diff --git a/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.py b/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.py index 69600b520dc9..ce66f2b614db 100644 --- a/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.py +++ b/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.py @@ -305,10 +305,11 @@ def fetch_incidents_command( incidents = [] if raw_response: for event in raw_response: + attack_data = event.get('attackData', {}) + http_message = event.get('httpMessage', {}) incidents.append({ - 'name': f"{INTEGRATION_NAME}: {event.get('attackData').get('configId')}", - 'occurred': date_format_converter(from_format='epoch', - date_before=event.get('httpMessage', {}).get('start')), + 'name': f"{INTEGRATION_NAME}: {attack_data.get('configId')} - {http_message.get('requestId')}", + 'occurred': date_format_converter(from_format='epoch', date_before=http_message.get('start')), 'rawJSON': json.dumps(event) }) diff --git a/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.yml b/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.yml index 2be4f092c759..b8ba2dfebdff 100644 --- a/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.yml +++ b/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM.yml @@ -208,7 +208,7 @@ script: - contextPath: IP.Geo.Country description: The country in which the IP address is located. type: String - dockerimage: demisto/auth-utils:1.0.0.90978 + dockerimage: demisto/auth-utils:1.0.0.91447 isfetch: true isfetch:marketplacev2: false isfetchevents: true diff --git a/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM_test/TestCommandsFunctions/expected_fetch.json b/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM_test/TestCommandsFunctions/expected_fetch.json index 7b77bf5790bb..0317a5763f75 100644 --- a/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM_test/TestCommandsFunctions/expected_fetch.json +++ b/Packs/Akamai_SIEM/Integrations/Akamai_SIEM/Akamai_SIEM_test/TestCommandsFunctions/expected_fetch.json @@ -1,11 +1,11 @@ [ { - "name": "Akamai SIEM: 50170", + "name": "Akamai SIEM: 50170 - 3fbce3e", "occurred": "2019-12-10T18:28:27Z", "rawJSON": {"type":"akamai_siem","format":"json","version":"1.0","attackData":{"configId":"50170","policyId":"1234","clientIP":"8.8.8.8","rules":"","ruleVersions":"","ruleMessages":"","ruleTags":"","ruleData":"","ruleSelectors":"","ruleActions":""},"httpMessage":{"requestId":"3fbce3e","start":"1576002507","protocol":"HTTP/1.1","method":"HEAD","host":"google.com","port":"80","path":"index","requestHeaders":"Test","status":"403","bytes":"0","responseHeaders":"Server"},"geo":{"continent":"NA","country":"US","city":"LOSANGELES","regionCode":"CA","asn":"5650"}} }, { - "name": "Akamai SIEM: 50170", + "name": "Akamai SIEM: 50170 - 3fbd757", "occurred": "2019-12-10T18:28:26Z", "rawJSON": {"type":"akamai_siem","format":"json","version":"1.0","attackData":{"configId":"50170","policyId":"1234","clientIP":"8.8.8.8","rules":"","ruleVersions":"","ruleMessages":"","ruleTags":"","ruleData":"","ruleSelectors":"","ruleActions":""},"httpMessage":{"requestId":"3fbd757","start":"1576002506","protocol":"HTTP/1.1","method":"HEAD","host":"google.com","port":"80","path":"index","requestHeaders":"Test","status":"403","bytes":"0","responseHeaders":"Server"},"geo":{"continent":"NA","country":"US","city":"LOSANGELES","regionCode":"CA","asn":"5650"}} } diff --git a/Packs/Akamai_SIEM/ReleaseNotes/1_1_1.md b/Packs/Akamai_SIEM/ReleaseNotes/1_1_1.md new file mode 100644 index 000000000000..a3788a8c15d8 --- /dev/null +++ b/Packs/Akamai_SIEM/ReleaseNotes/1_1_1.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Akamai WAF SIEM +- Updated the Docker image to: *demisto/auth-utils:1.0.0.91447*. +- Added the *requestId* field to the name of created incidents. This will prevent the creation of incidents with the same name. diff --git a/Packs/Akamai_SIEM/pack_metadata.json b/Packs/Akamai_SIEM/pack_metadata.json index 5bdee16cd418..721ef0661862 100644 --- a/Packs/Akamai_SIEM/pack_metadata.json +++ b/Packs/Akamai_SIEM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Akamai WAF SIEM", "description": "Use the Akamai WAF SIEM integration to retrieve security events from Akamai Web Application Firewall (WAF) service.", "support": "xsoar", - "currentVersion": "1.1.0", + "currentVersion": "1.1.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",