Skip to content

XSUP-53101 #40703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 29 commits into from
Jul 28, 2025
Merged

XSUP-53101 #40703

merged 29 commits into from
Jul 28, 2025

Conversation

talzich
Copy link
Contributor

@talzich talzich commented Jul 23, 2025

Status

  • In Progress
  • Ready
  • In Hold - (Reason for hold)

Related Issues

fixes: https://jira-dc.paloaltonetworks.com/browse/XSUP-53101

Description

This PR adds a client-side filter to handle the CrowdStrike Falcon API returning incidents older than the specified fetch_time. This patch ensures we only process incidents from the correct time period by filtering out the incorrect, older data after it's received from the API.

Must have

  • Tests
  • Documentation

@talzich talzich requested a review from AradCarmi July 23, 2025 11:52
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 23, 2025
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon
   CrowdStrikeFalcon.py296658880%454–455, 593, 618, 658, 669, 709–710, 712–713, 731, 843–846, 870–871, 873–875, 878–879, 904–905, 907–909, 912–913, 958–960, 963–964, 966–968, 971–972, 987, 1018–1027, 1048, 1122, 1155–1156, 1158–1161, 1198, 1223, 1287–1288, 1290–1293, 1307–1312, 1326–1327, 1329–1332, 1357, 1359, 1361–1362, 1372, 1374, 1376–1377, 1472, 1577, 1581, 1609, 1611, 1633–1634, 1673, 1725, 1729, 1819, 1829–1830, 1832–1833, 1836, 1838, 1840–1841, 1875, 1884, 1886, 1926, 1928, 1954–1955, 1987, 1989, 2118, 2124, 2135–2138, 2147–2151, 2202–2205, 2214–2217, 2233, 2269, 2273–2277, 2280, 2317–2318, 2321, 2325–2327, 2331–2333, 2346, 2519, 2525–2528, 2534, 2537, 2540–2541, 2546–2548, 2550, 2559, 2561, 2647–2649, 2651–2653, 2659–2661, 2773, 2778, 2782, 2786, 2790, 2794, 2834, 2839–2841, 2843, 2846, 2848–2849, 2894–2896, 2899–2901, 2903, 2924, 3052–3053, 3062, 3066, 3142–3143, 3152, 3156, 3303–3304, 3309, 3311, 3315, 3335, 3359, 3427–3428, 3430, 3440, 3444–3445, 3447–3448, 3450, 3460, 3464–3465, 3467–3468, 3470, 3480, 3499–3500, 3502–3503, 3505, 3515, 3518–3519, 3521–3522, 3524, 3534, 3608, 3616, 3620, 3812–3813, 4013, 4113–4115, 4158–4163, 4237–4240, 4313, 4320, 4358, 4461, 4496, 4515, 4529, 4543–4546, 4561–4565, 4567–4568, 4570–4571, 4583–4586, 4609, 4654, 4660, 4691–4699, 4701–4702, 4710–4713, 4715–4722, 4724–4725, 4727–4729, 4731–4733, 4735–4738, 4740, 4742, 4744, 4754–4762, 4764–4777, 4785–4788, 4796–4799, 4835–4838, 4855–4860, 4862–4863, 4865–4872, 4884–4886, 5089–5091, 5099, 5121–5124, 5138, 5165–5168, 5189, 5219–5222, 5246–5247, 5257, 5270–5271, 5273, 5282–5285, 5326–5327, 5345–5348, 5395–5398, 5431, 5436–5437, 5479, 5481–5482, 5527–5528, 5534, 5552–5553, 5568–5569, 5588, 5601–5603, 5613–5615, 5634, 5640, 5677–5679, 5689–5691, 5696, 5725–5734, 5771, 5849–5852, 5856–5857, 5861–5864, 5868–5869, 5884–5886, 5888–5889, 5891–5893, 5904, 5918–5922, 5986–5988, 5990, 5993, 5995, 5998, 6000–6002, 6004, 6006–6007, 6011–6015, 6018, 6021–6022, 6026–6027, 6029–6034, 6113, 6240, 6573, 6613, 6626, 6704, 6706, 6715, 6721, 6782, 6788, 6792, 6794, 6806, 6812, 6817, 6819–6820, 6822–6824, 6826, 6834, 6850, 6859, 6865, 6882, 6888, 6892, 6894–6895, 6897–6899, 6901, 6909, 6937, 6943, 6947, 6949, 6958, 6964, 6969, 6971–6972, 6974–6976, 6978, 6986, 7036, 7038–7039, 7041–7042, 7044, 7085–7086, 7088–7089, 7096, 7098, 7103, 7182, 7221–7222, 7228–7229, 7233, 7310, 7372, 7425, 7557, 7644–7645, 7647, 7649
TOTAL296658880% 

Tests Skipped Failures Errors Time
367 0 💤 0 ❌ 0 🔥 5.962s ⏱️

AradCarmi
AradCarmi requested changes Jul 23, 2025
View reviewed changes
Copy link
Contributor

@AradCarmi AradCarmi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great Job!
Please add UT.

@talzich talzich added docs-approved ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines labels Jul 23, 2025
AradCarmi
AradCarmi requested changes Jul 27, 2025
View reviewed changes
Copy link
Contributor

@AradCarmi AradCarmi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hopefully last notes.

@content-bot
Copy link
Collaborator

Validate summary
The following errors were thrown as a part of this pr: .
If the AG100 validation in the pre-commit GitHub Action fails, the pull request cannot be force-merged.

Verdict: PR can be force merged from validate perspective? ✅

@talzich talzich merged commit 27bc11e into master Jul 28, 2025
17 checks passed
@talzich talzich deleted the XSUP-53101 branch July 28, 2025 12:23
xsoar-bot pushed a commit to xsoar-contrib/content that referenced this pull request Sep 17, 2025
@talzich @AradCarmi @xsoar-bot
XSUP-53101 (demisto#40703)
842a1d4 
* add logs

* Possible fix

* pre-commit

* ruff

* small fixes

* ruff

* rn

* Docker image

* Update Packs/CrowdStrikeFalcon/ReleaseNotes/2_3_3.md

Co-authored-by: Arad Carmi <[email protected]>

* Address CR

* UT

* ruff

* RN Fix

* RN

* UT

* Fix UT

---------

Co-authored-by: Arad Carmi <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AradCarmi AradCarmi AradCarmi approved these changes

Assignees
No one assigned
Labels
docs-approved ready-for-pipeline-running Whether the pr is ready for running the whole pipeline, including testing on SAAS machines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@talzich @content-bot @AradCarmi