crowdstrike falcon generate status fix (#15153)

Fixed an issue where the predefined values of **status** argument in command **cs-falcon-search-device** were incorrect.

Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py

@@ -1701,15 +1701,16 @@ def generate_status_fields(endpoint_status):
  status = ''
  is_isolated = ''
 
- if endpoint_status == 'normal':
+ if endpoint_status.lower() == 'normal':
  status = 'Online'
  elif endpoint_status == 'containment_pending':
  is_isolated = 'Pending isolation'
  elif endpoint_status == 'contained':
  is_isolated = 'Yes'
  elif endpoint_status == 'lift_containment_pending':
  is_isolated = 'Pending unisolation'
-
+ else:
+ raise DemistoException(f'Error: Unknown endpoint status was given: {endpoint_status}')
  return status, is_isolated
 
 

Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml

@@ -88,7 +88,7 @@ script:
  isArray: false
  name: status
  predefined:
- - Normal
+ - normal
  - containment_pending
  - contained
  - lift_containment_pending

Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py

@@ -2240,8 +2240,9 @@ def test_new_fetch(self, set_up_mocks, mocker, requests_mock):
  Then:
  The `first_behavior_time` changes and no `offset` is added.
  """
- mocker.patch.object(demisto, 'getLastRun', return_value={'first_behavior_detection_time':
- '2020-09-04T09:16:10Z', 'detection_offset': 2})
+ mocker.patch.object(demisto, 'getLastRun',
+ return_value={'first_behavior_detection_time': '2020-09-04T09:16:10Z',
+ 'detection_offset': 2})
  # Override post to have 1 results so FETCH_LIMIT won't be reached
  requests_mock.post(f'{SERVER_URL}/detects/entities/summaries/GET/v1',
  json={'resources': [{'detection_id': 'ldt:1',
@@ -2945,3 +2946,39 @@ def test_list_host_group_members(requests_mock):
  expected_results = load_json('test_data/expected_list_hostgroup_members_results.json')
  for expected_results, ectual_results in zip(expected_results, command_results.outputs):
  assert expected_results == ectual_results
+
+
+@pytest.mark.parametrize('endpoint_status, status, is_isolated',
+ [('Normal', 'Online', ''),
+ ('normal', 'Online', ''),
+ ('containment_pending', '', 'Pending isolation'),
+ ('contained', '', 'Yes'),
+ ('lift_containment_pending', '', 'Pending unisolation'),
+ ])
+def test_generate_status_field(endpoint_status, status, is_isolated):
+ """
+ Test valid call for generate status field
+ Given
+ - valid status
+ When
+ - Calling generate_status_field function
+ Then
+ - Return status and is_isolated
+ """
+ from CrowdStrikeFalcon import generate_status_fields
+ assert (status, is_isolated) == generate_status_fields(endpoint_status)
+
+
+def test_generate_status_field_invalid():
+ """
+ Test invalid call for generate status field
+ Given
+ - invalid status
+ When
+ - Calling generate_status_field function
+ Then
+ - Raise an exception
+ """
+ from CrowdStrikeFalcon import generate_status_fields
+ with pytest.raises(DemistoException):
+ generate_status_fields('unknown status')

Packs/CrowdStrikeFalcon/ReleaseNotes/1_3_2.md

@@ -0,0 +1,4 @@
+
+#### Integrations
+##### CrowdStrike Falcon
+- Fixed an issue where the predefined values of the *status* argument in the command ***cs-falcon-search-device*** were incorrect.

Packs/CrowdStrikeFalcon/pack_metadata.json

@@ -2,7 +2,7 @@
  "name": "CrowdStrike Falcon",
  "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.",
  "support": "xsoar",
- "currentVersion": "1.3.1",
+ "currentVersion": "1.3.2",
  "author": "Cortex XSOAR",
  "url": "https://www.paloaltonetworks.com/cortex",
  "email": "",