Fixed issue with missing IP and added UT (demisto#35892)

* Fixed issue with missing IP and added UT

* Added rn

* Added rn

Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py

@@ -2016,7 +2016,7 @@ def get_endpoint_properties(single_endpoint):
     is_isolated = 'No' if 'unisolated' in single_endpoint.get('is_isolated', '').lower() else 'Yes'
     hostname = single_endpoint['host_name'] if single_endpoint.get('host_name') else single_endpoint.get(
         'endpoint_name')
-    ip = single_endpoint.get('ip')
+    ip = single_endpoint.get('ip') or single_endpoint.get('public_ip') or ''
     return status, is_isolated, hostname, ip
 
 
@@ -2040,7 +2040,7 @@ def generate_endpoint_by_contex_standard(endpoints, ip_as_string, integration_na
         status, is_isolated, hostname, ip = get_endpoint_properties(single_endpoint)
         # in the `-get-endpoints` command the ip is returned as list, in order not to break bc we will keep it
         # in the `endpoint` command we use the standard
-        if ip_as_string and isinstance(ip, list):
+        if ip_as_string and ip and isinstance(ip, list):
             ip = ip[0]
         os_type = convert_os_to_standard(single_endpoint.get('os_type', ''))
         endpoint = Common.Endpoint(

Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py

@@ -2262,26 +2262,51 @@ def test_run_script_kill_multiple_processes_command(requests_mock):
     'host_name': 'TEST',
     'ip': '1.1.1.1'
 }
+PUBLIC_IP = {
+    'endpoint_status': 'Connected',
+    'is_isolated': 'Isolated',
+    'host_name': 'TEST',
+    'ip': [],
+    'public_ip': ['1.1.1.1']
+}
+NO_IP = {
+    'endpoint_status': 'Connected',
+    'is_isolated': 'Isolated',
+    'host_name': 'TEST',
+    'ip': [],
+    'public_ip': []
+}
 
 
-@pytest.mark.parametrize("endpoint, expected", [
-    (CONNECTED_STATUS, 'Online'),
-    (NO_STATUS, 'Offline'),
-    (OFFLINE_STATUS, 'Offline')
+@pytest.mark.parametrize("endpoint, expected_status, expected_ip", [
+    (CONNECTED_STATUS, 'Online', '1.1.1.1'),
+    (NO_STATUS, 'Offline', '1.1.1.1'),
+    (OFFLINE_STATUS, 'Offline', '1.1.1.1'),
+    (PUBLIC_IP, 'Online', ['1.1.1.1']),
+    (NO_IP, 'Online', '')
 ])
-def test_get_endpoint_properties(endpoint, expected):
+def test_get_endpoint_properties(endpoint, expected_status, expected_ip):
     """
     Given:
         - Endpoint data
     When
-        - The status of the enndpoint is 'Connected' with a capital C.
+        - Case a: The status of the endpoint is 'Connected' with a capital C and ip is 1.1.1.1.
+        - Case b: When no status is not given and ip is 1.1.1.1.
+        - Case c: The status of the endpoint is offline and ip is 1.1.1.1.
+        - Case d: The status of the endpoint is 'Connected' with a capital C ip is empty but public_ip is 1.1.1.1.
+        - Case d: The status of the endpoint is 'Connected' with a capital C and both ip and public_ip are empty.
     Then
-        - The status of the endpointn is determined to be 'Online'
+        - Case a: The status of the endpoint is determined to be 'Online' and the ip is set to 1.1.1.1.
+        - Case b: The status of the endpoint is determined to be 'Offline' and the ip is set to 1.1.1.1.
+        - Case c: The status of the endpoint is determined to be 'Offline' and the ip is set to 1.1.1.1.
+        - Case d: The status of the endpoint is determined to be 'Online' and the ip is set to 1.1.1.1.
+        - Case d: The status of the endpoint is determined to be 'Online' and the ip is set to empty.
     """
     from CoreIRApiModule import get_endpoint_properties
 
     status, is_isolated, hostname, ip = get_endpoint_properties(endpoint)
-    assert status == expected
+    assert status == expected_status
+    assert ip == expected_ip
 
 
 def test_remove_blocklist_files_command(requests_mock):

Packs/Core/ReleaseNotes/3_0_54.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Investigation & Response
+
+- Fixed an issue where the ***get-endpoint*** and ***endpoint*** commands failed when the endpoint did not include an IP field.

Packs/Core/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Core - Investigation and Response",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "3.0.53",
+    "currentVersion": "3.0.54",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CortexXDR/ReleaseNotes/6_1_65.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Palo Alto Networks Cortex XDR - Investigation and Response
+
+- Fixed an issue where the ***get-endpoint*** and ***endpoint*** commands failed when the endpoint did not include an IP field.

Packs/CortexXDR/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cortex XDR by Palo Alto Networks",
     "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.",
     "support": "xsoar",
-    "currentVersion": "6.1.64",
+    "currentVersion": "6.1.65",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/ctf01/ReleaseNotes/1_0_26.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Cortex XDR - IR CTF
+
+- Fixed an issue where the ***get-endpoint*** and ***endpoint*** commands failed when the endpoint did not include an IP field.

Packs/ctf01/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Capture The Flag - 01",
     "description": "XSOAR's Capture the flag (CTF)",
     "support": "xsoar",
-    "currentVersion": "1.0.25",
+    "currentVersion": "1.0.26",
     "serverMinVersion": "8.2.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",