diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index fa2edb2e3ffc..468df13e3863 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -1701,7 +1701,7 @@ def generate_status_fields(endpoint_status): status = '' is_isolated = '' - if endpoint_status == 'normal': + if endpoint_status.lower() == 'normal': status = 'Online' elif endpoint_status == 'containment_pending': is_isolated = 'Pending isolation' @@ -1709,7 +1709,8 @@ def generate_status_fields(endpoint_status): is_isolated = 'Yes' elif endpoint_status == 'lift_containment_pending': is_isolated = 'Pending unisolation' - + else: + raise DemistoException(f'Error: Unknown endpoint status was given: {endpoint_status}') return status, is_isolated diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml index 12786c4d2710..7d456f7452b6 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.yml @@ -88,7 +88,7 @@ script: isArray: false name: status predefined: - - Normal + - normal - containment_pending - contained - lift_containment_pending diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py index 86da8d7ac7c2..63e4e7e98337 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py @@ -2240,8 +2240,9 @@ def test_new_fetch(self, set_up_mocks, mocker, requests_mock): Then: The `first_behavior_time` changes and no `offset` is added. """ - mocker.patch.object(demisto, 'getLastRun', return_value={'first_behavior_detection_time': - '2020-09-04T09:16:10Z', 'detection_offset': 2}) + mocker.patch.object(demisto, 'getLastRun', + return_value={'first_behavior_detection_time': '2020-09-04T09:16:10Z', + 'detection_offset': 2}) # Override post to have 1 results so FETCH_LIMIT won't be reached requests_mock.post(f'{SERVER_URL}/detects/entities/summaries/GET/v1', json={'resources': [{'detection_id': 'ldt:1', @@ -2945,3 +2946,39 @@ def test_list_host_group_members(requests_mock): expected_results = load_json('test_data/expected_list_hostgroup_members_results.json') for expected_results, ectual_results in zip(expected_results, command_results.outputs): assert expected_results == ectual_results + + +@pytest.mark.parametrize('endpoint_status, status, is_isolated', + [('Normal', 'Online', ''), + ('normal', 'Online', ''), + ('containment_pending', '', 'Pending isolation'), + ('contained', '', 'Yes'), + ('lift_containment_pending', '', 'Pending unisolation'), + ]) +def test_generate_status_field(endpoint_status, status, is_isolated): + """ + Test valid call for generate status field + Given + - valid status + When + - Calling generate_status_field function + Then + - Return status and is_isolated + """ + from CrowdStrikeFalcon import generate_status_fields + assert (status, is_isolated) == generate_status_fields(endpoint_status) + + +def test_generate_status_field_invalid(): + """ + Test invalid call for generate status field + Given + - invalid status + When + - Calling generate_status_field function + Then + - Raise an exception + """ + from CrowdStrikeFalcon import generate_status_fields + with pytest.raises(DemistoException): + generate_status_fields('unknown status') diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_3_2.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_3_2.md new file mode 100644 index 000000000000..1f9763c5ab03 --- /dev/null +++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_3_2.md @@ -0,0 +1,4 @@ + +#### Integrations +##### CrowdStrike Falcon +- Fixed an issue where the predefined values of the *status* argument in the command ***cs-falcon-search-device*** were incorrect. diff --git a/Packs/CrowdStrikeFalcon/pack_metadata.json b/Packs/CrowdStrikeFalcon/pack_metadata.json index 0685ea872f32..c52e5c2429e2 100644 --- a/Packs/CrowdStrikeFalcon/pack_metadata.json +++ b/Packs/CrowdStrikeFalcon/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon", "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.", "support": "xsoar", - "currentVersion": "1.3.1", + "currentVersion": "1.3.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",