From e6a6b410a429f687e3284f067a3f670b77a4331f Mon Sep 17 00:00:00 2001 From: Andrew Shamah <42912128+amshamah419@users.noreply.github.com> Date: Mon, 25 Nov 2024 16:12:42 +0200 Subject: [PATCH] Add debugging logs to Sophos fetch incidents command (#36848) * Add debugging logs for fetch * Update mapper --- ...ssifier-mapper-incoming-SophosCentral.json | 26 +++++++++---------- .../SophosCentral/SophosCentral.py | 5 ++++ .../SophosCentral/SophosCentral.yml | 2 +- Packs/SophosCentral/ReleaseNotes/1_3_3.md | 12 +++++++++ Packs/SophosCentral/pack_metadata.json | 2 +- 5 files changed, 32 insertions(+), 15 deletions(-) create mode 100644 Packs/SophosCentral/ReleaseNotes/1_3_3.md diff --git a/Packs/SophosCentral/Classifiers/classifier-mapper-incoming-SophosCentral.json b/Packs/SophosCentral/Classifiers/classifier-mapper-incoming-SophosCentral.json index c3d27e4e4842..5f0373e6d40d 100644 --- a/Packs/SophosCentral/Classifiers/classifier-mapper-incoming-SophosCentral.json +++ b/Packs/SophosCentral/Classifiers/classifier-mapper-incoming-SophosCentral.json @@ -12,7 +12,7 @@ "filters": [ ], - "root": "Description", + "root": "description", "transformers": [ { "args": { @@ -44,7 +44,7 @@ "filters": [ ], - "root": "Description", + "root": "description", "transformers": [ { "args": { @@ -76,7 +76,7 @@ "filters": [ ], - "root": "Description", + "root": "description", "transformers": [ { "args": { @@ -113,7 +113,7 @@ "filters": [ ], - "root": "ManagedAgentId", + "root": "managedAgentId", "transformers": [ ] @@ -126,7 +126,7 @@ "filters": [ ], - "root": "Id", + "root": "id", "transformers": [ ] @@ -139,7 +139,7 @@ "filters": [ ], - "root": "Description", + "root": "description", "transformers": [ ] @@ -152,7 +152,7 @@ "filters": [ ], - "root": "Type", + "root": "type", "transformers": [ { "args": { @@ -187,7 +187,7 @@ "filters": [ ], - "root": "TenantName", + "root": "tenantName", "transformers": [ ] @@ -200,7 +200,7 @@ "filters": [ ], - "root": "Person", + "root": "person", "transformers": [ ] @@ -213,7 +213,7 @@ "filters": [ ], - "root": "Category", + "root": "category", "transformers": [ ] @@ -226,7 +226,7 @@ "filters": [ ], - "root": "Description", + "root": "description", "transformers": [ { "args": { @@ -258,7 +258,7 @@ "filters": [ ], - "root": "RaisedAt", + "root": "raisedAt", "transformers": [ ] @@ -271,7 +271,7 @@ "filters": [ ], - "root": "Severity", + "root": "severity", "transformers": [ ] diff --git a/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.py b/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.py index 6af1311a4051..027dc81f720c 100644 --- a/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.py +++ b/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.py @@ -3287,12 +3287,15 @@ def fetch_incidents( Returns: Tuple of next_run (millisecond timestamp) and the incidents list """ + demisto.debug(f"Fetching incidents with last_run: {last_run}") last_fetch_timestamp = last_run.get("last_fetch", None) if last_fetch_timestamp: + demisto.debug(f"Last fetch time: {last_fetch_timestamp}") last_fetch_date = datetime.fromtimestamp(last_fetch_timestamp / 1000) last_fetch = last_fetch_date else: + demisto.debug(f"First fetch time: {first_fetch_time}") first_fetch_time_date = dateparser.parse(first_fetch_time) assert first_fetch_time_date is not None, f'could not parse {first_fetch_time}' first_fetch_date = first_fetch_time_date.replace(tzinfo=None) @@ -3330,10 +3333,12 @@ def fetch_incidents( } incidents.append(incident) if incidents: + demisto.debug(f"Found {len(incidents)} incidents.") last_incident_time = incidents[-1].get("occurred", "") next_run = datetime.strptime(last_incident_time, DATE_FORMAT) next_run += timedelta(milliseconds=1) next_run_timestamp = int(datetime.timestamp(next_run) * 1000) + demisto.debug(f"Next run: {next_run_timestamp}") return {"last_fetch": next_run_timestamp}, incidents diff --git a/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.yml b/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.yml index 52555c092ec4..86e188b9c3f8 100644 --- a/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.yml +++ b/Packs/SophosCentral/Integrations/SophosCentral/SophosCentral.yml @@ -2415,7 +2415,7 @@ script: - contextPath: SophosCentral.DeletedUsers.deletedUserId description: Deleted User's Id. type: String - dockerimage: demisto/python3:3.11.9.101916 + dockerimage: demisto/python3:3.11.10.116949 isfetch: true runonce: false script: '-' diff --git a/Packs/SophosCentral/ReleaseNotes/1_3_3.md b/Packs/SophosCentral/ReleaseNotes/1_3_3.md new file mode 100644 index 000000000000..6cfe9d2a728d --- /dev/null +++ b/Packs/SophosCentral/ReleaseNotes/1_3_3.md @@ -0,0 +1,12 @@ + +#### Integrations + +##### Sophos Central +- Updated the Docker image to: *demisto/python3:3.11.10.116949*. +- Added additional logging to better diagnose fetch issues. + +#### Mappers + +##### Sophos Central - Incoming Mapper + +- Fixed an issue where the incoming mapper would not correctly parse the given fields. diff --git a/Packs/SophosCentral/pack_metadata.json b/Packs/SophosCentral/pack_metadata.json index 2f38cdb7009c..53509143dadb 100644 --- a/Packs/SophosCentral/pack_metadata.json +++ b/Packs/SophosCentral/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Sophos Central", "description": "The unified console for managing Sophos products", "support": "xsoar", - "currentVersion": "1.3.2", + "currentVersion": "1.3.3", "author": "Sophos", "url": "", "email": "",