From 0d468f7e56fbb6ecc327335253bcf0f8a963c0a6 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Sun, 2 Jul 2023 21:39:48 +0300 Subject: [PATCH 01/11] Added the timeout param --- .../CrowdStrikeFalcon/CrowdStrikeFalcon.py | 66 +++++++++++++------ .../CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 6 +- .../Integrations/CrowdStrikeFalcon/README.md | 24 +++---- 3 files changed, 65 insertions(+), 31 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index 21197c8ea5ea..67dc9c7320a8 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -745,12 +745,13 @@ def batch_refresh_session(batch_id: str) -> None: demisto.debug('Finished session refresh') -def run_batch_read_cmd(batch_id: str, command_type: str, full_command: str) -> Dict: +def run_batch_read_cmd(batch_id: str, command_type: str, full_command: str, timeout: int = 30) -> Dict: """ Sends RTR command scope with read access :param batch_id: Batch ID to execute the command on. :param command_type: Read-only command type we are going to execute, for example: ls or cd. :param full_command: Full command string for the command. + :param timeout: The timeout for the request. :return: Response JSON which contains errors (if exist) and retrieved resources """ endpoint_url = '/real-time-response/combined/batch-command/v1' @@ -760,17 +761,22 @@ def run_batch_read_cmd(batch_id: str, command_type: str, full_command: str) -> D 'batch_id': batch_id, 'command_string': full_command }) - response = http_request('POST', endpoint_url, data=body) + params = { + 'timeout': timeout + } + response = http_request('POST', endpoint_url, data=body, params=params, timeout=timeout) return response -def run_batch_write_cmd(batch_id: str, command_type: str, full_command: str, optional_hosts: list | None = None) -> Dict: +def run_batch_write_cmd(batch_id: str, command_type: str, full_command: str, optional_hosts: list | None = None, + timeout: int = 30) -> Dict: """ Sends RTR command scope with write access :param batch_id: Batch ID to execute the command on. :param command_type: Read-only command type we are going to execute, for example: ls or cd. :param full_command: Full command string for the command. :param optional_hosts: The hosts ids to run the command on. + :param timeout: The timeout for the request. :return: Response JSON which contains errors (if exist) and retrieved resources """ endpoint_url = '/real-time-response/combined/batch-active-responder-command/v1' @@ -780,11 +786,14 @@ def run_batch_write_cmd(batch_id: str, command_type: str, full_command: str, opt 'batch_id': batch_id, 'command_string': full_command } + params = { + 'timeout': timeout + } if optional_hosts: default_body['optional_hosts'] = optional_hosts # type:ignore body = json.dumps(default_body) - response = http_request('POST', endpoint_url, data=body) + response = http_request('POST', endpoint_url, data=body, timeout=timeout, params=params) return response @@ -814,7 +823,7 @@ def run_batch_admin_cmd(batch_id: str, command_type: str, full_command: str, tim default_body['optional_hosts'] = optional_hosts # type:ignore body = json.dumps(default_body) - response = http_request('POST', endpoint_url, data=body, params=params) + response = http_request('POST', endpoint_url, data=body, params=params, timeout=timeout) return response @@ -858,12 +867,15 @@ def status_get_cmd(request_id: str, timeout: int | None = None, timeout_duration return response -def run_single_read_cmd(host_id: str, command_type: str, full_command: str, queue_offline: bool) -> Dict: +def run_single_read_cmd(host_id: str, command_type: str, full_command: str, queue_offline: bool, + timeout: int = 30) -> Dict: """ Sends RTR command scope with read access :param host_id: Host agent ID to run RTR command on. :param command_type: Active-Responder command type we are going to execute, for example: get or cp. :param full_command: Full command string for the command. + :param queue_offline: Whether the command will run against an offline-queued session and be queued for execution when the host comes online. + :param timeout: The timeout for the request. :return: Response JSON which contains errors (if exist) and retrieved resources """ endpoint_url = '/real-time-response/entities/command/v1' @@ -874,16 +886,22 @@ def run_single_read_cmd(host_id: str, command_type: str, full_command: str, queu 'command_string': full_command, 'session_id': session_id }) - response = http_request('POST', endpoint_url, data=body) + params = { + 'timeout': timeout + } + response = http_request('POST', endpoint_url, data=body, timeout=timeout, params=params) return response -def run_single_write_cmd(host_id: str, command_type: str, full_command: str, queue_offline: bool) -> Dict: +def run_single_write_cmd(host_id: str, command_type: str, full_command: str, queue_offline: bool, + timeout: int = 30) -> Dict: """ Sends RTR command scope with write access :param host_id: Host agent ID to run RTR command on. :param command_type: Active-Responder command type we are going to execute, for example: get or cp. :param full_command: Full command string for the command. + :param queue_offline: Whether the command will run against an offline-queued session and be queued for execution when the host comes online. + :param timeout: The timeout for the request. :return: Response JSON which contains errors (if exist) and retrieved resources """ endpoint_url = '/real-time-response/entities/active-responder-command/v1' @@ -893,16 +911,22 @@ def run_single_write_cmd(host_id: str, command_type: str, full_command: str, que 'command_string': full_command, 'session_id': session_id }) - response = http_request('POST', endpoint_url, data=body) + params = { + 'timeout': timeout + } + response = http_request('POST', endpoint_url, data=body, timeout=timeout, params=params) return response -def run_single_admin_cmd(host_id: str, command_type: str, full_command: str, queue_offline: bool) -> Dict: +def run_single_admin_cmd(host_id: str, command_type: str, full_command: str, queue_offline: bool, + timeout: int = 30) -> Dict: """ Sends RTR command scope with admin access :param host_id: Host agent ID to run RTR command on. :param command_type: Active-Responder command type we are going to execute, for example: get or cp. :param full_command: Full command string for the command. + :param queue_offline: Whether the command will run against an offline-queued session and be queued for execution when the host comes online. + :param timeout: The timeout for the request. :return: Response JSON which contains errors (if exist) and retrieved resources """ endpoint_url = '/real-time-response/entities/admin-command/v1' @@ -913,7 +937,10 @@ def run_single_admin_cmd(host_id: str, command_type: str, full_command: str, que 'command_string': full_command, 'session_id': session_id }) - response = http_request('POST', endpoint_url, data=body) + params = { + 'timeout': timeout + } + response = http_request('POST', endpoint_url, data=body, timeout=timeout, params=params) return response @@ -3020,6 +3047,7 @@ def run_command(): full_command = args.get('full_command') scope = args.get('scope', 'read') target = args.get('target', 'batch') + timeout = int(args.get('timeout', 180)) offline = argToBoolean(args.get('queue_offline', False)) @@ -3031,11 +3059,11 @@ def run_command(): timer.start() try: if scope == 'read': - response = run_batch_read_cmd(batch_id, command_type, full_command) + response = run_batch_read_cmd(batch_id, command_type, full_command, timeout) elif scope == 'write': - response = run_batch_write_cmd(batch_id, command_type, full_command) + response = run_batch_write_cmd(batch_id, command_type, full_command, timeout) else: # scope = admin - response = run_batch_admin_cmd(batch_id, command_type, full_command) + response = run_batch_admin_cmd(batch_id, command_type, full_command, timeout) finally: timer.cancel() @@ -3068,11 +3096,11 @@ def run_command(): responses = [] for host_id in host_ids: if scope == 'read': - response1 = run_single_read_cmd(host_id, command_type, full_command, offline) + response1 = run_single_read_cmd(host_id, command_type, full_command, offline, timeout) elif scope == 'write': - response1 = run_single_write_cmd(host_id, command_type, full_command, offline) + response1 = run_single_write_cmd(host_id, command_type, full_command, offline, timeout) else: # scope = admin - response1 = run_single_admin_cmd(host_id, command_type, full_command, offline) + response1 = run_single_admin_cmd(host_id, command_type, full_command, offline, timeout) responses.append(response1) for resource in response1.get('resources', []): @@ -3885,7 +3913,7 @@ def upload_batch_custom_ioc_command( return entry_objects_list -def test_module(): +def mtest_module(): try: get_token(new_token=True) except ValueError: @@ -5185,7 +5213,7 @@ def main(): args = demisto.args() try: if command == 'test-module': - result = test_module() + result = mtest_module() return_results(result) elif command == 'fetch-incidents': demisto.incidents(fetch_incidents()) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 34d672ceaf13..8ea486ab5a94 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -423,6 +423,10 @@ script: - read - write - admin + - name: timeout + description: The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. + defaultValue: "180" + type: unknown - auto: PREDEFINED defaultValue: batch description: 'The target to run the command for. Possible values are: "single" and "batch".' @@ -445,7 +449,7 @@ script: - contextPath: CrowdStrike.Command.Stderr description: The standard error of the command. type: String - - contextPath: CrowdStrike.Command.BaseCommand + - contextPath: CrowdStrike.Command.BaseCommandÆ’ description: The base command. type: String - contextPath: CrowdStrike.Command.FullCommand diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index f4293a986b02..02d0c9e497b6 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -508,14 +508,15 @@ Sends commands to hosts. #### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| host_ids | A comma-separated list of host agent IDs for which to run commands. (Can be retrieved by running the 'cs-falcon-search-device' command.) | Required | -| command_type | The type of command to run. | Required | -| full_command | The full command to run. | Required | -| scope | The scope for which to run the command. Possible values are: "read", "write", and "admin". Default is "read". (NOTE: In order to run the CrowdStrike RTR `put` command, it is necessary to pass `scope=admin`.) | Optional | -| target | The target for which to run the command. Possible values are: "single" and "batch". Default is "batch". | Optional | -| queue_offline | Any commands run against an offline-queued session will be queued up and executed when the host comes online. | Optional | +| **Argument Name** | **Description** | **Required** | +|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --- | +| host_ids | A comma-separated list of host agent IDs for which to run commands. (Can be retrieved by running the 'cs-falcon-search-device' command.) | Required | +| command_type | The type of command to run. | Required | +| full_command | The full command to run. | Required | +| scope | The scope for which to run the command. Possible values are: "read", "write", and "admin". Default is "read". (NOTE: In order to run the CrowdStrike RTR `put` command, it is necessary to pass `scope=admin`.) | Optional | +| target | The target for which to run the command. Possible values are: "single" and "batch". Default is "batch". | Optional | +| queue_offline | Any commands run against an offline-queued session will be queued up and executed when the host comes online. | Optional | +| timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | #### Context Output @@ -3678,9 +3679,10 @@ Uploads a batch of indicators. #### Input -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| multiple_indicators_json | A JSON object with list of CS Falcon indicators to upload. | Required | +| **Argument Name** | **Description** | **Required** | +|--------------------------| --- |--------------| +| multiple_indicators_json | A JSON object with list of CS Falcon indicators to upload. | Required | +| timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | #### Context Output From d79c6b0c81661451220acffa52fa8afa05e055cd Mon Sep 17 00:00:00 2001 From: gal-forer Date: Sun, 2 Jul 2023 21:41:20 +0300 Subject: [PATCH 02/11] Added the timeout param --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 8ea486ab5a94..94f3a7e61969 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -449,7 +449,7 @@ script: - contextPath: CrowdStrike.Command.Stderr description: The standard error of the command. type: String - - contextPath: CrowdStrike.Command.BaseCommandÆ’ + - contextPath: CrowdStrike.Command.BaseCommand description: The base command. type: String - contextPath: CrowdStrike.Command.FullCommand From 3acee4c10aea0c8a9b47e2d3f05adbdbc21361b2 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Sun, 2 Jul 2023 21:42:02 +0300 Subject: [PATCH 03/11] Added the timeout param --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index 67dc9c7320a8..9788b27ae9a2 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -3913,7 +3913,7 @@ def upload_batch_custom_ioc_command( return entry_objects_list -def mtest_module(): +def test_module(): try: get_token(new_token=True) except ValueError: @@ -5213,7 +5213,7 @@ def main(): args = demisto.args() try: if command == 'test-module': - result = mtest_module() + result = test_module() return_results(result) elif command == 'fetch-incidents': demisto.incidents(fetch_incidents()) From 47b93fe04a8ebaa6be225258e2235454483e11da Mon Sep 17 00:00:00 2001 From: gal-forer Date: Sun, 2 Jul 2023 21:48:34 +0300 Subject: [PATCH 04/11] Release notes --- Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md | 6 ++++++ Packs/CrowdStrikeFalcon/pack_metadata.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md new file mode 100644 index 000000000000..260b6c2fce63 --- /dev/null +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CrowdStrike Falcon + +- Added the timeout parameter to **cs-falcon-run-command** command. diff --git a/Packs/CrowdStrikeFalcon/pack_metadata.json b/Packs/CrowdStrikeFalcon/pack_metadata.json index 3e03f3859366..3bc2dca3b901 100644 --- a/Packs/CrowdStrikeFalcon/pack_metadata.json +++ b/Packs/CrowdStrikeFalcon/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon", "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.", "support": "xsoar", - "currentVersion": "1.10.29", + "currentVersion": "1.10.30", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", From cb1999bf58526af14af0c930b32404ed05591b27 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Sun, 2 Jul 2023 21:49:01 +0300 Subject: [PATCH 05/11] Release notes --- Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md index 260b6c2fce63..9a71be0ef9bd 100644 --- a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_10_30.md @@ -3,4 +3,4 @@ ##### CrowdStrike Falcon -- Added the timeout parameter to **cs-falcon-run-command** command. +- Added the timeout argument to **cs-falcon-run-command** command. From a3d1b4601d50ac898afbaac377bc3c53bd73a384 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Wed, 5 Jul 2023 19:24:35 +0300 Subject: [PATCH 06/11] Fix conflicts --- .../Integrations/CrowdStrikeFalcon/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index 02d0c9e497b6..0f8ee9c17b5a 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -508,8 +508,8 @@ Sends commands to hosts. #### Input -| **Argument Name** | **Description** | **Required** | -|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| --- | +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | | host_ids | A comma-separated list of host agent IDs for which to run commands. (Can be retrieved by running the 'cs-falcon-search-device' command.) | Required | | command_type | The type of command to run. | Required | | full_command | The full command to run. | Required | From 729a6c3fcd4ccf8a705ba5a73c959b7989f40bf5 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Wed, 5 Jul 2023 19:26:43 +0300 Subject: [PATCH 07/11] Fix conflicts --- .../Integrations/CrowdStrikeFalcon/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index 0f8ee9c17b5a..60a91bf8dd5a 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -510,13 +510,13 @@ Sends commands to hosts. | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| host_ids | A comma-separated list of host agent IDs for which to run commands. (Can be retrieved by running the 'cs-falcon-search-device' command.) | Required | -| command_type | The type of command to run. | Required | -| full_command | The full command to run. | Required | -| scope | The scope for which to run the command. Possible values are: "read", "write", and "admin". Default is "read". (NOTE: In order to run the CrowdStrike RTR `put` command, it is necessary to pass `scope=admin`.) | Optional | -| target | The target for which to run the command. Possible values are: "single" and "batch". Default is "batch". | Optional | -| queue_offline | Any commands run against an offline-queued session will be queued up and executed when the host comes online. | Optional | -| timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | +| host_ids | A comma-separated list of host agent IDs for which to run commands. (Can be retrieved by running the 'cs-falcon-search-device' command.) | Required | +| command_type | The type of command to run. | Required | +| full_command | The full command to run. | Required | +| scope | The scope for which to run the command. Possible values are: "read", "write", and "admin". Default is "read". (NOTE: In order to run the CrowdStrike RTR `put` command, it is necessary to pass `scope=admin`.) | Optional | +| target | The target for which to run the command. Possible values are: "single" and "batch". Default is "batch". | Optional | +| queue_offline | Any commands run against an offline-queued session will be queued up and executed when the host comes online. | Optional | +| timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | #### Context Output From 5049f53451c79101935078ccdf5262ab3e058e33 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Wed, 5 Jul 2023 19:28:21 +0300 Subject: [PATCH 08/11] Fix conflicts --- .../Integrations/CrowdStrikeFalcon/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index 60a91bf8dd5a..3284f4f767e0 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -3680,9 +3680,9 @@ Uploads a batch of indicators. #### Input | **Argument Name** | **Description** | **Required** | -|--------------------------| --- |--------------| -| multiple_indicators_json | A JSON object with list of CS Falcon indicators to upload. | Required | -| timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | +| --- | --- | --- | +| multiple_indicators_json | A JSON object with list of CS Falcon indicators to upload. | Required | +| timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | #### Context Output From 5b0d0c9c42b4636f844244750ba7d177dd27169f Mon Sep 17 00:00:00 2001 From: gal-forer Date: Wed, 5 Jul 2023 19:28:57 +0300 Subject: [PATCH 09/11] Fix conflicts --- .../CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md index 3284f4f767e0..c89413edd036 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/README.md @@ -3679,7 +3679,7 @@ Uploads a batch of indicators. #### Input -| **Argument Name** | **Description** | **Required** | +| **Argument Name** | **Description** | **Required** | | --- | --- | --- | | multiple_indicators_json | A JSON object with list of CS Falcon indicators to upload. | Required | | timeout | The amount of time (in seconds) that a request will wait for a client to establish a connection to a remote machine before a timeout occurs. | Optional | From 15a77f52a9c50bcc506b7b0be1fa37f490252da1 Mon Sep 17 00:00:00 2001 From: gal-forer Date: Wed, 5 Jul 2023 20:22:29 +0300 Subject: [PATCH 10/11] Fix conflicts --- .../CrowdStrikeFalcon/CrowdStrikeFalcon.py | 10 +++++----- Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index a888f26fe436..997ad6a138ca 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -3059,11 +3059,11 @@ def run_command(): timer.start() try: if scope == 'read': - response = run_batch_read_cmd(batch_id, command_type, full_command, timeout) + response = run_batch_read_cmd(batch_id, command_type, full_command, timeout=timeout) elif scope == 'write': response = run_batch_write_cmd(batch_id, command_type, full_command, timeout=timeout) else: # scope = admin - response = run_batch_admin_cmd(batch_id, command_type, full_command, timeout) + response = run_batch_admin_cmd(batch_id, command_type, full_command, timeout=timeout) finally: timer.cancel() @@ -3096,11 +3096,11 @@ def run_command(): responses = [] for host_id in host_ids: if scope == 'read': - response1 = run_single_read_cmd(host_id, command_type, full_command, offline, timeout) + response1 = run_single_read_cmd(host_id, command_type, full_command, offline, timeout=timeout) elif scope == 'write': - response1 = run_single_write_cmd(host_id, command_type, full_command, offline, timeout) + response1 = run_single_write_cmd(host_id, command_type, full_command, offline, timeout=timeout) else: # scope = admin - response1 = run_single_admin_cmd(host_id, command_type, full_command, offline, timeout) + response1 = run_single_admin_cmd(host_id, command_type, full_command, offline, timeout=timeout) responses.append(response1) for resource in response1.get('resources', []): diff --git a/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py b/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py index 429b10881026..826b98e12dc2 100644 --- a/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py +++ b/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py @@ -194,7 +194,7 @@ def generate_bind_vars(bind_variables_names: str, bind_variables_values: str) -> raise Exception("The bind variables lists are not is the same length") -def test_module(client: Client, *_) -> Tuple[str, Dict[Any, Any], List[Any]]: +def mtest_module(client: Client, *_) -> Tuple[str, Dict[Any, Any], List[Any]]: """ If the connection in the client was successful the test will return OK if it wasn't an exception will be raised @@ -537,7 +537,7 @@ def main(): ssl_connect=ssl_connect, use_pool=use_pool, verify_certificate=verify_certificate, pool_ttl=pool_ttl) commands: Dict[str, Callable[[Client, Dict[str, str], str], Tuple[str, Dict[Any, Any], List[Any]]]] = { - 'test-module': test_module, + 'test-module': mtest_module, 'query': sql_query_execute, 'pgsql-query': sql_query_execute, 'sql-command': sql_query_execute From 0b9de9a460ea1f341771292faba94c0ccb39018a Mon Sep 17 00:00:00 2001 From: gal-forer Date: Wed, 5 Jul 2023 20:23:08 +0300 Subject: [PATCH 11/11] Fix conflicts --- Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py b/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py index 826b98e12dc2..429b10881026 100644 --- a/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py +++ b/Packs/GenericSQL/Integrations/GenericSQL/GenericSQL.py @@ -194,7 +194,7 @@ def generate_bind_vars(bind_variables_names: str, bind_variables_values: str) -> raise Exception("The bind variables lists are not is the same length") -def mtest_module(client: Client, *_) -> Tuple[str, Dict[Any, Any], List[Any]]: +def test_module(client: Client, *_) -> Tuple[str, Dict[Any, Any], List[Any]]: """ If the connection in the client was successful the test will return OK if it wasn't an exception will be raised @@ -537,7 +537,7 @@ def main(): ssl_connect=ssl_connect, use_pool=use_pool, verify_certificate=verify_certificate, pool_ttl=pool_ttl) commands: Dict[str, Callable[[Client, Dict[str, str], str], Tuple[str, Dict[Any, Any], List[Any]]]] = { - 'test-module': mtest_module, + 'test-module': test_module, 'query': sql_query_execute, 'pgsql-query': sql_query_execute, 'sql-command': sql_query_execute