Microsoft atp list no category (#29755)

* Added category support * saave rn * validations + pre-commit fixes * Update Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_9.md Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> * fix test playbook * fix test playbook * new docker * fix test playbook * trying without docker change * docker update * save rn * Update Packs/Active_Directory_Query/ReleaseNotes/1_6_24.md * update docker * fix test playbook --------- Co-authored-by: Dan Tavori <38749041+dantavori@users.noreply.github.com> Co-authored-by: Yehuda Rosenberg <90599084+RosenbergYehuda@users.noreply.github.com>
demisto · Sep 26, 2023 · 6423bdf · 6423bdf
1 parent 71a762b
commit 6423bdf
Show file tree

Hide file tree

Showing 8 changed files with 434 additions and 395 deletions.
diff --git a/Packs/Active_Directory_Query/ReleaseNotes/1_6_24.md b/Packs/Active_Directory_Query/ReleaseNotes/1_6_24.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Active Directory Query v2
+
+- Fixed an issue where the *category* argument of the ***microsoft-atp-list-alerts*** command did not work properly.
diff --git a/Packs/Active_Directory_Query/pack_metadata.json b/Packs/Active_Directory_Query/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Active Directory Query",
     "description": "Active Directory Query integration enables you to access and manage Active Directory objects (users, contacts, and computers).",
     "support": "xsoar",
-    "currentVersion": "1.6.23",
+    "currentVersion": "1.6.24",
     "author": "Cortex XSOAR",
     "url": "",
     "email": "",

diff --git a/...ns/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py b/...ns/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py
@@ -2589,11 +2589,13 @@ def list_alerts_command(client: MsClient, args: dict):
                'ThreatFamilyName', 'MachineID']
     severity = args.get('severity')
     status = args.get('status')
+    category = args.get('category')
     limit = arg_to_number(args.get('limit', 50))
     creation_time = arg_to_datetime(args.get('creation_time'), required=False)
     fields_to_filter_by = {
         'severity': severity,
-        'status': status
+        'status': status,
+        'category': category,
     }
     filter_req = reformat_filter(fields_to_filter_by)
     alerts_response = client.list_alerts(filter_req, limit, creation_time=creation_time, evidence=True)
@@ -3668,7 +3670,7 @@ def _get_incidents_query_params(client, fetch_evidence, last_fetch_time):
         sources = argToList(client.alert_detectionsource_to_fetch)
         source_filter_list = [f"detectionSource+eq+'{DETECTION_SOURCE_TO_API_VALUE[source]}'" for source in sources]
         if len(source_filter_list) > 1:
-            source_filter_list = list(map(lambda x: f"({x})", source_filter_list))
+            source_filter_list = [f"({x})" for x in source_filter_list]
         filter_query = filter_query + " and (" + " or ".join(source_filter_list) + ")"
     if client.alert_status_to_fetch:
         statuses = argToList(client.alert_status_to_fetch)

diff --git a/...s/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml b/...s/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml
@@ -5525,7 +5525,7 @@ script:
     execution: false
     name: microsoft-atp-auth-reset
     arguments: []
-  dockerimage: demisto/crypto:1.0.0.74660
+  dockerimage: demisto/crypto:1.0.0.74979
   isfetch: true
   runonce: false
   script: '-'

diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_10.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_10.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Microsoft Defender for Endpoint
+- Updated the Docker image to: *demisto/crypto:1.0.0.74979*.
+- Fixed an issue where the *category* argument of the ***microsoft-atp-list-alerts*** command did not work properly.