diff --git a/Packs/Reco/Integrations/Reco/Reco.py b/Packs/Reco/Integrations/Reco/Reco.py index 14e26c830785..81ca09c6ff21 100644 --- a/Packs/Reco/Integrations/Reco/Reco.py +++ b/Packs/Reco/Integrations/Reco/Reco.py @@ -696,11 +696,11 @@ def validate_api_key(self) -> str: invalid_token_string = "Invalid token" try: response = self._http_request( - method="POST", - url_suffix="/incident-tables/tables", + method="GET", + url_suffix="/data-sources", timeout=RECO_API_TIMEOUT_IN_SECONDS, ) - if response.get("listTablesResponse") is None: + if response.get("dataSources") is None: demisto.info(f"got bad response, {response}") else: demisto.info(f"got good response, {response}") @@ -1066,18 +1066,21 @@ def fetch_incidents( ) -> Tuple[Dict[str, Any], List[Dict[str, Any]]]: demisto.info(f"fetch-incidents called {max_fetch=}") next_run = {} + incidents = [] last_run_time = last_run.get("lastRun", None) if last_run_time is not None: after = dateutil.parser.parse(last_run_time) - incidents_raw = reco_client.get_incidents( - risk_level=risk_level, - source=source, - before=before, - after=after, - limit=max_fetch, - ) - incidents = parse_incidents_objects(reco_client, incidents_raw) + try: + incidents_raw = reco_client.get_incidents(risk_level=risk_level, + source=source, + before=before, + after=after, + limit=max_fetch) + incidents = parse_incidents_objects(reco_client, incidents_raw) + except Exception as e: + demisto.info(f"Error fetching incidents: {e}") + alerts = get_alerts(reco_client, risk_level, source, before, after, max_fetch) alerts_as_incidents = parse_alerts_to_incidents(alerts) incidents.extend(alerts_as_incidents) diff --git a/Packs/Reco/Integrations/Reco/Reco.yml b/Packs/Reco/Integrations/Reco/Reco.yml index 0e34ceef0c0b..0921194cf836 100644 --- a/Packs/Reco/Integrations/Reco/Reco.yml +++ b/Packs/Reco/Integrations/Reco/Reco.yml @@ -65,7 +65,7 @@ description: Reco is a Saas data security solution that protects your data from display: Reco name: Reco script: - dockerimage: demisto/python3:3.10.11.61265 + dockerimage: demisto/python3:3.10.12.63474 feed: false isfetch: true longRunning: false diff --git a/Packs/Reco/Integrations/Reco/Reco_test.py b/Packs/Reco/Integrations/Reco/Reco_test.py index 35edcbe1c079..3020d3cf5776 100644 --- a/Packs/Reco/Integrations/Reco/Reco_test.py +++ b/Packs/Reco/Integrations/Reco/Reco_test.py @@ -345,9 +345,9 @@ def get_mock_assets() -> List[Dict[str, Any]]: def test_test_module_success(requests_mock, reco_client: RecoClient) -> None: - mock_response = {"listTablesResponse": {"tablesMetadata": [{"name": "table1"}]}} - requests_mock.post( - f"{DUMMY_RECO_API_DNS_NAME}/incident-tables/tables", json=mock_response + mock_response = {"dataSources": {"tablesMetadata": [{"name": "table1"}]}} + requests_mock.get( + f"{DUMMY_RECO_API_DNS_NAME}/data-sources", json=mock_response ) res = reco_client.validate_api_key() diff --git a/Packs/Reco/ReleaseNotes/1_1_3.md b/Packs/Reco/ReleaseNotes/1_1_3.md new file mode 100644 index 000000000000..cdacae7d96f5 --- /dev/null +++ b/Packs/Reco/ReleaseNotes/1_1_3.md @@ -0,0 +1,8 @@ + +#### Integrations + +##### Reco + +- Change validate api key endpoint +- Fixed the fetch incidents to use try except for safety. +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Reco/pack_metadata.json b/Packs/Reco/pack_metadata.json index 35f3844834cb..75ae8ded0701 100644 --- a/Packs/Reco/pack_metadata.json +++ b/Packs/Reco/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Reco", "description": "Reco - detects and protects against sensitive data leakage", "support": "partner", - "currentVersion": "1.1.2", + "currentVersion": "1.1.3", "author": "Reco", "url": "https://reco.ai", "email": "support@reco.ai",