From 63097497e5e928a96eb48c9407bad70b4b9c9887 Mon Sep 17 00:00:00 2001 From: Shahaf Ben Yakir <44666568+ShahafBenYakir@users.noreply.github.com> Date: Sun, 18 Aug 2024 17:46:26 +0300 Subject: [PATCH] Fixed issue with missing IP and added UT (#35892) * Fixed issue with missing IP and added UT * Added rn * Added rn --- .../CoreIRApiModule/CoreIRApiModule.py | 4 +- .../CoreIRApiModule/CoreIRApiModule_test.py | 41 +++++++++++++++---- Packs/Core/ReleaseNotes/3_0_54.md | 6 +++ Packs/Core/pack_metadata.json | 2 +- Packs/CortexXDR/ReleaseNotes/6_1_65.md | 6 +++ Packs/CortexXDR/pack_metadata.json | 2 +- Packs/ctf01/ReleaseNotes/1_0_26.md | 6 +++ Packs/ctf01/pack_metadata.json | 2 +- 8 files changed, 56 insertions(+), 13 deletions(-) create mode 100644 Packs/Core/ReleaseNotes/3_0_54.md create mode 100644 Packs/CortexXDR/ReleaseNotes/6_1_65.md create mode 100644 Packs/ctf01/ReleaseNotes/1_0_26.md diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py index 8edaeeb300e2..cd72f114f36e 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py @@ -2016,7 +2016,7 @@ def get_endpoint_properties(single_endpoint): is_isolated = 'No' if 'unisolated' in single_endpoint.get('is_isolated', '').lower() else 'Yes' hostname = single_endpoint['host_name'] if single_endpoint.get('host_name') else single_endpoint.get( 'endpoint_name') - ip = single_endpoint.get('ip') + ip = single_endpoint.get('ip') or single_endpoint.get('public_ip') or '' return status, is_isolated, hostname, ip @@ -2040,7 +2040,7 @@ def generate_endpoint_by_contex_standard(endpoints, ip_as_string, integration_na status, is_isolated, hostname, ip = get_endpoint_properties(single_endpoint) # in the `-get-endpoints` command the ip is returned as list, in order not to break bc we will keep it # in the `endpoint` command we use the standard - if ip_as_string and isinstance(ip, list): + if ip_as_string and ip and isinstance(ip, list): ip = ip[0] os_type = convert_os_to_standard(single_endpoint.get('os_type', '')) endpoint = Common.Endpoint( diff --git a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py index 7aee2386d337..9ad84d29aa73 100644 --- a/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py +++ b/Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule_test.py @@ -2262,26 +2262,51 @@ def test_run_script_kill_multiple_processes_command(requests_mock): 'host_name': 'TEST', 'ip': '1.1.1.1' } +PUBLIC_IP = { + 'endpoint_status': 'Connected', + 'is_isolated': 'Isolated', + 'host_name': 'TEST', + 'ip': [], + 'public_ip': ['1.1.1.1'] +} +NO_IP = { + 'endpoint_status': 'Connected', + 'is_isolated': 'Isolated', + 'host_name': 'TEST', + 'ip': [], + 'public_ip': [] +} -@pytest.mark.parametrize("endpoint, expected", [ - (CONNECTED_STATUS, 'Online'), - (NO_STATUS, 'Offline'), - (OFFLINE_STATUS, 'Offline') +@pytest.mark.parametrize("endpoint, expected_status, expected_ip", [ + (CONNECTED_STATUS, 'Online', '1.1.1.1'), + (NO_STATUS, 'Offline', '1.1.1.1'), + (OFFLINE_STATUS, 'Offline', '1.1.1.1'), + (PUBLIC_IP, 'Online', ['1.1.1.1']), + (NO_IP, 'Online', '') ]) -def test_get_endpoint_properties(endpoint, expected): +def test_get_endpoint_properties(endpoint, expected_status, expected_ip): """ Given: - Endpoint data When - - The status of the enndpoint is 'Connected' with a capital C. + - Case a: The status of the endpoint is 'Connected' with a capital C and ip is 1.1.1.1. + - Case b: When no status is not given and ip is 1.1.1.1. + - Case c: The status of the endpoint is offline and ip is 1.1.1.1. + - Case d: The status of the endpoint is 'Connected' with a capital C ip is empty but public_ip is 1.1.1.1. + - Case d: The status of the endpoint is 'Connected' with a capital C and both ip and public_ip are empty. Then - - The status of the endpointn is determined to be 'Online' + - Case a: The status of the endpoint is determined to be 'Online' and the ip is set to 1.1.1.1. + - Case b: The status of the endpoint is determined to be 'Offline' and the ip is set to 1.1.1.1. + - Case c: The status of the endpoint is determined to be 'Offline' and the ip is set to 1.1.1.1. + - Case d: The status of the endpoint is determined to be 'Online' and the ip is set to 1.1.1.1. + - Case d: The status of the endpoint is determined to be 'Online' and the ip is set to empty. """ from CoreIRApiModule import get_endpoint_properties status, is_isolated, hostname, ip = get_endpoint_properties(endpoint) - assert status == expected + assert status == expected_status + assert ip == expected_ip def test_remove_blocklist_files_command(requests_mock): diff --git a/Packs/Core/ReleaseNotes/3_0_54.md b/Packs/Core/ReleaseNotes/3_0_54.md new file mode 100644 index 000000000000..77790f3369f4 --- /dev/null +++ b/Packs/Core/ReleaseNotes/3_0_54.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Investigation & Response + +- Fixed an issue where the ***get-endpoint*** and ***endpoint*** commands failed when the endpoint did not include an IP field. \ No newline at end of file diff --git a/Packs/Core/pack_metadata.json b/Packs/Core/pack_metadata.json index eeb9e7842b95..a31018fc3844 100644 --- a/Packs/Core/pack_metadata.json +++ b/Packs/Core/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Core - Investigation and Response", "description": "Automates incident response", "support": "xsoar", - "currentVersion": "3.0.53", + "currentVersion": "3.0.54", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_65.md b/Packs/CortexXDR/ReleaseNotes/6_1_65.md new file mode 100644 index 000000000000..c6ed5d5d1e84 --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_65.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Palo Alto Networks Cortex XDR - Investigation and Response + +- Fixed an issue where the ***get-endpoint*** and ***endpoint*** commands failed when the endpoint did not include an IP field. diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json index 5c180b0c0baa..affbbcf401d4 100644 --- a/Packs/CortexXDR/pack_metadata.json +++ b/Packs/CortexXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex XDR by Palo Alto Networks", "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.", "support": "xsoar", - "currentVersion": "6.1.64", + "currentVersion": "6.1.65", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ctf01/ReleaseNotes/1_0_26.md b/Packs/ctf01/ReleaseNotes/1_0_26.md new file mode 100644 index 000000000000..c0cef7d3f38e --- /dev/null +++ b/Packs/ctf01/ReleaseNotes/1_0_26.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cortex XDR - IR CTF + +- Fixed an issue where the ***get-endpoint*** and ***endpoint*** commands failed when the endpoint did not include an IP field. diff --git a/Packs/ctf01/pack_metadata.json b/Packs/ctf01/pack_metadata.json index 3039f1d52a6c..a9bd560e0f0a 100644 --- a/Packs/ctf01/pack_metadata.json +++ b/Packs/ctf01/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Capture The Flag - 01", "description": "XSOAR's Capture the flag (CTF)", "support": "xsoar", - "currentVersion": "1.0.25", + "currentVersion": "1.0.26", "serverMinVersion": "8.2.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex",