From c3e33aa6c53685d9ed17c99ff006c4e6caffbf26 Mon Sep 17 00:00:00 2001 From: Gal Nakash Date: Mon, 26 Jun 2023 16:23:46 +0300 Subject: [PATCH 1/5] Packs/Reco: fix validate_api_key Signed-off-by: Gal Nakash --- Packs/Reco/Integrations/Reco/Reco.py | 25 +++++++++++++---------- Packs/Reco/Integrations/Reco/Reco_test.py | 6 +++--- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/Packs/Reco/Integrations/Reco/Reco.py b/Packs/Reco/Integrations/Reco/Reco.py index 14e26c830785..81ca09c6ff21 100644 --- a/Packs/Reco/Integrations/Reco/Reco.py +++ b/Packs/Reco/Integrations/Reco/Reco.py @@ -696,11 +696,11 @@ def validate_api_key(self) -> str: invalid_token_string = "Invalid token" try: response = self._http_request( - method="POST", - url_suffix="/incident-tables/tables", + method="GET", + url_suffix="/data-sources", timeout=RECO_API_TIMEOUT_IN_SECONDS, ) - if response.get("listTablesResponse") is None: + if response.get("dataSources") is None: demisto.info(f"got bad response, {response}") else: demisto.info(f"got good response, {response}") @@ -1066,18 +1066,21 @@ def fetch_incidents( ) -> Tuple[Dict[str, Any], List[Dict[str, Any]]]: demisto.info(f"fetch-incidents called {max_fetch=}") next_run = {} + incidents = [] last_run_time = last_run.get("lastRun", None) if last_run_time is not None: after = dateutil.parser.parse(last_run_time) - incidents_raw = reco_client.get_incidents( - risk_level=risk_level, - source=source, - before=before, - after=after, - limit=max_fetch, - ) - incidents = parse_incidents_objects(reco_client, incidents_raw) + try: + incidents_raw = reco_client.get_incidents(risk_level=risk_level, + source=source, + before=before, + after=after, + limit=max_fetch) + incidents = parse_incidents_objects(reco_client, incidents_raw) + except Exception as e: + demisto.info(f"Error fetching incidents: {e}") + alerts = get_alerts(reco_client, risk_level, source, before, after, max_fetch) alerts_as_incidents = parse_alerts_to_incidents(alerts) incidents.extend(alerts_as_incidents) diff --git a/Packs/Reco/Integrations/Reco/Reco_test.py b/Packs/Reco/Integrations/Reco/Reco_test.py index 35edcbe1c079..3020d3cf5776 100644 --- a/Packs/Reco/Integrations/Reco/Reco_test.py +++ b/Packs/Reco/Integrations/Reco/Reco_test.py @@ -345,9 +345,9 @@ def get_mock_assets() -> List[Dict[str, Any]]: def test_test_module_success(requests_mock, reco_client: RecoClient) -> None: - mock_response = {"listTablesResponse": {"tablesMetadata": [{"name": "table1"}]}} - requests_mock.post( - f"{DUMMY_RECO_API_DNS_NAME}/incident-tables/tables", json=mock_response + mock_response = {"dataSources": {"tablesMetadata": [{"name": "table1"}]}} + requests_mock.get( + f"{DUMMY_RECO_API_DNS_NAME}/data-sources", json=mock_response ) res = reco_client.validate_api_key() From f5345282737ce37e6658c022902b390f55f23c29 Mon Sep 17 00:00:00 2001 From: Gal Nakash Date: Tue, 27 Jun 2023 15:41:05 +0300 Subject: [PATCH 2/5] update docker image --- Packs/Reco/Integrations/Reco/Reco.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Reco/Integrations/Reco/Reco.yml b/Packs/Reco/Integrations/Reco/Reco.yml index 0e34ceef0c0b..0921194cf836 100644 --- a/Packs/Reco/Integrations/Reco/Reco.yml +++ b/Packs/Reco/Integrations/Reco/Reco.yml @@ -65,7 +65,7 @@ description: Reco is a Saas data security solution that protects your data from display: Reco name: Reco script: - dockerimage: demisto/python3:3.10.11.61265 + dockerimage: demisto/python3:3.10.12.63474 feed: false isfetch: true longRunning: false From 41193f65dad1f4c3e3ad7cc83bb3318022efacab Mon Sep 17 00:00:00 2001 From: Gal Nakash Date: Tue, 27 Jun 2023 15:41:36 +0300 Subject: [PATCH 3/5] Packs/Reco: update docs Signed-off-by: Gal Nakash --- Packs/Reco/ReleaseNotes/1_1_3.md | 7 +++++++ Packs/Reco/pack_metadata.json | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 Packs/Reco/ReleaseNotes/1_1_3.md diff --git a/Packs/Reco/ReleaseNotes/1_1_3.md b/Packs/Reco/ReleaseNotes/1_1_3.md new file mode 100644 index 000000000000..6b2e1d980ef2 --- /dev/null +++ b/Packs/Reco/ReleaseNotes/1_1_3.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Reco + +- %%UPDATE_RN%% +- Updated the Docker image to: *demisto/python3:3.10.12.63474*. diff --git a/Packs/Reco/pack_metadata.json b/Packs/Reco/pack_metadata.json index 35f3844834cb..75ae8ded0701 100644 --- a/Packs/Reco/pack_metadata.json +++ b/Packs/Reco/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Reco", "description": "Reco - detects and protects against sensitive data leakage", "support": "partner", - "currentVersion": "1.1.2", + "currentVersion": "1.1.3", "author": "Reco", "url": "https://reco.ai", "email": "support@reco.ai", From e0312e328d743c5afcf44c428e4f32886659c74d Mon Sep 17 00:00:00 2001 From: Gal Nakash Date: Tue, 27 Jun 2023 15:42:35 +0300 Subject: [PATCH 4/5] Packs/Reco: update docs Signed-off-by: Gal Nakash --- Packs/Reco/ReleaseNotes/1_1_3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/Reco/ReleaseNotes/1_1_3.md b/Packs/Reco/ReleaseNotes/1_1_3.md index 6b2e1d980ef2..edf65840996e 100644 --- a/Packs/Reco/ReleaseNotes/1_1_3.md +++ b/Packs/Reco/ReleaseNotes/1_1_3.md @@ -3,5 +3,5 @@ ##### Reco -- %%UPDATE_RN%% +- Change validate api key endpoint - Updated the Docker image to: *demisto/python3:3.10.12.63474*. From f2b854cfd041c84699e6c2d377796b70043c0876 Mon Sep 17 00:00:00 2001 From: Gal Nakash Date: Tue, 27 Jun 2023 15:46:29 +0300 Subject: [PATCH 5/5] Packs/Reco: update docs Signed-off-by: Gal Nakash --- Packs/Reco/ReleaseNotes/1_1_3.md | 1 + 1 file changed, 1 insertion(+) diff --git a/Packs/Reco/ReleaseNotes/1_1_3.md b/Packs/Reco/ReleaseNotes/1_1_3.md index edf65840996e..cdacae7d96f5 100644 --- a/Packs/Reco/ReleaseNotes/1_1_3.md +++ b/Packs/Reco/ReleaseNotes/1_1_3.md @@ -4,4 +4,5 @@ ##### Reco - Change validate api key endpoint +- Fixed the fetch incidents to use try except for safety. - Updated the Docker image to: *demisto/python3:3.10.12.63474*.