[Microsoft Defender for Endpoint]: Fix bug be able to use different o…

…perators in filter (#30513) * [Microsoft Defender for Endpoint]: Fix bug be able to use different operators in filter (#30481) * Fix: add filter arg to be able to filter on the date * update realase note after rebase * applying changes after review * SysAid add get file (#30718) * SysAid add get file (#30583) * SysAid add get file * Fixed error SysAid add get file * docker * Add file output * Update Packs/SysAid/ReleaseNotes/1_0_13.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/SysAid.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/SysAid/Integrations/SysAid/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed UT --------- Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * update conf file (#30743) * remove/change values (#30728) * SentinelOne v 3 2 12 (#30740) * SentinelOne v 3 2 12 (#30626) * Bug Fixes * updated the docker image * updated the release notes * making chages in threat request call * review comment fix * fixed release notes * docker --------- Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> * Netcraft Revamp (#29527) * init * started fetch * finished fetch * name changes * fixed output in yml * added command names * mirroring part 1 * added incident type * fixed incident type * fethcing logic works! * cmnd: netcraft-attack-report * cmnd: netcraft-attack-report complete * reference new pack in old * cmnd: netcraft-attack-report complete * session changes * added classifier * added commands * commands continued * commands continued * order change * test-module * examples init * session changes * pre update * finished code * added TPB * unit-tests init * test_data TO BE DELETED * test_data TO BE DELETED * test_data complete * test_data.py complete * unit-tests continued * unit-tests complete * fixed KeyError bug * fixed SubmissionNextToken bug * fixed pagination bug * remove unused test data * improved UI * silence secret ignore * silence line-too-long * silence secret ignore * added readme; fixed png * tests/format complete * default args * session changes * session changes * CR changes * finished docs * fix docs * fix docs * added layout * clearer description * add error for no file * add error for no file * demo changes part 1 * demo changes part 2 * demo changes part 3 * demo changes part 4 * demo changes part 5 * fixed unit-tests * update escalate docs * authorise => authorize * match case => if-elif * CR changes * Apply suggestions from code review Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fixed unit-tests * remove trailing whitespace * try running build * fixed upload bug * name change to avoid conflict * pack readme part 1 * release notes * add image * removed unnecessary files * cleaned build problems * pack readme part 2 * readme complete * readme complete * added layout, mapper, type; not formatted * capitalize 'service' * get_file_path * trial fix for unittests * fixed unit-tests * update docker * small changes * doc review changes * update TPB * silence secret detections * classifier fixed * demo changes * demo changes * small change * UI works * fix tests and docs * update docker * added types to yaml * fixed file submit bug * layout for xsoar only * build wars: round 1 * build wars: round 2 * build wars: round 3 * build wars: round 4 * build wars: round 5 * build wars: round 6 * build wars: round 7 * Update conf.json * remove email address * fix TPB * incease retry-interval * raised timeout threshold * update docker * raised from_version --------- Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * docker * conflicts --------- Co-authored-by: pl-brault <143391737+pl-brault@users.noreply.github.com> Co-authored-by: MosheEichler <meichler@paloaltonetworks.com> Co-authored-by: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Co-authored-by: Giorgio <147415442+giocupelli84@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> Co-authored-by: Israel Lappe <79846863+ilappe@users.noreply.github.com> Co-authored-by: Adi Bamberger Edri <72088126+BEAdi@users.noreply.github.com> Co-authored-by: munna-metron <82433049+munna-metron@users.noreply.github.com> Co-authored-by: Jacob Levy <129657918+jlevypaloalto@users.noreply.github.com>
demisto · Nov 12, 2023 · f088dc7 · f088dc7
1 parent 0e8de8e
commit f088dc7
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 5 deletions.
diff --git a/...ns/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py b/...ns/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.py
@@ -2918,6 +2918,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict):
     machine_id = remove_duplicates_from_list_arg(args, 'machine_id')
     type = args.get('type', '')
     requestor = args.get('requestor', '')
+    filters = args.get('filters', '')
     limit = arg_to_number(args.get('limit', 50))
     if action_id:
         for index in range(3):
@@ -2943,7 +2944,7 @@ def get_machine_action_by_id_command(client: MsClient, args: dict):
             'type': type,
             'requestor': requestor
         }
-        filter_req = reformat_filter_with_list_arg(fields_to_filter_by, "machineId")
+        filter_req = filters or reformat_filter_with_list_arg(fields_to_filter_by, "machineId")
         response = client.get_machine_actions(filter_req, limit)
         machine_actions_list = []
         for machine_action in response['value']:

diff --git a/...s/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml b/...s/MicrosoftDefenderAdvancedThreatProtection/MicrosoftDefenderAdvancedThreatProtection.yml
@@ -1284,6 +1284,8 @@ script:
     - deprecated: true
       description: Flag for the rate limit retry.
       name: ran_once_flag
+    - name: filters
+      description: String representation of filters (Override every other filters).
     description: |-
       Return the machine's actions. If you set an action ID, it returns the info on the specific action.
       Filtering can be done only on one argument.
@@ -1495,7 +1497,7 @@ script:
       name: machine_id
       required: true
     - description: |-
-        The file SHA1 hash to stop and quarantine on the machine. 
+        The file SHA1 hash to stop and quarantine on the machine.
         When providing multiple values, each value is checked for the same machine_id.
       isArray: true
       name: file_hash

diff --git a/...reatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md b/...reatProtection/Integrations/MicrosoftDefenderAdvancedThreatProtection/README.md
@@ -1683,6 +1683,7 @@ Machine.ReadWrite.All
 | type | The machine action type. Possible values are: RunAntiVirusScan, Offboard, CollectInvestigationPackage, Isolate, Unisolate, StopAndQuarantineFile, RestrictCodeExecution, UnrestrictCodeExecution. | Optional | 
 | requestor | The ID of the user that executed the action, only one can be added. | Optional | 
 | limit | The maximum number of machines to return. Default is 50. | Optional | 
+| filters | String representation of filters (Override every other filters). | Optional | 
 
 #### Context Output
 
@@ -7172,4 +7173,4 @@ There are no input arguments for this command.
 
 #### Context Output
 
-There is no context output for this command.
+There is no context output for this command.
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_17.md b/Packs/MicrosoftDefenderAdvancedThreatProtection/ReleaseNotes/1_16_17.md
@@ -0,0 +1,3 @@
+#### Integrations
+##### Microsoft Defender for Endpoint
+- Added the *filters* argument to the ***microsoft-atp-list-machine-actions-details*** command.
diff --git a/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json b/Packs/MicrosoftDefenderAdvancedThreatProtection/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Microsoft Defender for Endpoint",
     "description": "Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection (ATP)) is a unified platform for preventative protection, post-breach detection, automated investigation, and response.",
     "support": "xsoar",
-    "currentVersion": "1.16.16",
+    "currentVersion": "1.16.17",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",
@@ -66,4 +66,4 @@
         "CommonPlaybooks",
         "CommonTypes"
     ]
-}
+}