[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30481

ghost · 2023-10-27T14:27:50Z

Contributing to Cortex XSOAR Content

Make sure to register your contribution by filling the contribution registration form

The Pull Request will be reviewed only after the contribution registration form is filled.

Status

In Progress
Ready
In Hold - (Reason for hold)

Related Issues

fixes: link to the issue

Description

When using the command microsoft-atp-list-machine-actions-details the string representing the filter that will be pass to the api are made with only AND and eq operator (using the fonction reformat_filter).

To be able to filter on the field creationDateTimeUtc we need different operator like ge, le, gt, lt. To avoid changing multiple fonctions, I've added the filters argument to be able to pass custom filter made by the user. It gives the possibility to filter on the field creationDateTimeUtc and the possibility to use the OR operator in the string representing the filter that will be pass to the api.

Here is an example of the command:
!microsoft-atp-list-machine-actions-details filters="(type eq 'Isolate' or type eq 'Unisolate') and creationDateTimeUtc ge 2023-10-20T12:00:57.1234Z"

Must have

Tests
Documentation

content-bot · 2023-10-27T14:30:55Z

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @MosheEichler will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

content-bot · 2023-10-27T14:30:56Z

Hi @pl-brault, thanks for contributing to a Cortex XSOAR supported pack. To receive credit for your generous contribution please follow this link.

MosheEichler

Hi @pl-brault,
Thank you for your contribution!
Good work :)

Plesae see my comments.

Please feel free to reach out to me with any questions - I'm available here or on slack :)
Thanks again

...tions/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py

...ions/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml

Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md

ShirleyDenkberg · 2023-10-29T06:16:00Z

@MosheEichler Doc review completed.

…perators in filter (#30513) * [Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed UT --------- Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * docker * conflicts --------- Co-authored-by: pl-brault <143391737+pl-brault@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com>

content-bot added Contribution Thank you! Contributions are always welcome! External PR Xsoar Support Level Indicates that the contribution is for XSOAR supported pack labels Oct 27, 2023

content-bot changed the base branch from master to contrib/pl-brault_plb-mde-bug October 27, 2023 14:30

content-bot assigned MosheEichler Oct 27, 2023

content-bot requested a review from MosheEichler October 27, 2023 14:30

ghost force-pushed the plb-mde-bug branch from 2d36e8d to 704533a Compare October 27, 2023 14:47

Pierre Louis BRAULT added 2 commits October 27, 2023 17:14

Fix: add filter arg to be able to filter on the date

439fb9d

update realase note after rebase

9a752f4

ghost force-pushed the plb-mde-bug branch from 704533a to 9a752f4 Compare October 27, 2023 15:18

content-bot added Community Contribution Form Filled Whether contribution form filled or not. labels Oct 27, 2023

ghost marked this pull request as ready for review October 27, 2023 15:41

MosheEichler reviewed Oct 28, 2023

View reviewed changes

MosheEichler assigned ShirleyDenkberg Oct 28, 2023

ShirleyDenkberg added the docs-approved label Oct 29, 2023

applying changes after review

0b374b6

MosheEichler approved these changes Oct 30, 2023

View reviewed changes

MosheEichler merged commit 6dda162 into demisto:contrib/pl-brault_plb-mde-bug Oct 30, 2023
9 of 11 checks passed

content-bot mentioned this pull request Oct 30, 2023

[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30513

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30481

[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30481

ghost commented Oct 27, 2023 •

edited by ghost

Loading

content-bot commented Oct 27, 2023

content-bot commented Oct 27, 2023

MosheEichler left a comment

ShirleyDenkberg commented Oct 29, 2023

[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30481

[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30481

Conversation

ghost commented Oct 27, 2023 • edited by ghost Loading

Contributing to Cortex XSOAR Content

Status

Related Issues

Description

Must have

content-bot commented Oct 27, 2023

content-bot commented Oct 27, 2023

MosheEichler left a comment

Choose a reason for hiding this comment

ShirleyDenkberg commented Oct 29, 2023

ghost commented Oct 27, 2023 •

edited by ghost

Loading