[Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter #30513
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…perators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review
content-bot
added
Contribution
MosheEichler
approved these changes
Oct 30, 2023
|
Hello, |
|
Hello @pl-brault Nothing needed from your side, |
* SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed UT --------- Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
* SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com>
* init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
# Conflicts: # Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_16.md
sapirshuker
pushed a commit
that referenced
this pull request
Dec 21, 2023
…perators in filter (#30513) * [Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed UT --------- Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * docker * conflicts --------- Co-authored-by: pl-brault <143391737+pl-brault@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Original External PR
external pull request
Contributor
@pl-brault
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: link to the issue
Description
When using the command
microsoft-atp-list-machine-actions-detailsthe string representing the filter that will be pass to the api are made with only AND and eq operator (using the fonctionreformat_filter).To be able to filter on the field
creationDateTimeUtcwe need different operator like ge, le, gt, lt. To avoid changing multiple fonctions, I've added thefiltersargument to be able to pass custom filter made by the user. It gives the possibility to filter on the fieldcreationDateTimeUtcand the possibility to use the OR operator in the string representing the filter that will be pass to the api.Here is an example of the command:
!microsoft-atp-list-machine-actions-details filters="(type eq 'Isolate' or type eq 'Unisolate') and creationDateTimeUtc ge 2023-10-20T12:00:57.1234Z"Must have