[Cortex XDR] Fixed status parsing issue (#28131)

* master

* reverting crowdstrike.py

* fixed status issue

* added release notes

* reverted 4_11_8.md 4_11_7.md

* bumped version

* apimodules release notes

* apimodules

* removed 4_11_9.md

* a minor improvement

* code improvements

* Update RN

* Fixed a typo

* Update README files

---------

Co-authored-by: Menachem Weinfeld <mmhw770@gmail.com>

Packs/ApiModules/ReleaseNotes/2_2_18.md

@@ -0,0 +1,4 @@
+
+#### Scripts
+##### CoreIRApiModule
+- Added support for multiple endpoint statuses when calling **get_endpoints_command** function.

Packs/ApiModules/Scripts/CoreIRApiModule/CoreIRApiModule.py

@@ -1813,7 +1813,7 @@ def get_endpoints_command(client, args):
     alias_name = argToList(args.get('alias_name'))
     isolate = args.get('isolate')
     hostname = argToList(args.get('hostname'))
-    status = args.get('status')
+    status = argToList(args.get('status'))
 
     first_seen_gte = arg_to_timestamp(
         arg=args.get('first_seen_gte'),
@@ -3458,7 +3458,7 @@ def create_request_filters(
         filters.append({
             'field': 'endpoint_status',
             'operator': 'IN',
-            'value': [status]
+            'value': status if isinstance(status, list) else [status]
         })
 
     if username:

Packs/ApiModules/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "ApiModules",
     "description": "API Modules",
     "support": "xsoar",
-    "currentVersion": "2.2.17",
+    "currentVersion": "2.2.18",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/Core/Integrations/CortexCoreIR/CortexCoreIR.yml

@@ -177,8 +177,9 @@ script:
       - asc
       - desc
     - auto: PREDEFINED
-      description: The status of the endpoint to filter.
+      description: A comma-separated list of endpoints statuses to filter.
       name: status
+      isArray: true
       predefined:
       - connected
       - disconnected

Packs/Core/Integrations/CortexCoreIR/README.md

@@ -98,7 +98,7 @@ Gets a list of endpoints, according to the passed filters. If there are no filte
 | limit | Maximum number of endpoints to return per page. The default and maximum is 30. Default is 30. | Optional | 
 | sort_by | Specifies whether to sort endpoints by the first time or last time they were seen. Can be "first_seen" or "last_seen". Possible values are: first_seen, last_seen. | Optional | 
 | sort_order | The order by which to sort results. Can be "asc" (ascending) or "desc" ( descending). Default set to asc. Possible values are: asc, desc. Default is asc. | Optional | 
-| status | The status of the endpoint to filter. Possible values are: connected, disconnected, lost, uninstalled. | Optional | 
+| status | A comma-separated list of endpoints statuses to filter. Possible values are: connected, disconnected, lost, uninstalled. | Optional |
 | username | The usernames to query for, accepts a single user, or comma-separated list of usernames. | Optional |
 
 #### Context Output

Packs/Core/ReleaseNotes/2_0_1.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Investigation & Response
+
+- Added support for multiple endpoint statuses when calling **core-get-endpoints**.

Packs/Core/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Core - Investigation and Response",
     "description": "Automates incident response",
     "support": "xsoar",
-    "currentVersion": "2.0.0",
+    "currentVersion": "2.0.1",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",

Packs/CortexXDR/Integrations/CortexXDRIR/CortexXDRIR.yml

@@ -740,7 +740,7 @@ script:
       - 'true'
       - 'false'
   - arguments:
-    - description: 'A comma-separated list of enpoint statuses to filter. Valid values are: connected, disconnected, lost, uninstalled, windows, linux, macos, android, isolated, unisolated'
+    - description: 'A comma-separated list of endpoints statuses to filter. Valid values are: connected, disconnected, lost, uninstalled, windows, linux, macos, android, isolated, unisolated'
       name: status
       isArray: true
     - description: A comma-separated list of endpoint IDs.

Packs/CortexXDR/Integrations/CortexXDRIR/README.md

@@ -923,7 +923,7 @@ Builtin Roles with this permission includes: "Privileged Responder", "Viewer" an
 
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
-| status | The status of the endpoint to filter. Possible values are: connected, disconnected, lost, uninstalled. | Optional | 
+| status | A comma-separated list of endpoints statuses to filter. Valid values are: connected, disconnected, lost, uninstalled, windows, linux, macos, android, isolated, unisolated. | Optional |
 | endpoint_id_list | A comma-separated list of endpoint IDs. | Optional | 
 | dist_name | A comma-separated list of distribution package names or installation package names.<br/>Example: dist_name1,dist_name2. | Optional | 
 | ip_list | A comma-separated list of IP addresses.<br/>Example: 8.8.8.8,1.1.1.1. | Optional | 

Packs/CortexXDR/ReleaseNotes/5_0_1.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Palo Alto Networks Cortex XDR - Investigation and Response
+
+- Added support for multiple endpoint statuses when calling **xdr-get-endpoints**.

Packs/CortexXDR/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "Cortex XDR by Palo Alto Networks",
     "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.",
     "support": "xsoar",
-    "currentVersion": "5.0.0",
+    "currentVersion": "5.0.1",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",