Feature/sepiodev (#17449) (#17546)

* #3482 [Demisto] release a new plugin * #3482 [Demisto] release a new plugin - readme * #3226 [Demisto] Release a new plug-in version to fix lost events * sepio fix test * sepio fix test2 * sepio fix test3 * sepio fix test4 * sepio fix test5 * fix test * fix tests * format Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com> Co-authored-by: SepioSystems <65220432+SepioSystems@users.noreply.github.com> Co-authored-by: ilan <ierukhimovic@paloaltonetworks.com>
demisto · Feb 8, 2022 · d4fd3a4 · d4fd3a4
1 parent 7b7cc18
commit d4fd3a4
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 11 deletions.
diff --git a/Packs/Sepio/Integrations/SepioPrimeAPI/SepioPrimeAPI.py b/Packs/Sepio/Integrations/SepioPrimeAPI/SepioPrimeAPI.py
@@ -223,7 +223,7 @@ def prime_get_switch_ports(self, switch_ip_address, switch_name, port_id, port_n
         return res
 
     def prime_get_events(self, from_datetime, min_severity, categories, max_results,
-                         to_datetime=None, source=None, peripheral_type=None):
+                         to_datetime=None, source=None, peripheral_type=None, from_eventid=None):
         """Gets Events from Sepio Prime using the '/events/getevents' API endpoint
 
         :type from_datetime: ``str``
@@ -255,11 +255,14 @@ def prime_get_events(self, from_datetime, min_severity, categories, max_results,
         get_events_params = {
             'category': search_category,
             'minimumSeverity': min_severity,
-            'fromDate': from_datetime,
-            'toDate': to_datetime,
             'source': source,
             'peripheralIcon': peripheral_type
         }
+        if from_eventid is None:
+            get_events_params["FromDate"] = from_datetime
+            get_events_params["ToDate"] = to_datetime
+        else:
+            get_events_params["FromEventId"] = from_eventid
 
         res = self.__prime_get_from_api_retries('/events/getevents', get_events_params, 'date_asc', max_results)
         return res
@@ -1099,6 +1102,7 @@ def fetch_incidents(client, last_run, first_fetch_time, min_serverity, categorie
 
     # Get the last fetch time, if exists
     last_fetch = last_run.get('last_fetch')
+    last_fetch_eventid = last_run.get('last_fetch_eventid')
 
     # Handle first time fetch
     last_fetch_dt = None
@@ -1113,7 +1117,8 @@ def fetch_incidents(client, last_run, first_fetch_time, min_serverity, categorie
     max_results = validate_fetch_data_max_result(max_results, MAX_RESULTS_EVENTS, 'limit')
 
     incidents = []
-    items = client.prime_get_events(timestamp_to_datestring(last_fetch_timestamp), min_serverity, categories, max_results)
+    items = client.prime_get_events(timestamp_to_datestring(last_fetch_timestamp), min_serverity,
+                                    categories, max_results, None, None, None, last_fetch_eventid)
     for item in items:
         item['eventSource'] = SEPIO  # constant for mapping
         incident_created_time = dateparser.parse(item['creationTime'])
@@ -1130,8 +1135,10 @@ def fetch_incidents(client, last_run, first_fetch_time, min_serverity, categorie
         # Update last run and add incident if the incident is newer than last fetch
         if incident_created_timestamp > last_fetch_timestamp:
             last_fetch_timestamp = incident_created_timestamp
-
-    next_run = {'last_fetch': timestamp_to_datestring(last_fetch_timestamp, DATE_FORMAT)}
+    if len(items):
+        last_fetch_eventid = items[0]["eventID"] + 1
+    next_run = {'last_fetch': timestamp_to_datestring(
+        last_fetch_timestamp, DATE_FORMAT), 'last_fetch_eventid': last_fetch_eventid}
     return next_run, incidents
 
 

diff --git a/Packs/Sepio/Integrations/SepioPrimeAPI/SepioPrimeAPI.yml b/Packs/Sepio/Integrations/SepioPrimeAPI/SepioPrimeAPI.yml
@@ -450,7 +450,7 @@ script:
       description: New mode to apply – "Approve" or "Disapprove".
     description: Set Agent Peripherals Mode
     execution: true
-  dockerimage: demisto/python3:3.9.8.24399
+  dockerimage: demisto/python3:3.10.1.25933
   isfetch: true
   runonce: false
   subtype: python3

diff --git a/Packs/Sepio/Integrations/SepioPrimeAPI/SepioPrimeAPI_test.py b/Packs/Sepio/Integrations/SepioPrimeAPI/SepioPrimeAPI_test.py
@@ -241,7 +241,8 @@ def test_sepio_query_system_events(requests_mock):
         'min_severity': 'Notice',
         'category': ['USB', 'Network'],
         'source': 'DESKTOP-9LR722S (192.168.100.128)',
-        'peripheral_type': '1,2,3'
+        'peripheral_type': '1,2,3',
+        'from_eventid': '1',
     }
 
     response = sepio_query_system_events_command(client, args)
@@ -394,7 +395,8 @@ def test_fetch_incidents(requests_mock):
         max_results=20)
 
     mock_new_last_run = {
-        'last_fetch': '2020-06-22T17:27:06Z'
+        'last_fetch': '2020-06-22T17:27:06Z',
+        'last_fetch_eventid': 406
     }
 
     assert new_last_run == mock_new_last_run

diff --git a/Packs/Sepio/ReleaseNotes/1_0_6.md b/Packs/Sepio/ReleaseNotes/1_0_6.md
@@ -0,0 +1,4 @@
+
+#### Integrations
+##### Demisto - Sepio
+- 3226 Release a new plug-in version to fix lost events - changing fromTimeStamp to fromEventId
diff --git a/Packs/Sepio/pack_metadata.json b/Packs/Sepio/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Sepio",
     "description": "Get Agent, Switches and Events from your Sepio Prime",
     "support": "partner",
-    "currentVersion": "1.0.5",
+    "currentVersion": "1.0.6",
     "author": "Sepio",
     "url": "https://sepio.systems/contact-us/",
     "email": "support@sepio.systems",
@@ -11,7 +11,7 @@
     ],
     "tags": [],
     "created": "2020-05-12T12:00:00Z",
-    "updated": "2020-05-12T12:00:00Z",
+    "updated": "2021-12-12T12:00:00Z",
     "beta": false,
     "deprecated": false,
     "useCases": [],