Merge pull request #51 from splunk-soar-connectors/next

Merging next to main for release 4.3.0
splunk-soar-connectors · Oct 16, 2024 · fd69c55 · fd69c55
2 parents 8f82a4e + 84a4d25
commit fd69c55
Show file tree

Hide file tree

Showing 13 changed files with 1,397 additions and 1,383 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
 repos:
 -   repo: https://github.com/phantomcyber/dev-cicd-tools
-    rev: v1.16
+    rev: v1.23
     hooks:
     -   id: org-hook
     -   id: package-app-dependencies
 -   repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
     -   id: detect-secrets
         args: ['--no-verify', '--exclude-files', '^crowdstrikeoauthapi.json$']
diff --git a/README.md b/README.md
@@ -2,11 +2,11 @@
 # CrowdStrike OAuth API
 
 Publisher: Splunk  
-Connector Version: 4.2.0  
+Connector Version: 4.3.0  
 Product Vendor: CrowdStrike  
 Product Name: CrowdStrike  
 Product Version Supported (regex): ".\*"  
-Minimum Product Version: 6.1.1  
+Minimum Product Version: 6.2.1  
 
 This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data
 
@@ -237,6 +237,28 @@ Identifier. This is the value of the SDI of the main event that the sub-events w
 
 ## Notes
 
+
+-   **Action -** List Alerts
+
+<!-- -->
+
+-   The filter parameter values follow the [FQL
+    Syntax](https://falcon.crowdstrike.com/support/documentation/45/falcon-query-language-fql-reference)
+    .
+-   The sort parameter value has to be provided in the format property_name.asc for ascending and
+    property_name.desc for descending order.
+
+-   The `include_hidden` parameter has been added to the action as it's behavior in the API has changed. In the
+    prior API version, the default behavior of the `include_hidden` parameter was either not supported or defaulted
+    to `false`. The latest version of the API now defaults `include_hidden` to `true` if it is not included in
+    the API call. Therefore, we have included this parameter in the action configuration and set it to `false` by
+    default in order to keep the action behavior consistent with the previous app version. Hidden alerts can be
+    identified by the `show_in_ui` field of an alert object.
+
+    If you experience any `list alerts` action failures in an existing playbook that passed in the previous version
+    of the app, you may need to edit the action in the playbook and then save. This will then add the `include_hidden`
+    field to the playbook action.
+
 -   **Action -** List Groups
 
 <!-- -->
@@ -1146,6 +1168,7 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
 **limit** |  optional  | Maximum alerts to be fetched | numeric | 
 **filter** |  optional  | Filter expression used to limit the fetched alerts (FQL Syntax) | string | 
 **sort** |  optional  | Property to sort by | string | 
+**include_hidden** |  optional  | Include hidden alerts | boolean | 
 
 #### Action Output
 DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
@@ -1190,7 +1213,8 @@ action_result.data.\*.updated_timestamp | string |  |   2022-11-16T09:47:26.5611
 action_result.summary.total_alerts | numeric |  |   50 
 action_result.message | string |  |   Total alerts: 50 
 summary.total_objects | numeric |  |   1 
-summary.total_objects_successful | numeric |  |   1   
+summary.total_objects_successful | numeric |  |   1 
+action_result.parameter.include_hidden | numeric |  |   True   
 
 ## action: 'list sessions'
 Lists Real Time Response sessions