[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter

Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py

@@ -2918,6 +2918,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict):
     machine_id = remove_duplicates_from_list_arg(args, 'machine_id')
     type = args.get('type', '')
     requestor = args.get('requestor', '')
+    filters = args.get('filters', '')
     limit = arg_to_number(args.get('limit', 50))
     if action_id:
         for index in range(3):
@@ -2943,7 +2944,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict):
             'type': type,
             'requestor': requestor
         }
-        filter_req = reformat_filter_with_list_arg(fields_to_filter_by, "machineId")
+        filter_req = filters if filters else reformat_filter_with_list_arg(fields_to_filter_by, "machineId")
         response = client.get_machine_actions(filter_req, limit)
         machine_actions_list = []
         for machine_action in response['value']:

Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml

@@ -1284,6 +1284,8 @@ script:
     - deprecated: true
       description: Flag for the rate limit retry.
       name: ran_once_flag
+    - name: filters
+      description: String representation of filters.
     description: |-
       Return the machine's actions. If you set an action ID, it returns the info on the specific action.
       Filtering can be done only on one argument.
@@ -1495,7 +1497,7 @@ script:
       name: machine_id
       required: true
     - description: |-
-        The file SHA1 hash to stop and quarantine on the machine. 
+        The file SHA1 hash to stop and quarantine on the machine.
         When providing multiple values, each value is checked for the same machine_id.
       isArray: true
       name: file_hash
@@ -5532,7 +5534,7 @@ script:
     execution: false
     name: microsoft-atp-auth-reset
     arguments: []
-  dockerimage: demisto/crypto:1.0.0.79207
+  dockerimage: demisto/crypto:1.0.0.79610
   isfetch: true
   runonce: false
   script: '-'

Packs/MicrosoftDefenderAdvancedThreatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md

@@ -1683,6 +1683,7 @@ Machine.ReadWrite.All
 | type | The machine action type. Possible values are: RunAntiVirusScan, Offboard, CollectInvestigationPackage, Isolate, Unisolate, StopAndQuarantineFile, RestrictCodeExecution, UnrestrictCodeExecution. | Optional | 
 | requestor | The ID of the user that executed the action, only one can be added. | Optional | 
 | limit | The maximum number of machines to return. Default is 50. | Optional | 
+| filters | String representation of filters (Override every other filters). | Optional | 
 
 #### Context Output
 
@@ -7172,4 +7173,4 @@ There are no input arguments for this command.
 
 #### Context Output
 
-There is no context output for this command.
+There is no context output for this command.

Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md

@@ -0,0 +1,3 @@
+#### Integrations
+##### Microsoft Defender for Endpoint
+- Added *filters* argument for the command `microsoft-atp-list-machine-actions-details`.

Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Microsoft Defender for Endpoint",
     "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.",
     "support": "xsoar",
-    "currentVersion": "1.16.15",
+    "currentVersion": "1.16.16",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -66,4 +66,4 @@
         "CommonPlaybooks",
         "CommonTypes"
     ]
-}
+}