Skip to content

Commit

Permalink
PAPP-34988 cleaning and fixes from tests
Browse files Browse the repository at this point in the history
  • Loading branch information
grokas-splunk committed Nov 26, 2024
1 parent 16de483 commit 624630a
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 22 deletions.
6 changes: 3 additions & 3 deletions crowdstrikeoauthapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -10367,8 +10367,8 @@
"read_only": false,
"versions": "EQ(*)",
"parameters": {
"id": {
"description": "Alert composite_id(s) to update, Comma-separated list allowed",
"alert_ids": {
"description": "List of alert composite_ids to update, Comma-separated list allowed",
"data_type": "string",
"contains": [
"crowdstrike alert id"
Expand All @@ -10377,7 +10377,7 @@
"required": true,
"order": 0
},
"state": {
"status": {
"description": "Status to set",
"data_type": "string",
"value_list": [
Expand Down
35 changes: 17 additions & 18 deletions crowdstrikeoauthapi_connector.py
Original file line number Diff line number Diff line change
Expand Up @@ -583,14 +583,13 @@ def _handle_resolve_detection(self, param):
def _handle_resolve_epp_alerts(self, param):
action_result = self.add_action_result(ActionResult(dict(param)))

composite_ids = param[CROWDSTRIKE_JSON_ID]
to_state = param[CROWDSTRIKE_RESOLVE_DETECTION_TO_STATE]
composite_ids = self.validate_comma_seperated_values(param.get(CROWDSTRIKE_ALERT_IDS))
if not composite_ids:
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_ALERT_IDS))

to_state = param[CROWDSTRIKE_STATUS]
if to_state not in CROWDSTRIKE_EPP_ALERT_STATUSES:
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="state"))

composite_ids = [x.strip() for x in composite_ids.split(",")]
composite_ids = list(filter(None, composite_ids))
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_STATUS))

api_data = {
"composite_ids": composite_ids,
Expand Down Expand Up @@ -2031,9 +2030,9 @@ def _handle_get_epp_alerts_details(self, param):
self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
action_result = self.add_action_result(ActionResult(dict(param)))

composite_ids = self.validate_comma_seperated_values(param.get("alert_ids"))
composite_ids = self.validate_comma_seperated_values(param.get(CROWDSTRIKE_ALERT_IDS))
if not composite_ids:
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="alert_ids"))
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_ALERT_IDS))

ret_val, response = self._make_rest_call_helper_oauth2(
action_result,
Expand Down Expand Up @@ -2101,32 +2100,32 @@ def _handle_update_epp_alerts(self, param):
self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
action_result = self.add_action_result(ActionResult(dict(param)))

composite_ids = self.validate_comma_seperated_values(param.get("alert_ids"))
composite_ids = self.validate_comma_seperated_values(param.get(CROWDSTRIKE_ALERT_IDS))
if not composite_ids:
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="alert_ids"))
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_ALERT_IDS))

data = {
"composite_ids": composite_ids,
"action_parameters": []
}

show_in_ui = param.get("show_in_ui")
show_in_ui = param.get(CROWDSTRIKE_SHOW_IN_UI)
if show_in_ui is not None:
data["action_parameters"].append({
"name": "show_in_ui",
"value": str(show_in_ui).lower()
})

status = param.get("status")
status = param.get(CROWDSTRIKE_STATUS)
if status:
if status not in CROWDSTRIKE_EPP_ALERT_STATUSES:
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key="status"))
return action_result.set_status(phantom.APP_ERROR, CROWDSTRIKE_ERROR_INVALID_ACTION_PARAM.format(key=CROWDSTRIKE_STATUS))
data["action_parameters"].append({
"name": "update_status",
"value": status
})

assigned_to_user = param.get("assigned_to_user")
assigned_to_user = param.get(CROWDSTRIKE_ASSIGNED_TO_USER)
unassign = param.get("unassign", False)

if unassign:
Expand All @@ -2147,7 +2146,7 @@ def _handle_update_epp_alerts(self, param):
"value": assigned_to_user
})

add_tags = param.get("add_tags")
add_tags = param.get(CROWDSTRIKE_ADD_TAGS)
if add_tags:
tags = [tag.strip() for tag in add_tags.split(",")]
for tag in tags:
Expand All @@ -2157,7 +2156,7 @@ def _handle_update_epp_alerts(self, param):
"value": tag
})

remove_tags = param.get("remove_tags")
remove_tags = param.get(CROWDSTRIKE_REMOVE_TAGS)
if remove_tags:
tags = [tag.strip() for tag in remove_tags.split(",")]
for tag in tags:
Expand All @@ -2167,14 +2166,14 @@ def _handle_update_epp_alerts(self, param):
"value": tag
})

remove_tags_prefix = param.get("remove_tags_by_prefix")
remove_tags_prefix = param.get(CROWDSTRIKE_REMOVE_TAGS_BY_PREFIX)
if remove_tags_prefix:
data["action_parameters"].append({
"name": "remove_tags_by_prefix",
"value": remove_tags_prefix.strip()
})

comment = param.get("comment")
comment = param.get(CROWDSTRIKE_COMMENT)
if comment:
data["action_parameters"].append({
"name": "append_comment",
Expand Down
10 changes: 9 additions & 1 deletion crowdstrikeoauthapi_consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,15 @@
CROWDSTRIKE_JSON_LIST_IOC = "indicator_value"
CROWDSTRIKE_POLL_INTERVAL = "detonate_timeout"
CROWDSTRIKE_RESOURCE_ID = "resource_id"

CROWDSTRIKE_ALERT_IDS = "alert_ids"
CROWDSTRIKE_STATUS = "status"
CROWDSTRIKE_COMMENT = "comment"
CROWDSTRIKE_ASSIGNED_TO_USER = "assigned_to_user"
CROWDSTRIKE_UNASSIGN = "unassign"
CROWDSTRIKE_SHOW_IN_UI = "show_in_ui"
CROWDSTRIKE_ADD_TAGS = "add_tags"
CROWDSTRIKE_REMOVE_TAGS = "remove_tags"
CROWDSTRIKE_REMOVE_TAGS_BY_PREFIX = "remove_tags_by_prefix"
# general parameters
CROWDSTRIKE_FILTER = "filter"
CROWDSTRIKE_INCLUDE_HIDDEN = "include_hidden"
Expand Down

0 comments on commit 624630a

Please sign in to comment.