From ba19a3d8d1dd7b2a6a8c7f1fcd2c0c19f1620daf Mon Sep 17 00:00:00 2001 From: Karan Deep Date: Thu, 12 Dec 2024 17:26:08 +0530 Subject: [PATCH 1/2] Added get-alerts --- Packs/Doppel/Integrations/Doppel/Doppel.py | 66 +++++++++++++++++++++ Packs/Doppel/Integrations/Doppel/Doppel.yml | 61 +++++++++++++++++++ 2 files changed, 127 insertions(+) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index f952df0078c9..690353995ad8 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -93,6 +93,28 @@ def update_alert( json_data=payload, ) return response_content + + def get_alerts(self, params: Dict[str, Any]) -> List[Dict[str, Any]]: + """ + Fetches multiple alerts based on query parameters. + + :param params: A dictionary of query parameters to apply to the request. + :return: A list of dictionaries containing alert details. + """ + api_name = "alerts" + api_url = f"{self._base_url}/{api_name}" + # Filter out None values + filtered_params = {k: v for k, v in params.items() if v is not None} + + demisto.debug(f"API Request Params: {filtered_params}") + + # Use params as query parameters, not json_data + response_content = self._http_request( + method="GET", + full_url=api_url, + params=filtered_params + ) + return response_content ''' HELPER FUNCTIONS ''' @@ -172,6 +194,48 @@ def update_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults outputs=result, ) +def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: + """ + Command to fetch multiple alerts based on query parameters. + + :param client: Client instance to interact with the API. + :param args: Command arguments containing the query parameters as key-value pairs. + :return: CommandResults object with the retrieved alerts. + """ + # Extract query parameters + query_params = { + 'search_key': args.get('search_key'), + 'queue_state': args.get('queue_state'), + 'product': args.get('product'), + 'created_before': args.get('created_before'), + 'created_after': args.get('created_after'), + 'sort_type': args.get('sort_type'), + 'sort_order': args.get('sort_order'), + 'page': args.get('page'), + 'tags': args.get('tags') + } + + # Fetch results from the API + try: + results = client.get_alerts(params=query_params) + demisto.debug(f"Fetched alerts raw response: {results}") + if not results: + readable_output = "No alerts were found with the given parameters." + else: + readable_output = f"Retrieved {len(results)} alerts successfully.\n\nComplete JSON data:\n" \ + f"{json.dumps(results, indent=4)}" + + + return CommandResults( + outputs_prefix="Doppel.GetAlerts", + outputs_key_field="id", + outputs=results, + readable_output=readable_output, + raw_response=results + ) + except Exception as e: + raise ValueError(f"Failed to fetch alerts: {str(e)}") + ''' MAIN FUNCTION ''' @@ -201,6 +265,8 @@ def main() -> None: return_results(get_alert_command(client, demisto.args())) elif current_command == 'update-alert': return_results(update_alert_command(client, demisto.args())) + elif current_command == 'get-alerts': + return_results(get_alerts_command(client, demisto.args())) # Log exceptions and return errors except Exception as e: diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.yml b/Packs/Doppel/Integrations/Doppel/Doppel.yml index 388635b9dac7..e805adc5ab2e 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.yml +++ b/Packs/Doppel/Integrations/Doppel/Doppel.yml @@ -33,6 +33,67 @@ script: description: 'Link to the alert in the Doppel portal' type: String + - name: get-alerts + description: Retrieves multiple alerts based on the query parameters provided. + It includes metadata and details about each alert. + arguments: + - name: search_key + description: Currently only supports search by url + type: textArea + - name: queue_state + auto: PREDEFINED + predefined: + - actioned + - needs_confirmation + - doppel_review + - monitoring + - taken_down + - archived + description: New queue status to update alert with (id required) + - name: product + auto: PREDEFINED + predefined: + - domains + - social_media + - mobile_apps + - ecommerce + - crypto + - emails + - paid_adds + description: Product category the report belongs to. + - name: created_before + description: Filter alerts created before this date. '2024-01-05T13:45:30' -- + Represents the 5th of January 2024, at 1:45:30 PM + type: textArea + - name: created_after + description: Filter alerts created after this date. '2024-01-05T13:45:30' -- + Represents the 5th of January 2024, at 1:45:30 PM + type: textArea + - name: sort_type + auto: PREDEFINED + predefined: + - date_sourced + - date_last_actioned + description: The field to sort the reports by. Defaults to date_sourced. + type: textArea + - name: sort_order + auto: PREDEFINED + predefined: + - asc + - desc + description: The order to sort the reports by. Defaults to desc. + type: textArea + - name: page + description: Page number for pagination; defaults to 0 + type: textArea + - name: tags + description: List of tags to filter alerts + isArray: true + type: textArea + outputs: + - contextPath: Doppel.GetAlerts + + - name: update-alert description: Updates a alert in the system with certain parameters. arguments: From 83409211720a258b858651041bd563e3e945e444 Mon Sep 17 00:00:00 2001 From: Karan Deep Date: Fri, 13 Dec 2024 11:39:42 +0530 Subject: [PATCH 2/2] updated the exception handling --- Packs/Doppel/Integrations/Doppel/Doppel.py | 39 +++++++++++----------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py index 690353995ad8..1bcfd9ca60af 100644 --- a/Packs/Doppel/Integrations/Doppel/Doppel.py +++ b/Packs/Doppel/Integrations/Doppel/Doppel.py @@ -1,5 +1,6 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 +import json """Doppel for Cortex XSOAR (aka Demisto) This integration contains features to mirror the alerts from Doppel to create incidents in XSOAR @@ -202,7 +203,8 @@ def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: :param args: Command arguments containing the query parameters as key-value pairs. :return: CommandResults object with the retrieved alerts. """ - # Extract query parameters + + # Extract query parameters directly from arguments query_params = { 'search_key': args.get('search_key'), 'queue_state': args.get('queue_state'), @@ -215,26 +217,25 @@ def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults: 'tags': args.get('tags') } - # Fetch results from the API - try: - results = client.get_alerts(params=query_params) - demisto.debug(f"Fetched alerts raw response: {results}") - if not results: - readable_output = "No alerts were found with the given parameters." - else: - readable_output = f"Retrieved {len(results)} alerts successfully.\n\nComplete JSON data:\n" \ - f"{json.dumps(results, indent=4)}" + # Call the client's `get_alerts` method to fetch data + demisto.debug(f"Query parameters before sending to client: {query_params}") + results = client.get_alerts(params=query_params) + demisto.debug(f"Results received: {results}") + # Handle empty alerts response + if not results: + raise ValueError("No alerts were found with the given parameters.") + + # Prepare the readable JSON response + readable_output = json.dumps(results, indent=4) + + return CommandResults( + outputs_prefix="Doppel.GetAlerts", + outputs_key_field="id", + outputs=results, + readable_output=readable_output + ) - return CommandResults( - outputs_prefix="Doppel.GetAlerts", - outputs_key_field="id", - outputs=results, - readable_output=readable_output, - raw_response=results - ) - except Exception as e: - raise ValueError(f"Failed to fetch alerts: {str(e)}") ''' MAIN FUNCTION '''