[ BUG ] [ DOC ] NGSIEM API Usage is incorrect

[JCKelley-CYBR]

Documentation page topic
https://www.falconpy.io/Service-Collections/NGSIEM.html?highlight=StartSearch#startsearchv1

Describe the error or typo
Two issues with this page, the first is the doc indicates the only necessary parameter to interact with StartSearchV1 is repository. Which based on the implementation and test cases appears to be incorrect as it is required in the source code:

Link:

falconpy/src/falconpy/ngsiem.py

Line 310 in 2bc405e

else:

        else:
            returned = generate_error_result("You must provide a repository and search "
                                             "argument in order to use this operation."
                                             )

Test case:

falconpy/tests/test_ngsiem.py

Line 47 in 2bc405e

"StartSearchV1": falcon.start_search(repository="search-all", search=test_search),

    def run_all_tests(self):
        test_search = {
            "showQueryEventDistribution" : True,
            "isLive" : False,
            "start" : "1d",
            "queryString" : "#event_simpleName=*"
            }
...
            "StartSearchV1": falcon.start_search(repository="search-all", search=test_search),

The second issue is with GetSearchStatusV1, its a similar issue, the documentation appears to indicate the required parameter for polling the API for results is id, however, it appears the proper parameter is search_id.

Documentation Link: https://www.falconpy.io/Service-Collections/NGSIEM.html?highlight=StartSearch#getsearchstatusv1

Link:

falconpy/src/falconpy/ngsiem.py

Line 317 in 2bc405e

def get_search_status(self: object,

        Keyword arguments:
        repository -- Name of repository. String.
        search_id -- ID of query. String.

Test case: https://github.com/CrowdStrike/falconpy/blob/2bc405e6610d822d991cc2253b00b8ba85c11b40/tests/test_ngsiem.py#L59C13-L59C105

            "GetSearchStatusV1": falcon.get_search_status(repository="search-all", search_id=search_id),

Documentation repository:

• GitHub Wiki
• falconpy.io
• Source code - docstring

Additional context
Add any other context about the problem here.

Final issue, it appears APIHarnessV2 doesn't work at all even when provided the proper parameters. However, I would need more time digging in the source code to figure out why.

[jshcodes]

Hi @JCKelley-CYBR -

This issue identifies a few problems:

• Payload handling was not properly implemented for StartSearchV1.
• The id keyword argument was incorrectly handled for GetSearchResultsV1.
• Documentation was incorrect, and will need to be updated to reflect changes implemented to address the first two issues.

Fixes have been developed to address the payload and argument handling issues and will be included as part of the 1.4.8 version release.

• This new version will still support the search keyword when using the StartSearchV1 operation, and will now also accept the body keyword as well as individual keyword arguments for developers wanting to use full abstraction.
• The GetSearchResultsV1 operation will allow the use of either search_id or id to specify the search results to retrieve.

This ticket will be closed once the new version has released and documentation has been updated to reflect the changes.

Thank you for reporting these issues! 🙇