XSUP-28298/XSOAR-Mirroring #29869
Merged
XSUP-28298/XSOAR-Mirroring #29869
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nt into XSUP-28298/XSOAR-Mirroring
eyalpalo
requested changes
Sep 27, 2023
| next_run = {'last_fetch': (latest_created_time + timedelta(milliseconds=1)) # type: ignore[operator] | ||
| .strftime(XSOAR_DATE_FORMAT)} # type: ignore[union-attr,operator] | ||
|
|
||
| next_run = {'last_fetch': (latest_created_time) # type: ignore[operator] |
There was a problem hiding this comment.
What will happen in a case when we support milliseconds (from 6 to 8)? We need to keep supporting this situation.
There was a problem hiding this comment.
We are supporting in milliseconds, I remove the timedelta(milliseconds=1) because I add the dedup, and it will prevent from duplication so we do not need to add time to the last fetch time.
| Returns: | ||
| Boolean: True if both datetime objects have the same time up to seconds, False otherwise. | ||
| """ | ||
| return (x.year == y.year) and (x.month == y.month) and (x.day == y.day)\ |
There was a problem hiding this comment.
can be replaced with x.replace(microsecond=0) and the same for y and simply compare them.
There was a problem hiding this comment.
We have milliseconds in XSOAR6, so this comparison will be wrong in XSOAR6. Therefore, I only considered seconds and not milliseconds. Please explain your comment. I think I don't understand your meaning
AradCarmi
reviewed
Oct 1, 2023
Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.py
Outdated
Show resolved
Hide resolved
Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.py
Outdated
Show resolved
Hide resolved
Packs/XSOARmirroring/Integrations/XSOARmirroring/XSOARmirroring.py
Outdated
Show resolved
Hide resolved
…nt into XSUP-28298/XSOAR-Mirroring
eyalpalo
requested changes
Oct 2, 2023
Comment on lines
341
to
342
| incidents, last_fetched_incidents = get_and_dedup_incidents(client,last_fetched_incidents, | ||
| query, max_results, last_fetch) |
There was a problem hiding this comment.
Let's keep the convention of new lines and assignments by name for better readability (same as in the call you deleted)
Comment on lines
806
to
830
| """ get incidents and dedup the incidents response. | ||
|
|
||
| Cases: | ||
| 1. Empty incidents list (no new incidents received from API response). | ||
| Meaning: Usually means there are not any more incidents to fetch at the moment. | ||
| Handle: Return empty list of incidents and the unchanged list of 'last_fetched_incidents' for next run. | ||
|
|
||
| 2. The response include incidents from the previous fetch cycle. | ||
| Meaning: There are potentially more incidents with the same timestamp. | ||
| Handle: Get more incidents util the number of the incident equal to the requested max fetch_limit. | ||
| Add the list of fetched incidents IDs to current 'last_fetched_incidents' from last run, | ||
| return list of new incidents and updated list of 'last_fetched_incidents' for next run. | ||
|
|
||
| 3. Most recent incident has later timestamp then other incidents in the response. | ||
| Meaning: This is the normal case where incidents in the response have different timestamps. | ||
| Handle: Return list of new incidents and a list of 'new_ids' containing only IDs of | ||
| incidents with identical latest time for next run. | ||
|
|
||
| Args: | ||
| incidents (list[dict]): List of incidents from the current fetch response. | ||
| last_fetched_incidents (list[dict]): List of IDs of incidents from last fetch cycle. | ||
|
|
||
| Returns: | ||
| tuple[list[dict], list[str]: The list of dedup incidents and ID list of incidents of current fetch. | ||
| """ |
There was a problem hiding this comment.
Suggested change
| """ get incidents and dedup the incidents response. | |
| Cases: | |
| 1. Empty incidents list (no new incidents received from API response). | |
| Meaning: Usually means there are not any more incidents to fetch at the moment. | |
| Handle: Return empty list of incidents and the unchanged list of 'last_fetched_incidents' for next run. | |
| 2. The response include incidents from the previous fetch cycle. | |
| Meaning: There are potentially more incidents with the same timestamp. | |
| Handle: Get more incidents util the number of the incident equal to the requested max fetch_limit. | |
| Add the list of fetched incidents IDs to current 'last_fetched_incidents' from last run, | |
| return list of new incidents and updated list of 'last_fetched_incidents' for next run. | |
| 3. Most recent incident has later timestamp then other incidents in the response. | |
| Meaning: This is the normal case where incidents in the response have different timestamps. | |
| Handle: Return list of new incidents and a list of 'new_ids' containing only IDs of | |
| incidents with identical latest time for next run. | |
| Args: | |
| incidents (list[dict]): List of incidents from the current fetch response. | |
| last_fetched_incidents (list[dict]): List of IDs of incidents from last fetch cycle. | |
| Returns: | |
| tuple[list[dict], list[str]: The list of dedup incidents and ID list of incidents of current fetch. | |
| """ | |
| """ get incidents and dedup the incidents response. | |
| Cases: | |
| 1. Empty incidents list (no new incidents received from API response). | |
| Return empty list of incidents and the unchanged list of 'last_fetched_incidents'. | |
| 2. The response includes incidents from the previous fetch cycle, with the same timestamp. | |
| Fetch incidents until the number of incidents is equal to the requested max fetch_limit. | |
| Add the list of fetched incident IDs to the current 'last_fetched_incidents' from last run, | |
| return a list of new incidents, and updated list of 'last_fetched_incidents'. | |
| 3. Most recent incident has a later timestamp than other incidents in the response. | |
| Return a list of new incidents and a list of 'new_ids' containing only the IDs of | |
| incidents with identical latest times for next run. | |
| Args: | |
| incidents (list[dict]): List of incidents from the current fetch response. | |
| last_fetched_incidents (list[dict]): List of IDs of incidents from last fetch cycle. | |
| Returns: | |
| tuple[list[dict], list[str]: The list of dedup incidents and ID list of incidents of current fetch. | |
| """ |
| Returns: | ||
| tuple[list[dict], list[str]: The list of dedup incidents and ID list of incidents of current fetch. | ||
| """ | ||
| last_fatched_incident = (dateparser.parse(last_fetched_incidents[-1]["created"]) |
There was a problem hiding this comment.
Suggested change
| last_fatched_incident = (dateparser.parse(last_fetched_incidents[-1]["created"]) | |
| last_fatched_incident = (dateparser.parse(last_fetched_incidents[-1].get("created")) |
And please change all to get
| field="created", | ||
| page=page, | ||
| ) | ||
| # Case 1: Empty response len(incidents) == 0 |
There was a problem hiding this comment.
Suggested change
| # Case 1: Empty response len(incidents) == 0 | |
| # Case 1: Empty response. |
| ##### XSOAR Mirroring | ||
|
|
||
| - Updated the Docker image to: *demisto/python3:3.10.13.74666*. | ||
| - Fixed an issue where the ***fetch-incidents*** command from XSOAR 8 to XSOAR 6 created infinite duplicates. |
There was a problem hiding this comment.
Suggested change
| - Fixed an issue where the ***fetch-incidents*** command from XSOAR 8 to XSOAR 6 created infinite duplicates. | |
| - Fixed an issue where the ***fetch-incidents*** command created duplicates when fetching from XSOAR 8 to XSOAR 6. |
…nt into XSUP-28298/XSOAR-Mirroring
eyalpalo
approved these changes
Oct 10, 2023
| incident_creation_time = dateparser.parse(incident["created"]) | ||
| if incident_dict not in last_fetched_incidents: | ||
| incident_id = incident.get("id") | ||
| incident_creation_time = dateparser.parse(incident.get("created", datetime.now())) |
There was a problem hiding this comment.
Is there a chance that the created field won't be present? Im not sure that setting the datetime now as the creation time is the correct approach
sapirshuker
added a commit
that referenced
this pull request
Dec 21, 2023
* fix * update docker image * fix flake8 errors * fix flake8 mypy errors * fixs * add tests * cr review * replace incidents_last_fetch_ids with last_fetched_incidents * fix CR review, update docker * fix tests * add tests, fix flake8 errors * fix flake8 errors * fix flake8 errors * fix Flake8 errors * CR remarks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Contributing to Cortex XSOAR Content
Make sure to register your contribution by filling the contribution registration form
The Pull Request will be reviewed only after the contribution registration form is filled.
Status
Related Issues
fixes: https://jira-hq.paloaltonetworks.local/browse/XSUP-28298
Description
Fixed an issue where the fetch-incidents command from XSOAR 8 to XSOAR 6 created infinite duplicates.
Must have