, 2026

🤖 AI-Powered Code Review Available

Hi @kamalq97, you can leverage AI-powered code review to assist with this PR!

Available Commands:

  • @marketplace-ai-reviewer start review - Initiate a full AI code review
  • @marketplace-ai-reviewer re-review - Incremental review for new commits

@kamalq97
Copy link
Copy Markdown
Contributor

kamalq97 commented May 14, 2026

Hi @marcom-kb4,

This PR does not yet have partner approval.

If you are a developer from the partner organization:

If you are a member of our XSOAR Content development community:

  • Please confirm by commenting here or contacting me via the Cortex DFIR Community Slack.
    • We will reach out to the partner and ask for their approval of the changes in this PR.

@kamalq97 kamalq97 added pending-contributor The PR is pending the response of its creator docs-approved labels May 14, 2026
@content-bot content-bot added Community Contribution Form Filled Whether contribution form filled or not. labels May 14, 2026
@marcom-kb4
Copy link
Copy Markdown
Contributor Author

marcom-kb4 commented May 14, 2026

Hi @marcom-kb4,

This PR does not yet have partner approval.

If you are a developer from the partner organization:

If you are a member of our XSOAR Content development community:

  • Please confirm by commenting here or contacting me via the Cortex DFIR Community Slack.

    • We will reach out to the partner and ask for their approval of the changes in this PR.

done!

@kamalq97
Copy link
Copy Markdown
Contributor

kamalq97 commented May 14, 2026

Hi @marcom-kb4

Thank you for filling the contribution registration form. This PR still missing partner approval unfortunately.
Please ensure the Partner ID is provided when filling the form (re-submitting the form if needed).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kamalq97 kamalq97 Awaiting requested review from kamalq97

At least 1 approving review is required to merge this pull request.

Assignees

@kamalq97 kamalq97

Labels

Community Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! docs-approved External PR Partner Support Level Indicates that the contribution is for Partner supported pack pending-contributor The PR is pending the response of its creator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marcom-kb4 @content-bot @kamalq97