SentinelOne v 3 2 12 (#30740)

* SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com>
demisto · Nov 8, 2023 · d0d5a21 · d0d5a21
1 parent 7feb9d9
commit d0d5a21
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 8 deletions.
diff --git a/Packs/SentinelOne/Classifiers/classifier-SentinelOne_Incident_Classifier.json b/Packs/SentinelOne/Classifiers/classifier-SentinelOne_Incident_Classifier.json
@@ -4,7 +4,8 @@
 	"feed": false,
 	"id": "SentinelOne Classifier",
 	"keyTypeMap": {
-		"SentinelOne Incident": "SentinelOne Incident"
+		"SentinelOne Incident": "SentinelOne Incident",
+		"incident": "SentinelOne Incident"
 	},
 	"name": "SentinelOne Classifier",
 	"transformer": {

diff --git a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.py
@@ -286,7 +286,7 @@ def get_threats_request(self, content_hash=None, mitigation_status=None, created
             siteIds=site_ids,
             rank=int(rank) if rank else None,
             keys_to_ignore=keys_to_ignore,
-            incidentStatuses=argToList(incident_statuses.lower() if incident_statuses is not None else None)
+            incidentStatuses=incident_statuses.lower() if incident_statuses else None
         )
         response = self._http_request(method='GET', url_suffix='threats', params=params, ok_codes=[200])
         return response.get('data', {})
@@ -3302,13 +3302,12 @@ def fetch_threats(client: Client, args):
     incidents_threats = []
     current_fetch = args.get('current_fetch')
     incident_statuses = args.get('fetch_threat_incident_statuses')
-    resolved = 'true' if incident_statuses and 'RESOLVED' in incident_statuses else 'false'
 
     threats = client.get_threats_request(limit=args.get('fetch_limit'),
                                          created_after=args.get('last_fetch_date_string'),
                                          site_ids=args.get('fetch_site_ids'),
                                          incident_statuses=','.join(incident_statuses).lower() if incident_statuses else None,
-                                         resolved=resolved)
+                                         include_resolved_param=False)
     for threat in threats:
         rank = threat.get('rank')
         threat.update(get_mirroring_fields(args))
@@ -3434,8 +3433,8 @@ def main():
     fetch_type = params.get('fetch_type', 'Threats')
     first_fetch_time = params.get('fetch_time', '3 days')
     fetch_severity = params.get('fetch_severity', [])
-    fetch_incidentStatus = params.get('fetch_incidentStatus', [])
-    fetch_threat_incident_statuses = params.get('fetch_threat_incident_statuses', [])
+    fetch_incidentStatus = params.get('fetch_incidentStatus', ["UNRESOLVED"])
+    fetch_threat_incident_statuses = params.get('fetch_threat_incident_statuses', ["UNRESOLVED"])
     fetch_threat_rank = int(params.get('fetch_threat_rank', 0))
     fetch_limit = int(params.get('fetch_limit', 10))
     fetch_site_ids = params.get('fetch_site_ids', None)

diff --git a/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml b/Packs/SentinelOne/Integrations/SentinelOne-V2/SentinelOne-V2.yml
@@ -2313,7 +2313,7 @@ script:
       description: IP Address.
     - contextPath: SentinelOne.MAC.mac
       description: MAC Address.
-  dockerimage: demisto/python3:3.10.13.75921
+  dockerimage: demisto/python3:3.10.13.80014
   isfetch: true
   ismappable: true
   isremotesyncin: true

diff --git a/Packs/SentinelOne/ReleaseNotes/3_2_12.md b/Packs/SentinelOne/ReleaseNotes/3_2_12.md
@@ -0,0 +1,14 @@
+
+#### Integrations
+
+##### SentinelOne v2
+
+- Updated the Docker image to: *demisto/python3:3.10.13.80014*.
+- Improved implementation of the ***fetch-threats*** functionality, so that it will fetch the selected threat statuses from the configuration.
+
+
+#### Classifiers
+
+##### SentinelOne Classifier
+
+- Fixed an issue where the **SentinelOne Classifier** unable to mapped with the Incident Type whose name is **incident**.
diff --git a/Packs/SentinelOne/pack_metadata.json b/Packs/SentinelOne/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "SentinelOne",
     "description": "Endpoint protection",
     "support": "partner",
-    "currentVersion": "3.2.11",
+    "currentVersion": "3.2.12",
     "author": "SentinelOne",
     "url": "https://www.sentinelone.com/support/",
     "email": "support@sentinelone.com",