From 1c3a182db68e191599e9ce7000447a5e7afb8bca Mon Sep 17 00:00:00 2001
From: Sebastien Quioc <sebastien.quioc@sekoia.fr>
Date: Mon, 26 Aug 2024 12:44:07 +0200
Subject: [PATCH 1/3] fix(SentinelOne): handle threats as a dict

---
 SentinelOne/sentinelone_module/logs/connector.py |  2 +-
 SentinelOne/tests/conftest.py                    | 14 ++++++++------
 SentinelOne/tests/logs/test_connector.py         |  8 ++++++--
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/SentinelOne/sentinelone_module/logs/connector.py b/SentinelOne/sentinelone_module/logs/connector.py
index 089433821..e7b4766f4 100644
--- a/SentinelOne/sentinelone_module/logs/connector.py
+++ b/SentinelOne/sentinelone_module/logs/connector.py
@@ -246,7 +246,7 @@ def pull_events(self, last_timestamp: datetime | None):
             logger.debug("Collected nb_threats", nb=nb_threats)
 
             # discard already collected events
-            selected_events = filter_collected_events(threats.data, lambda threat: threat.id, self.events_cache)
+            selected_events = filter_collected_events(threats.data, lambda threat: threat["id"], self.events_cache)
 
             # Push events
             if len(selected_events) > 0:
diff --git a/SentinelOne/tests/conftest.py b/SentinelOne/tests/conftest.py
index 2c52458bb..a83d7877e 100644
--- a/SentinelOne/tests/conftest.py
+++ b/SentinelOne/tests/conftest.py
@@ -107,17 +107,19 @@ def activity_2():
 
 @pytest.fixture
 def threat_1():
-    threat = Threat()
-    threat.createdAt = "2021-03-09T13:03:22.026416Z"
-    threat.id = (str(random.randint(0, 1000000)),)
+    threat = dict(
+        createdAt="2021-03-09T13:03:22.026416Z",
+        id=(str(random.randint(0, 1000000)),),
+    )
     yield threat
 
 
 @pytest.fixture
 def threat_2():
-    threat = Threat()
-    threat.createdAt = "2021-03-09T15:41:54.448862Z"
-    threat.id = (str(random.randint(0, 1000000)),)
+    threat = dict(
+        createdAt="2021-03-09T15:41:54.448862Z",
+        id=(str(random.randint(0, 1000000)),),
+    )
     yield threat
 
 
diff --git a/SentinelOne/tests/logs/test_connector.py b/SentinelOne/tests/logs/test_connector.py
index 785f7c36a..64f09321d 100644
--- a/SentinelOne/tests/logs/test_connector.py
+++ b/SentinelOne/tests/logs/test_connector.py
@@ -91,8 +91,12 @@ def test_pull_threats(threat_consumer, threat_1, threat_2):
     assert EVENTS_LAG.labels(
         intake_key=threat_consumer.configuration.intake_key, type="threats"
     ).set.call_args_list == [
-        call(int((datetime.datetime.now(UTC) - datetime.datetime.fromisoformat(threat_1.createdAt)).total_seconds())),
-        call(int((datetime.datetime.now(UTC) - datetime.datetime.fromisoformat(threat_2.createdAt)).total_seconds())),
+        call(
+            int((datetime.datetime.now(UTC) - datetime.datetime.fromisoformat(threat_1["createdAt"])).total_seconds())
+        ),
+        call(
+            int((datetime.datetime.now(UTC) - datetime.datetime.fromisoformat(threat_2["createdAt"])).total_seconds())
+        ),
     ]
 
 

From eefe50993c7ad1b6ad0d1e1cb4736c4756b7dab2 Mon Sep 17 00:00:00 2001
From: Sebastien Quioc <sebastien.quioc@sekoia.fr>
Date: Mon, 26 Aug 2024 12:46:13 +0200
Subject: [PATCH 2/3] fix(SentinelOne): declare batch_duration before the
 try-catch block (because we use it after the block)

---
 SentinelOne/sentinelone_module/logs/connector.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SentinelOne/sentinelone_module/logs/connector.py b/SentinelOne/sentinelone_module/logs/connector.py
index e7b4766f4..806eb1822 100644
--- a/SentinelOne/sentinelone_module/logs/connector.py
+++ b/SentinelOne/sentinelone_module/logs/connector.py
@@ -123,6 +123,7 @@ def pull_events(self, last_timestamp: datetime | None) -> list:
     def next_batch(self):
         # save the starting time
         batch_start_time = time()
+        batch_duration: int = 0
 
         try:
             # get the batch

From c737e77a4532ed96c98279bf1d4beada2d4a7888 Mon Sep 17 00:00:00 2001
From: Sebastien Quioc <sebastien.quioc@sekoia.fr>
Date: Mon, 26 Aug 2024 12:47:43 +0200
Subject: [PATCH 3/3] chore(SentinelOne): bump version number

---
 SentinelOne/CHANGELOG.md  | 7 +++++++
 SentinelOne/manifest.json | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/SentinelOne/CHANGELOG.md b/SentinelOne/CHANGELOG.md
index 6b2290d33..8d5e892bf 100644
--- a/SentinelOne/CHANGELOG.md
+++ b/SentinelOne/CHANGELOG.md
@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## 2024-08-26 - 1.17.4
+
+### Fixed
+
+- handle threats as a dictionary, instead of an object
+- declare batch_duration variable
+
 ## 2024-08-08 - 1.17.3
 
 ### Changed
diff --git a/SentinelOne/manifest.json b/SentinelOne/manifest.json
index c36b0ec33..75a687ba0 100644
--- a/SentinelOne/manifest.json
+++ b/SentinelOne/manifest.json
@@ -20,5 +20,5 @@
   "name": "SentinelOne",
   "uuid": "ff675e74-e5c1-47c8-a571-d207fc297464",
   "slug": "sentinelone",
-  "version": "1.17.3"
+  "version": "1.17.4"
 }