diff --git a/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py b/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py index fa20d31134dd..368e4bb2e2d3 100644 --- a/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py +++ b/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.py @@ -524,10 +524,11 @@ def is_command_is_fetch(): :return: True if this is a fetch_incidents command, otherwise return false. :rtype: ``bool`` """ - if demisto.getLastRun(): + ctx = demisto.getIntegrationContext() + if demisto.getLastRun() or ctx.get("unstuck", False): return True else: - return not demisto.getIntegrationContext().get('fetched_incidents_list', []) + return not ctx.get('fetched_incidents_list', []) def fetch_incidents(client): @@ -605,6 +606,7 @@ def fetch_incidents(client): incidents_to_update = incidents or ctx.get('fetched_incidents_list') ctx.update({'fetched_incidents_list': incidents_to_update}) + ctx["unstuck"] = False demisto.setIntegrationContext(ctx) demisto.debug(f"Integration Context after update = {ctx}") @@ -1965,6 +1967,24 @@ def get_logs_defender_download_command(client: PrismaCloudComputeClient, args: d return fileResult(f"{hostname}-logs.tar.gz", response, entryTypes["entryInfoFile"]) +def unstuck_fetch_stream_command(): + """ + Adds a field to ensure that is_command_is_fetch will recognize the next fetch incidents run as fetch. + This command is for unstacking the fetch stream in case the fetch incidents yields duplications. + + Returns: + CommandResults: command-results object. + """ + ctx = demisto.getIntegrationContext() + demisto.debug(f"unstuck field before update = {ctx.get('unstuck', False)}") + ctx["unstuck"] = True + demisto.setIntegrationContext(ctx) + demisto.debug(f"unstuck field after update = {ctx.get('unstuck', False)}") + return CommandResults( + readable_output="The fetch stream was released successfully." + ) + + def main(): """ PARSE AND VALIDATE INTEGRATION PARAMS @@ -2078,6 +2098,8 @@ def main(): return_results(results=get_backups_command(client=client, args=demisto.args())) elif requested_command == "prisma-cloud-compute-logs-defender-download": return_results(results=get_logs_defender_download_command(client=client, args=demisto.args())) + elif requested_command == "prisma-cloud-compute-unstuck-fetch-stream": + return_results(unstuck_fetch_stream_command()) # Log exceptions except Exception as e: return_error(f'Failed to execute {requested_command} command. Error: {str(e)}') diff --git a/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml b/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml index 9d061f828147..3bdabe86d7ca 100644 --- a/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml +++ b/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/PaloAltoNetworks_PrismaCloudCompute.yml @@ -1960,6 +1960,8 @@ script: - contextPath: PrismaCloudCompute.Backups.Time description: The time of the backup. type: Date + - description: Use this command to unstuck the fetch stream in case it's getting duplicated incidents. + name: prisma-cloud-compute-unstuck-fetch-stream tests: - PaloAltoNetworks_PrismaCloudCompute-Test fromversion: 5.0.0 diff --git a/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/README.md b/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/README.md index 7d4a486e5ef8..d843584b4fa5 100644 --- a/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/README.md +++ b/Packs/PrismaCloudCompute/Integrations/PaloAltoNetworks_PrismaCloudCompute/README.md @@ -3305,3 +3305,31 @@ Returns the available backups. >| monthly-22.12.585-1679972425.tar.gz | monthly | 22.12.585 | 2023-03-28T03:00:25Z | >| weekly-22.12.585-1681184909.tar.gz | weekly | 22.12.585 | 2023-04-11T03:48:29Z | +### prisma-cloud-compute-unstuck-fetch-stream + +*** +Use this command to unstuck the fetch stream in case it's getting duplicated incidents. + +#### Base Command + +`prisma-cloud-compute-unstuck-fetch-stream` + +#### Input + +- No input. + +#### Context Output + +- No context output for this command. + +#### Command example +```!prisma-cloud-compute-unstuck-fetch-stream``` + + +#### Human Readable Output + +```The fetch stream was released successfully.``` + +## General Note: +- Do not use the reset last run button as it will cause incidents duplications to the instance. +- In case you pressed reset last run button and you get duplicated incidents, run **prisma-cloud-compute-unstuck-fetch-stream** command. diff --git a/Packs/PrismaCloudCompute/ReleaseNotes/1_4_11.md b/Packs/PrismaCloudCompute/ReleaseNotes/1_4_11.md new file mode 100644 index 000000000000..7ebab449d1c0 --- /dev/null +++ b/Packs/PrismaCloudCompute/ReleaseNotes/1_4_11.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Palo Alto Networks - Prisma Cloud Compute + +- Added the **prisma-cloud-compute-unstuck-fetch-stream** command. Use this command to unstuck the fetch stream in case it's getting duplicated incidents. \ No newline at end of file diff --git a/Packs/PrismaCloudCompute/pack_metadata.json b/Packs/PrismaCloudCompute/pack_metadata.json index 628f8de8af7f..173427d29360 100644 --- a/Packs/PrismaCloudCompute/pack_metadata.json +++ b/Packs/PrismaCloudCompute/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Prisma Cloud Compute by Palo Alto Networks", "description": "Use the Prisma Cloud Compute integration to fetch incidents from your Prisma Cloud Compute environment.", "support": "xsoar", - "currentVersion": "1.4.10", + "currentVersion": "1.4.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",