[Microsoft Defender for Endpoint]: Fix bug be able to use different o…

…perators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review
demisto · Oct 30, 2023 · 6dda162 · 6dda162
1 parent 627a265
commit 6dda162
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 6 deletions.
diff --git a/...ns/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py b/...ns/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py
@@ -2918,6 +2918,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict):
     machine_id = remove_duplicates_from_list_arg(args, 'machine_id')
     type = args.get('type', '')
     requestor = args.get('requestor', '')
+    filters = args.get('filters', '')
     limit = arg_to_number(args.get('limit', 50))
     if action_id:
         for index in range(3):
@@ -2943,7 +2944,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict):
             'type': type,
             'requestor': requestor
         }
-        filter_req = reformat_filter_with_list_arg(fields_to_filter_by, "machineId")
+        filter_req = filters or reformat_filter_with_list_arg(fields_to_filter_by, "machineId")
         response = client.get_machine_actions(filter_req, limit)
         machine_actions_list = []
         for machine_action in response['value']:

diff --git a/...s/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml b/...s/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml
@@ -1284,6 +1284,8 @@ script:
     - deprecated: true
       description: Flag for the rate limit retry.
       name: ran_once_flag
+    - name: filters
+      description: String representation of filters (Override every other filters).
     description: |-
       Return the machine's actions. If you set an action ID, it returns the info on the specific action.
       Filtering can be done only on one argument.
@@ -1495,7 +1497,7 @@ script:
       name: machine_id
       required: true
     - description: |-
-        The file SHA1 hash to stop and quarantine on the machine. 
+        The file SHA1 hash to stop and quarantine on the machine.
         When providing multiple values, each value is checked for the same machine_id.
       isArray: true
       name: file_hash
@@ -5532,7 +5534,7 @@ script:
     execution: false
     name: microsoft-atp-auth-reset
     arguments: []
-  dockerimage: demisto/crypto:1.0.0.79207
+  dockerimage: demisto/crypto:1.0.0.79610
   isfetch: true
   runonce: false
   script: '-'

diff --git a/...reatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md b/...reatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md
@@ -1683,6 +1683,7 @@ Machine.ReadWrite.All
 | type | The machine action type. Possible values are: RunAntiVirusScan, Offboard, CollectInvestigationPackage, Isolate, Unisolate, StopAndQuarantineFile, RestrictCodeExecution, UnrestrictCodeExecution. | Optional | 
 | requestor | The ID of the user that executed the action, only one can be added. | Optional | 
 | limit | The maximum number of machines to return. Default is 50. | Optional | 
+| filters | String representation of filters (Override every other filters). | Optional | 
 
 #### Context Output
 
@@ -7172,4 +7173,4 @@ There are no input arguments for this command.
 
 #### Context Output
 
-There is no context output for this command.
+There is no context output for this command.
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md
@@ -0,0 +1,4 @@
+#### Integrations
+##### Microsoft Defender for Endpoint
+- Added the *filters* argument to the ***microsoft-atp-list-machine-actions-details*** command.
+- Updated the Docker image to: *demisto/crypto:1.0.0.79610*.
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Defender for Endpoint",
     "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.",
     "support": "xsoar",
-    "currentVersion": "1.16.15",
+    "currentVersion": "1.16.16",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -66,4 +66,4 @@
         "CommonPlaybooks",
         "CommonTypes"
     ]
-}
+}