diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_8.md b/Packs/CommonScripts/ReleaseNotes/1_13_8.md new file mode 100644 index 000000000000..2089fa573175 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_8.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### SearchIncidentsV2 +- Fixed an issue where the script failed to pull all available incidents in XSOAR 8. + +- Updated the Docker image to: *demisto/python3:3.10.13.83255*. diff --git a/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.py b/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.py index 48531277d2c4..0f80b4e70b32 100644 --- a/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.py +++ b/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.py @@ -153,34 +153,37 @@ def search_incidents(args: Dict): # pragma: no cover if platform == 'x2': return 'Alerts not found.', {}, {} return 'Incidents not found.', {}, {} - limit = arg_to_number(args.get('limit')) or DEFAULT_LIMIT all_found_incidents = res[0]["Contents"]["data"] demisto.debug( f'Amount of incidents before filtering = {len(all_found_incidents)} with args {args} before pagination' ) + page_size = args.get('size') or DEFAULT_PAGE_SIZE + more_pages = len(all_found_incidents) == page_size all_found_incidents = add_incidents_link(apply_filters(all_found_incidents, args), platform) demisto.debug( f'Amount of incidents after filtering = {len(all_found_incidents)} before pagination' ) - # adding 1 here because the default page number start from 0 - max_page = (res[0]["Contents"]["total"] // DEFAULT_PAGE_SIZE) + 1 - demisto.debug(f'{max_page=}') - page = STARTING_PAGE_NUMBER - while len(all_found_incidents) < limit and page < max_page: + + while more_pages and len(all_found_incidents) < limit: args['page'] = page current_page_found_incidents = execute_command('getIncidents', args).get('data') or [] - demisto.debug( - f'before filtering {len(current_page_found_incidents)=} ' - f' {args=} {page=}' - ) + + # When current_page_found_incidents is None it means the requested page was empty + if not current_page_found_incidents: + break + + demisto.debug(f'before filtering {len(current_page_found_incidents)=} {args=} {page=}') + more_pages = len(current_page_found_incidents) == page_size + current_page_found_incidents = add_incidents_link(apply_filters(current_page_found_incidents, args), platform) demisto.debug(f'after filtering = {len(current_page_found_incidents)=}') all_found_incidents.extend(current_page_found_incidents) page += 1 all_found_incidents = all_found_incidents[:limit] + headers: List[str] if platform == 'x2': headers = ['id', 'name', 'severity', 'details', 'hostname', 'initiatedby', 'status', diff --git a/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.yml b/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.yml index 520a8645fe01..6f9209a8aa1e 100644 --- a/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.yml +++ b/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2.yml @@ -15,32 +15,32 @@ args: - description: A comma-separated list of incident close reasons by which to filter the results. isArray: true name: reason -- description: Filter by from date (e.g. "3 days ago" or 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) +- description: Filter by from date (e.g. "3 days ago" or 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z). name: fromdate -- description: Filter by to date (e.g. "3 days ago" or 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) +- description: Filter by to date (e.g. "3 days ago" or 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z). name: todate -- description: Filter by from close date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) +- description: Filter by from close date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z). name: fromclosedate -- description: Filter by to close date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) +- description: Filter by to close date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z). name: toclosedate -- description: Filter by from due date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) +- description: Filter by from due date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z). name: fromduedate -- description: Filter by to due date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) +- description: Filter by to due date (e.g. 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z). name: toduedate -- description: Filter by Severity +- description: Filter by Severity. isArray: true name: level -- description: Filter by incident owners +- description: Filter by incident owners. isArray: true name: owner -- description: Filter by incident details +- description: Filter by incident details. name: details -- description: Filter by incident type +- description: Filter by incident type. isArray: true name: type - description: Use free form query (use Lucene syntax) as filter. All other filters will be ignored when this filter is used. name: query -- description: Filter by the page number +- description: Filter by the page number. name: page deprecated: true - description: |- @@ -48,7 +48,7 @@ args: Note that the count is from the head of the list, regardless of event time or other properties. name: trimevents hidden: true -- description: Number of incidents per page (per fetch) +- description: Number of incidents per page (per fetch). name: size deprecated: true - description: The maximum number of incidents to be returned. @@ -64,7 +64,7 @@ args: predefined: - "false" - "true" -- description: A comma seperated list of fields to add to context when using summarized version, (default- id,name,type,severity,status,owner,created,closed) +- description: A comma seperated list of fields to add to context when using summarized version, (default- id,name,type,severity,status,owner,created,closed). name: add_fields_to_summarize_context comment: |- Searches Demisto incidents. A summarized version of this scrips is avilable with the summarizedversion argument. @@ -123,7 +123,7 @@ tags: - Utility timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.83255 fromversion: 5.0.0 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2_test.py b/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2_test.py index 05ccc5cb1586..09928c2ac834 100644 --- a/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2_test.py +++ b/Packs/CommonScripts/Scripts/SearchIncidentsV2/SearchIncidentsV2_test.py @@ -14,9 +14,9 @@ def create_sample_incidents(start, end, incident_type): return [ { - u'id': u'{i}'.format(i=i), - u'type': u'{type}'.format(type=incident_type), - u'name': u'incident-{i}'.format(i=i), + 'id': f'{i}', + 'type': f'{incident_type}', + 'name': f'incident-{i}', } for i in range(start, end + 1) ] @@ -36,7 +36,7 @@ def execute_get_incidents_command_side_effect(amount_of_mocked_incidents): { 'Contents': { 'data': create_sample_incidents(start, end, incident_type), - 'total': amount_of_mocked_incidents + 'total': 0 } } ] @@ -119,24 +119,24 @@ def test_is_incident_id_valid(id_value, expected_output): EXAMPLE_INCIDENTS_RAW_RESPONSE = [ { - u'id': u'1', - u'type': u'TypeA', - u'name': u'Phishing', + 'id': '1', + 'type': 'TypeA', + 'name': 'Phishing', }, { - u'id': u'2', - u'type': u'Type-A', - u'name': u'Phishing Campaign', + 'id': '2', + 'type': 'Type-A', + 'name': 'Phishing Campaign', }, { - u'id': u'3', - u'type': u'SomeType-A', - u'name': u'Go Phish', + 'id': '3', + 'type': 'SomeType-A', + 'name': 'Go Phish', }, { - u'id': u'4', - u'type': u'Another Type-A', - u'name': u'Hello', + 'id': '4', + 'type': 'Another Type-A', + 'name': 'Hello', }, ] @@ -168,7 +168,7 @@ def test_apply_filters(args, expected_incident_ids): assert [incident['id'] for incident in incidents] == expected_incident_ids -def get_incidents_mock(command, args, extract_contents=True, fail_on_error=True): +def get_incidents_mock(_, args, extract_contents=True, fail_on_error=True): ids = args.get('id', '').split(',') incidents_list = [incident for incident in EXAMPLE_INCIDENTS_RAW_RESPONSE if incident['id'] in ids] if not extract_contents: @@ -178,8 +178,8 @@ def get_incidents_mock(command, args, extract_contents=True, fail_on_error=True) @pytest.mark.parametrize('args,filtered_args,expected_result', [ ({}, {}, []), - (dict(trimevents='0'), {}, []), - (dict(trimevents='1'), dict(trimevents='1'), []), + ({'trimevents': '0'}, {}, []), + ({'trimevents': '1'}, {'trimevents': '1'}, []), ({'id': 1}, {'id': '1'}, [EXAMPLE_INCIDENTS_RAW_RESPONSE[0]]), ({'id': [1, 2]}, {'id': '1,2'}, [EXAMPLE_INCIDENTS_RAW_RESPONSE[0], EXAMPLE_INCIDENTS_RAW_RESPONSE[1]]), ({'id': '1,2'}, {'id': '1,2'}, [EXAMPLE_INCIDENTS_RAW_RESPONSE[0], EXAMPLE_INCIDENTS_RAW_RESPONSE[1]]), diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index ff76c6d54534..34e6b31ce1eb 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.13.7", + "currentVersion": "1.13.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",