Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Azure Sentinel] Fix first fetch #31058

Merged
merged 9 commits into from Nov 26, 2023
Merged

[Azure Sentinel] Fix first fetch #31058

merged 9 commits into from Nov 26, 2023

Conversation

ilaner
Copy link
Contributor

@ilaner ilaner commented Nov 22, 2023
edited

Related Issues

fixes: https://jira-dc.paloaltonetworks.com/browse/XSUP-29015

Description

  • Fetch by timestamp if last_incident_number is 0 or None, beacuse it means that no incidents were fetched.
  • Update the last timestamp to now when no incidents were fetched.

yuvalbenshalom
yuvalbenshalom suggested changes Nov 22, 2023
View reviewed changes
Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.py Outdated

if not raw_incidents:
# if we don't have any raw incidents, we want to keep the last incident id and update the last_created_time to now
latest_created_time = datetime.utcnow()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if last created time exists(so it is not 0) shouldn't we just preserve it and not override it with now?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You right, we can keep the old time.
The latest_created_time always exist so we can delete this line.

The only change is to continue to fetch by timestamp if the latest incident number is 0.

ilaner and others added 3 commits November 23, 2023 10:33
@ilaner
updates
974a575
@ilaner
:wq
9e5be3b 
:Merge remote-tracking branch 'origin/master' into azure-sentinel-first-fetch-fix
@ilaner
Merge branch 'master' into azure-sentinel-first-fetch-fix
67ab586
@ilaner ilaner merged commit 9ac979f into master Nov 26, 2023
20 checks passed
@ilaner ilaner deleted the azure-sentinel-first-fetch-fix branch November 26, 2023 07:55
sapirshuker pushed a commit that referenced this pull request Dec 21, 2023
@ilaner
[Azure Sentinel] Fix first fetch (#31058)
3029ee4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuvalbenshalom yuvalbenshalom yuvalbenshalom approved these changes

Assignees
No one assigned
Labels
docs-approved
Projects
None yet
Milestone
No milestone
2 participants
@ilaner @yuvalbenshalom