From 631b327edee285816feca472bd8ebdfa127bba23 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Mon, 8 Sep 2025 10:15:46 +0300 Subject: [PATCH 01/10] init --- .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index 6ae6d1f80f4e..7a0adfb17152 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -13,12 +13,9 @@ import requests -# Disable insecure warnings -import urllib3 from gql import Client, gql from gql.transport.requests import RequestsHTTPTransport -urllib3.disable_warnings() """ GLOBALS/PARAMS """ VENDOR = "CrowdStrike" PRODUCT = "Falcon_Event" From c4bb3142b312cbc5d76c1c9fb0e81a6fce37262a Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Mon, 8 Sep 2025 16:57:55 +0300 Subject: [PATCH 02/10] init --- .../Base/Scripts/CommonServerPython/CommonServerPython.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index afc1360c5187..7131cf746e44 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -11697,6 +11697,10 @@ def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): deletion_threshold_in_seconds = look_back_in_seconds * 2 new_found_incidents_ids = {} + + latest_incident = max(found_incidents_ids, key=lambda x: datetime.fromisoformat(found_incidents_ids.get(x))) + latest_incident_time = found_incidents_ids[latest_incident] + for inc_id, addition_time in found_incidents_ids.items(): if current_time - addition_time <= deletion_threshold_in_seconds: @@ -11708,6 +11712,8 @@ def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): inc_id, addition_time, deletion_threshold_in_seconds)) demisto.debug('lb: Number of new found ids: {}, their ids: {}'.format( len(new_found_incidents_ids), new_found_incidents_ids.keys())) + + new_found_incidents_ids[latest_incident] = latest_incident_time return new_found_incidents_ids @@ -12891,7 +12897,7 @@ def __exit__(self, exc_type, exc_val, exc_tb): demisto.debug("Resetting timed signal") signal.alarm(0) # Cancel SIGALRM if it's scheduled return exc_type is SignalTimeoutError # True if a timeout is reacched, False otherwise - + @classmethod def limit_time(cls, seconds, default_return_value=None): """ From 7a44504ba2247ce6ba3754ded84b5409f3bdd2e2 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Tue, 9 Sep 2025 13:08:33 +0300 Subject: [PATCH 03/10] init --- .../CommonServerPython/CommonServerPython.py | 10 ++-- .../CommonServerPython_test.py | 49 +++++++++++++------ .../CrowdStrikeFalcon/CrowdStrikeFalcon.py | 3 ++ 3 files changed, 40 insertions(+), 22 deletions(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index 7131cf746e44..7fccebd798fa 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -11697,13 +11697,12 @@ def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): deletion_threshold_in_seconds = look_back_in_seconds * 2 new_found_incidents_ids = {} - - latest_incident = max(found_incidents_ids, key=lambda x: datetime.fromisoformat(found_incidents_ids.get(x))) - latest_incident_time = found_incidents_ids[latest_incident] - + latest_incident_time = max(found_incidents_ids.values() or [current_time]) + demisto.debug('lb: latest_incident_time is {}'.format(latest_incident_time)) + for inc_id, addition_time in found_incidents_ids.items(): - if current_time - addition_time <= deletion_threshold_in_seconds: + if current_time - addition_time <= deletion_threshold_in_seconds or addition_time == latest_incident_time: new_found_incidents_ids[inc_id] = addition_time demisto.debug('lb: Adding incident id: {}, its addition time: {}, deletion_threshold_in_seconds: {}'.format( inc_id, addition_time, deletion_threshold_in_seconds)) @@ -11713,7 +11712,6 @@ def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): demisto.debug('lb: Number of new found ids: {}, their ids: {}'.format( len(new_found_incidents_ids), new_found_incidents_ids.keys())) - new_found_incidents_ids[latest_incident] = latest_incident_time return new_found_incidents_ids diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index ff6b6fb3b1b4..66d7278efe1d 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -1020,7 +1020,7 @@ def test_list_integers(): Then: Validate that the script ran successfully. """ - data = {'key': 'value', 'listtest': [1, 2, 3, 4]} + data = {'key': 'value', 'listtest': [1, 2, 3, 4]} table = tableToMarkdown("tableToMarkdown test", data, sort_headers=False, is_auto_json_transform=True) assert table @@ -3787,7 +3787,7 @@ def test_return_outputs_text_raw_response(self, mocker): pytest.param('on', True, id='string_on_lowercase'), pytest.param('ON', True, id='string_on_uppercase'), pytest.param('1', True, id='string_one'), - + # False values pytest.param('false', False, id='string_false_lowercase'), pytest.param('no', False, id='string_no_lowercase'), @@ -8694,6 +8694,23 @@ def test_calculate_new_offset(self): assert calculate_new_offset(1, 2, 3) == 0 assert calculate_new_offset(1, 2, None) == 3 + def test_remove_old_incidents_ids(self): + """ + Test that the remove_old_incidents_ids function removes old incident IDs from the last run object. + Given: + A last run object with incident IDs and their addition times. + When: + Calling remove_old_incidents_ids with the last run object and a look back period. + Then: + Make sure that the old incident IDs are removed from the last run object and the latest incident IDs is returned. + """ + from CommonServerPython import remove_old_incidents_ids + + assert remove_old_incidents_ids( + {"inc1": "2020-01-01T00:00:00Z", "inc2": "2020-01-02T00:00:00Z", "inc3": "2020-01-03T00:00:00Z"}, 1800000000, 1) == {"inc3": "2020-01-03T00:00:00Z"} + assert remove_old_incidents_ids( + {"inc1": "2020-01-01T00:00:00Z", "inc2": "2020-01-02T00:00:00Z", "inc3": "2020-01-02T00:00:00Z"}, 1800000000, 2) == {"inc2": "2020-01-02T00:00:00Z", "inc3": "2020-01-02T00:00:00Z"} + class TestTracebackLineNumberAdgustment: @staticmethod @@ -9773,12 +9790,12 @@ def test_censor_request_logs(request_log, expected_output): case 3: A request log with a sensitive data under the 'Authorization' header, but with no 'Bearer' prefix. case 4: A request log with a sensitive data under the 'Authorization' header, but with no 'send b' prefix at the beginning. case 5: A request log with no sensitive data. - case 6: A request log with a sensitive data under the 'Authorization' header, with a "LOG" prefix (which used in cases + case 6: A request log with a sensitive data under the 'Authorization' header, with a "LOG" prefix (which used in cases like HMAC signature authentication). When: Running censor_request_logs function. Then: - Assert the function returns the exactly same log with the sensitive data masked. + Assert the function returns the exactly same log with the sensitive data masked. """ assert censor_request_logs(request_log) == expected_output @@ -9953,18 +9970,18 @@ def test_get_server_config_fail(mocker): "Test-instanec-without-xsoar-engine-configures" ]) def test_is_integration_instance_running_on_engine(mocker, instance_name, expected_result): - """ Tests the 'is_integration_instance_running_on_engine' function's logic. + """ Tests the 'is_integration_instance_running_on_engine' function's logic. - Given: + Given: 1. A name of an instance that has an engine configured (and relevant mocked responses). 2. A name of an instance that doesn't have an engine configured (and relevant mocked responses). - When: - - Running the 'is_integration_instance_running_on_engine' funcution. + When: + - Running the 'is_integration_instance_running_on_engine' funcution. Then: - - Verify that: - 1. The result is the engine's id. + - Verify that: + 1. The result is the engine's id. 2. The result is an empty string. """ mock_response = { @@ -9980,14 +9997,14 @@ def test_is_integration_instance_running_on_engine(mocker, instance_name, expect def test_get_engine_base_url(mocker): - """ Tests the 'get_engine_base_url' function's logic. + """ Tests the 'get_engine_base_url' function's logic. - Given: + Given: - Mocked response of the internalHttpRequest call for the '/engines' endpoint, including 2 engines. - - An id of an engine. + - An id of an engine. - When: - - Running the 'is_integration_instance_running_on_engine' funcution. + When: + - Running the 'is_integration_instance_running_on_engine' funcution. Then: - Verify that base url of the given engine id was returened. @@ -10659,5 +10676,5 @@ def test_execution_timeout_decorator(sleep_time, expected_return_value): def do_logic(): time.sleep(sleep_time) return "I AM DONE" - + assert do_logic() == expected_return_value diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index 7a0adfb17152..6ae6d1f80f4e 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -13,9 +13,12 @@ import requests +# Disable insecure warnings +import urllib3 from gql import Client, gql from gql.transport.requests import RequestsHTTPTransport +urllib3.disable_warnings() """ GLOBALS/PARAMS """ VENDOR = "CrowdStrike" PRODUCT = "Falcon_Event" From 61eface41131a4f787ea763faf0cfc2fa7b16374 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Wed, 10 Sep 2025 11:21:24 +0300 Subject: [PATCH 04/10] TEMP: add remove_old_incidents_ids to CrowdStrike --- .../CrowdStrikeFalcon/CrowdStrikeFalcon.py | 40 +++++++++++++++++++ .../CrowdStrikeFalcon_test.py | 18 +++++++++ 2 files changed, 58 insertions(+) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index 6ae6d1f80f4e..7f98e45cc6a8 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -1,6 +1,46 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * +# TEMP: here to replace the function remove_old_incidents_ids from CommonServerPython +def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): + """ + Removes old incident ids from the last run object to avoid overloading. + + :type found_incidents_ids: ``dict`` + :param found_incidents_ids: Dict of incidents ids + + :type current_time: ``int`` + :param current_time: The current epoch time to compare with the existing IDs added time + + :type look_back: ``int`` + :param look_back: The look back time in minutes + + :return: The new incidents ids + :rtype: ``dict`` + """ + demisto.debug('lb: Remove old incidents ids, current time is {}'.format(current_time)) + look_back_in_seconds = look_back * 60 + deletion_threshold_in_seconds = look_back_in_seconds * 2 + + new_found_incidents_ids = {} + latest_incident_time = max(found_incidents_ids.values() or [current_time]) + demisto.debug('lb: latest_incident_time is {}'.format(latest_incident_time)) + + for inc_id, addition_time in found_incidents_ids.items(): + + if current_time - addition_time <= deletion_threshold_in_seconds or addition_time == latest_incident_time: + new_found_incidents_ids[inc_id] = addition_time + demisto.debug('lb: Adding incident id: {}, its addition time: {}, deletion_threshold_in_seconds: {}'.format( + inc_id, addition_time, deletion_threshold_in_seconds)) + else: + demisto.debug('lb: Removing incident id: {}, its addition time: {}, deletion_threshold_in_seconds: {}'.format( + inc_id, addition_time, deletion_threshold_in_seconds)) + demisto.debug('lb: Number of new found ids: {}, their ids: {}'.format( + len(new_found_incidents_ids), new_found_incidents_ids.keys())) + + return new_found_incidents_ids + + """ IMPORTS """ import base64 import email diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py index cade8571f321..c03b3bea962f 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py @@ -22,6 +22,24 @@ SERVER_URL = "https://4.4.4.4" +def test_remove_old_incidents_ids(): + """ + Test that the remove_old_incidents_ids function removes old incident IDs from the last run object. + Given: + A last run object with incident IDs and their addition times. + When: + Calling remove_old_incidents_ids with the last run object and a look back period. + Then: + Make sure that the old incident IDs are removed from the last run object and the latest incident IDs is returned. + """ + from CrowdStrikeFalcon import remove_old_incidents_ids + + assert remove_old_incidents_ids( + {"inc1": 1, "inc2": 2, "inc3": 3}, 1800000000, 1) == {"inc3": 3} + assert remove_old_incidents_ids( + {"inc1": 1, "inc2": 2, "inc3": 2}, 1800000000, 2) == {"inc2": 2, "inc3": 2} + + def create_empty_last_run(length: int) -> list[dict]: """ Creates an empty last_run data structure for fetch operations. From d4325921a0b33bb0347dfc40946cf864edfad1b3 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Wed, 17 Sep 2025 11:09:10 +0300 Subject: [PATCH 05/10] undo override --- .../CrowdStrikeFalcon/CrowdStrikeFalcon.py | 40 ------------------- 1 file changed, 40 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py index 7f98e45cc6a8..6ae6d1f80f4e 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py @@ -1,46 +1,6 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * -# TEMP: here to replace the function remove_old_incidents_ids from CommonServerPython -def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): - """ - Removes old incident ids from the last run object to avoid overloading. - - :type found_incidents_ids: ``dict`` - :param found_incidents_ids: Dict of incidents ids - - :type current_time: ``int`` - :param current_time: The current epoch time to compare with the existing IDs added time - - :type look_back: ``int`` - :param look_back: The look back time in minutes - - :return: The new incidents ids - :rtype: ``dict`` - """ - demisto.debug('lb: Remove old incidents ids, current time is {}'.format(current_time)) - look_back_in_seconds = look_back * 60 - deletion_threshold_in_seconds = look_back_in_seconds * 2 - - new_found_incidents_ids = {} - latest_incident_time = max(found_incidents_ids.values() or [current_time]) - demisto.debug('lb: latest_incident_time is {}'.format(latest_incident_time)) - - for inc_id, addition_time in found_incidents_ids.items(): - - if current_time - addition_time <= deletion_threshold_in_seconds or addition_time == latest_incident_time: - new_found_incidents_ids[inc_id] = addition_time - demisto.debug('lb: Adding incident id: {}, its addition time: {}, deletion_threshold_in_seconds: {}'.format( - inc_id, addition_time, deletion_threshold_in_seconds)) - else: - demisto.debug('lb: Removing incident id: {}, its addition time: {}, deletion_threshold_in_seconds: {}'.format( - inc_id, addition_time, deletion_threshold_in_seconds)) - demisto.debug('lb: Number of new found ids: {}, their ids: {}'.format( - len(new_found_incidents_ids), new_found_incidents_ids.keys())) - - return new_found_incidents_ids - - """ IMPORTS """ import base64 import email From 9ae4fac07f46eddf809c891e9f8d27918d6542da Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Wed, 17 Sep 2025 11:11:40 +0300 Subject: [PATCH 06/10] undo override test --- .../CrowdStrikeFalcon_test.py | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py index c03b3bea962f..cade8571f321 100644 --- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py +++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon_test.py @@ -22,24 +22,6 @@ SERVER_URL = "https://4.4.4.4" -def test_remove_old_incidents_ids(): - """ - Test that the remove_old_incidents_ids function removes old incident IDs from the last run object. - Given: - A last run object with incident IDs and their addition times. - When: - Calling remove_old_incidents_ids with the last run object and a look back period. - Then: - Make sure that the old incident IDs are removed from the last run object and the latest incident IDs is returned. - """ - from CrowdStrikeFalcon import remove_old_incidents_ids - - assert remove_old_incidents_ids( - {"inc1": 1, "inc2": 2, "inc3": 3}, 1800000000, 1) == {"inc3": 3} - assert remove_old_incidents_ids( - {"inc1": 1, "inc2": 2, "inc3": 2}, 1800000000, 2) == {"inc2": 2, "inc3": 2} - - def create_empty_last_run(length: int) -> list[dict]: """ Creates an empty last_run data structure for fetch operations. From a757eb00255c02e34f9a293bf022abcbec981ff8 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Wed, 17 Sep 2025 11:26:43 +0300 Subject: [PATCH 07/10] pre-commit --- Packs/Base/ReleaseNotes/1_41_23.md | 6 ++++++ .../Scripts/CommonServerPython/CommonServerPython_test.py | 4 ++-- Packs/Base/pack_metadata.json | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 Packs/Base/ReleaseNotes/1_41_23.md diff --git a/Packs/Base/ReleaseNotes/1_41_23.md b/Packs/Base/ReleaseNotes/1_41_23.md new file mode 100644 index 000000000000..688f401c0ea0 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_41_23.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +- Fixed an issue where duplicate events were fetched. diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index 66d7278efe1d..7f193a71285a 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -8707,9 +8707,9 @@ def test_remove_old_incidents_ids(self): from CommonServerPython import remove_old_incidents_ids assert remove_old_incidents_ids( - {"inc1": "2020-01-01T00:00:00Z", "inc2": "2020-01-02T00:00:00Z", "inc3": "2020-01-03T00:00:00Z"}, 1800000000, 1) == {"inc3": "2020-01-03T00:00:00Z"} + {"inc1": 1, "inc2": 2, "inc3": 3}, 100, 1) == {"inc3": 3} assert remove_old_incidents_ids( - {"inc1": "2020-01-01T00:00:00Z", "inc2": "2020-01-02T00:00:00Z", "inc3": "2020-01-02T00:00:00Z"}, 1800000000, 2) == {"inc2": "2020-01-02T00:00:00Z", "inc3": "2020-01-02T00:00:00Z"} + {"inc1": 1, "inc2": 2, "inc3": 2}, 100, 1) == {"inc2": 2, "inc3": 2} class TestTracebackLineNumberAdgustment: diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index 966bb09c5c44..03fe61d9af3a 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.41.21", + "currentVersion": "1.41.23", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From ca02b3fc7cd5c16c0bf7f59081f5fc4da2c36119 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Wed, 17 Sep 2025 17:27:40 +0300 Subject: [PATCH 08/10] pre-commit --- .../Scripts/CommonServerPython/CommonServerPython_test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index 7f193a71285a..fe3c873099ad 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -8707,9 +8707,9 @@ def test_remove_old_incidents_ids(self): from CommonServerPython import remove_old_incidents_ids assert remove_old_incidents_ids( - {"inc1": 1, "inc2": 2, "inc3": 3}, 100, 1) == {"inc3": 3} + {"inc1": 1, "inc2": 2, "inc3": 3}, 1000, 1) == {"inc3": 3} assert remove_old_incidents_ids( - {"inc1": 1, "inc2": 2, "inc3": 2}, 100, 1) == {"inc2": 2, "inc3": 2} + {"inc1": 1, "inc2": 2, "inc3": 2}, 1000, 1) == {"inc2": 2, "inc3": 2} class TestTracebackLineNumberAdgustment: From 43ca376d0b0bf93261796216afb0be832eabeaa6 Mon Sep 17 00:00:00 2001 From: jlevypaloalto Date: Thu, 18 Sep 2025 15:49:55 +0300 Subject: [PATCH 09/10] CR changes --- .../Base/Scripts/CommonServerPython/CommonServerPython.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index 7fccebd798fa..1b76aeb0e994 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -11699,10 +11699,13 @@ def remove_old_incidents_ids(found_incidents_ids, current_time, look_back): new_found_incidents_ids = {} latest_incident_time = max(found_incidents_ids.values() or [current_time]) demisto.debug('lb: latest_incident_time is {}'.format(latest_incident_time)) - + for inc_id, addition_time in found_incidents_ids.items(): - if current_time - addition_time <= deletion_threshold_in_seconds or addition_time == latest_incident_time: + if ( + current_time - addition_time <= deletion_threshold_in_seconds + or addition_time == latest_incident_time # The latest IDs must be kept to avoid duplicate incidents + ): new_found_incidents_ids[inc_id] = addition_time demisto.debug('lb: Adding incident id: {}, its addition time: {}, deletion_threshold_in_seconds: {}'.format( inc_id, addition_time, deletion_threshold_in_seconds)) From cb7d185627dc55495938a9f3f3d5bf36d4715309 Mon Sep 17 00:00:00 2001 From: Content Bot Date: Sun, 21 Sep 2025 10:23:08 +0000 Subject: [PATCH 10/10] Bump pack from version Base to 1.41.24. --- Packs/Base/ReleaseNotes/1_41_24.md | 6 ++++++ Packs/Base/pack_metadata.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 Packs/Base/ReleaseNotes/1_41_24.md diff --git a/Packs/Base/ReleaseNotes/1_41_24.md b/Packs/Base/ReleaseNotes/1_41_24.md new file mode 100644 index 000000000000..688f401c0ea0 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_41_24.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +- Fixed an issue where duplicate events were fetched. diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index 03fe61d9af3a..8685a0454d29 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.41.23", + "currentVersion": "1.41.24", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex",