Merge pull request #50 from splunk-soar-connectors/tcihak-PAPP-34356

PAPP-34356 initial code update for new list alerts api
splunk-soar-connectors · Oct 15, 2024 · e27c377 · e27c377
2 parents 6800877 + f0fe863
commit e27c377
Show file tree

Hide file tree

Showing 14 changed files with 1,399 additions and 1,384 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.23
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^crowdstrikeoauthapi.json$']
diff --git a/LICENSE b/LICENSE
@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/README.md b/README.md
@@ -2,11 +2,11 @@
 # CrowdStrike OAuth API
 
 Publisher: Splunk  
-Connector Version: 4.2.0  
+Connector Version: 4.3.0  
 Product Vendor: CrowdStrike  
 Product Name: CrowdStrike  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.1  
+Minimum Product Version: 6.2.1  
 
 This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data
 
@@ -237,6 +237,28 @@ Identifier. This is the value of the SDI of the main event that the sub-events w
 
 ## Notes
 
+
+-   **Action -** List Alerts
+
+<!-- -->
+
+-   The filter parameter values follow the [FQL
+    Syntax](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-fql-reference)
+    .
+-   The sort parameter value has to be provided in the format property_name.asc for ascending and
+    property_name.desc for descending order.
+
+-   The `include_hidden` parameter has been added to the action as it's behavior in the API has changed. In the
+    prior API version, the default behavior of the `include_hidden` parameter was either not supported or defaulted
+    to `false`. The latest version of the API now defaults `include_hidden` to `true` if it is not included in
+    the API call. Therefore, we have included this parameter in the action configuration and set it to `false` by
+    default in order to keep the action behavior consistent with the previous app version. Hidden alerts can be
+    identified by the `show_in_ui` field of an alert object.
+
+    If you experience any `list alerts` action failures in an existing playbook that passed in the previous version
+    of the app, you may need to edit the action in the playbook and then save. This will then add the `include_hidden`
+    field to the playbook action.
+
 -   **Action -** List Groups
 
 <!-- -->
@@ -1146,6 +1168,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **limit** |  optional  | Maximum alerts to be fetched | numeric | 
 **filter** |  optional  | Filter expression used to limit the fetched alerts (FQL Syntax) | string | 
 **sort** |  optional  | Property to sort by | string | 
+**include_hidden** |  optional  | Include hidden alerts | boolean | 
 
 #### Action Output
 DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
@@ -1190,7 +1213,8 @@ action_result.data.\*.updated_timestamp | string |  |   2022-11-16T09:47:26.5611
 action_result.summary.total_alerts | numeric |  |   50 
 action_result.message | string |  |   Total alerts: 50 
 summary.total_objects | numeric |  |   1 
-summary.total_objects_successful | numeric |  |   1   
+summary.total_objects_successful | numeric |  |   1 
+action_result.parameter.include_hidden | numeric |  |   True   
 
 ## action: 'list sessions'
 Lists Real Time Response sessions