metron-labs · karand-metron · Dec 13, 2024 · Dec 12, 2024 · Dec 13, 2024
diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.py b/Packs/Doppel/Integrations/Doppel/Doppel.py
@@ -1,5 +1,6 @@
 import demistomock as demisto  # noqa: F401
 from CommonServerPython import *  # noqa: F401
+import json
 """Doppel for Cortex XSOAR (aka Demisto)
 
 This integration contains features to mirror the alerts from Doppel to create incidents in XSOAR
@@ -93,6 +94,28 @@ def update_alert(
             json_data=payload,
         )
         return response_content
+
+    def get_alerts(self, params: Dict[str, Any]) -> List[Dict[str, Any]]:
+        """
+        Fetches multiple alerts based on query parameters.
+
+        :param params: A dictionary of query parameters to apply to the request.
+        :return: A list of dictionaries containing alert details.
+        """
+        api_name = "alerts"
+        api_url = f"{self._base_url}/{api_name}"
+        # Filter out None values
+        filtered_params = {k: v for k, v in params.items() if v is not None}
+
+        demisto.debug(f"API Request Params: {filtered_params}")
+
+        # Use params as query parameters, not json_data
+        response_content = self._http_request(
+            method="GET",
+            full_url=api_url,
+            params=filtered_params
+        )
+        return response_content
 
 ''' HELPER FUNCTIONS '''
 
@@ -172,6 +195,48 @@ def update_alert_command(client: Client, args: Dict[str, Any]) -> CommandResults
         outputs=result,
     )
 
+def get_alerts_command(client: Client, args: Dict[str, Any]) -> CommandResults:
+    """
+    Command to fetch multiple alerts based on query parameters.
+
+    :param client: Client instance to interact with the API.
+    :param args: Command arguments containing the query parameters as key-value pairs.
+    :return: CommandResults object with the retrieved alerts.
+    """
+
+    # Extract query parameters directly from arguments
+    query_params = {
+        'search_key': args.get('search_key'),
+        'queue_state': args.get('queue_state'),
+        'product': args.get('product'),
+        'created_before': args.get('created_before'),
+        'created_after': args.get('created_after'),
+        'sort_type': args.get('sort_type'),
+        'sort_order': args.get('sort_order'),
+        'page': args.get('page'),
+        'tags': args.get('tags')
+    }
+
+    # Call the client's `get_alerts` method to fetch data
+    demisto.debug(f"Query parameters before sending to client: {query_params}")
+    results = client.get_alerts(params=query_params)
+    demisto.debug(f"Results received: {results}")
+
+    # Handle empty alerts response
+    if not results:
+        raise ValueError("No alerts were found with the given parameters.")
+
+    # Prepare the readable JSON response
+    readable_output = json.dumps(results, indent=4)
+
+    return CommandResults(
+        outputs_prefix="Doppel.GetAlerts",
+        outputs_key_field="id",
+        outputs=results,
+        readable_output=readable_output
+    )
+
+
 ''' MAIN FUNCTION '''
 
 
@@ -201,6 +266,8 @@ def main() -> None:
             return_results(get_alert_command(client, demisto.args()))
         elif current_command == 'update-alert':
             return_results(update_alert_command(client, demisto.args()))
+        elif current_command == 'get-alerts':
+            return_results(get_alerts_command(client, demisto.args()))
 
     # Log exceptions and return errors
     except Exception as e:

diff --git a/Packs/Doppel/Integrations/Doppel/Doppel.yml b/Packs/Doppel/Integrations/Doppel/Doppel.yml
@@ -33,6 +33,67 @@ script:
       description: 'Link to the alert in the Doppel portal'
       type: String
 
+  - name: get-alerts
+    description: Retrieves multiple alerts based on the query parameters provided.
+        It includes metadata and details about each alert.
+    arguments:
+    - name: search_key
+      description: Currently only supports search by url
+      type: textArea
+    - name: queue_state
+      auto: PREDEFINED
+      predefined:
+      - actioned
+      - needs_confirmation
+      - doppel_review
+      - monitoring
+      - taken_down
+      - archived
+      description: New queue status to update alert with (id required)
+    - name: product
+      auto: PREDEFINED
+      predefined:
+      - domains
+      - social_media
+      - mobile_apps
+      - ecommerce
+      - crypto
+      - emails
+      - paid_adds
+      description: Product category the report belongs to.
+    - name: created_before
+      description: Filter alerts created before this date. '2024-01-05T13:45:30' --
+        Represents the 5th of January 2024, at 1:45:30 PM
+      type: textArea
+    - name: created_after
+      description: Filter alerts created after this date. '2024-01-05T13:45:30' --
+        Represents the 5th of January 2024, at 1:45:30 PM
+      type: textArea
+    - name: sort_type
+      auto: PREDEFINED
+      predefined:
+      - date_sourced
+      - date_last_actioned
+      description: The field to sort the reports by. Defaults to date_sourced.
+      type: textArea
+    - name: sort_order
+      auto: PREDEFINED
+      predefined:
+      - asc
+      - desc
+      description: The order to sort the reports by. Defaults to desc.
+      type: textArea
+    - name: page
+      description: Page number for pagination; defaults to 0
+      type: textArea
+    - name: tags
+      description: List of tags to filter alerts
+      isArray: true
+      type: textArea
+    outputs:
+    - contextPath: Doppel.GetAlerts
+
+
   - name: update-alert
     description: Updates a alert in the system with certain parameters.
     arguments: