init (#35798)

Packs/PAN-OS/Integrations/Panorama/Panorama.py

@@ -14273,6 +14273,7 @@ def corr_incident_entry_to_incident_context(incident_entry: Dict[str, Any]) -> D
     Returns:
         dict[str,any]: context formatted incident entry represented by a dictionary
     """
+    incident_entry['type'] = 'CORRELATION'
     match_time = incident_entry.get('match_time', '')
     occurred = (
         occurred_datetime.strftime(DATE_FORMAT)
@@ -14284,7 +14285,6 @@ def corr_incident_entry_to_incident_context(incident_entry: Dict[str, Any]) -> D
         'name': f"Correlation {incident_entry.get('@logid')}",
         'occurred': occurred,
         'rawJSON': json.dumps(incident_entry),
-        'type': 'CORRELATION'
     }
 
 
@@ -14308,7 +14308,6 @@ def incident_entry_to_incident_context(incident_entry: Dict[str, Any]) -> Dict[s
         'name': f"{incident_entry.get('device_name')} {incident_entry.get('seqno')}",
         'occurred': occurred,
         'rawJSON': json.dumps(incident_entry),
-        'type': incident_entry.get('type')
     }
 
 

Packs/PAN-OS/Integrations/Panorama/Panorama.yml

@@ -9504,7 +9504,7 @@ script:
     - contextPath: Panorama.AuditComment.rule_type
       description: The rule type.
       type: String
-  dockerimage: demisto/pan-os-python:1.0.0.105214
+  dockerimage: demisto/pan-os-python:1.0.0.107786
   isfetch: true
   runonce: false
   script: ''

Packs/PAN-OS/Integrations/Panorama/Panorama_test.py

@@ -6528,7 +6528,6 @@ def test_incident_entry_to_incident_context(self):
                 'name': 'dummy_device 1',
                 'occurred': occured.strftime(DATE_FORMAT),
                 'rawJSON': json.dumps(raw_entry),
-                'type': 'TYPE'
             }
         assert incident_entry_to_incident_context(raw_entry) == context_entry
 
@@ -6649,7 +6648,7 @@ def test_first_fetch_with_one_incident_flow(self, mocker):
         raw_entries = {'seqno': '000000001', 'type': 'X_log_type', 'time_generated': '2022/1/1 12:00:00',
                        'device_name': 'device_for_test'}
         expected_parsed_incident_entries = {'name': 'device_for_test 000000001', 'occurred': '2022-01-01T12:00:00Z',
-                                            'rawJSON': json.dumps(raw_entries), 'type': 'X_log_type'}
+                                            'rawJSON': json.dumps(raw_entries)}
         fetch_start_datetime_dict = {'X_log_type': dateparser.parse('2022/1/1 11:00:00', settings={'TIMEZONE': 'UTC'})}
 
         mocker.patch('Panorama.get_query_entries', return_value=[raw_entries])
@@ -6724,7 +6723,7 @@ def test_second_fetch_with_two_incidents_with_same_log_type_flow(self, mocker):
                         'device_name': 'dummy_device'}]
 
         expected_parsed_incident_entries = [{'name': 'dummy_device 000000002', 'occurred': '2022-01-01T13:00:00Z',
-                                             'rawJSON': json.dumps(raw_entries[0]), 'type': 'X_log_type'}]
+                                             'rawJSON': json.dumps(raw_entries[0])}]
         fetch_start_datetime_dict = {'X_log_type': dateparser.parse('2022/1/1 12:00:00', settings={'TIMEZONE': 'UTC'})}
 
         mocker.patch('Panorama.get_query_entries', return_value=raw_entries)
@@ -6771,9 +6770,9 @@ def test_second_fetch_with_two_incidents_with_different_log_types_flow(self, moc
         fetch_incidents_request_result = {'X_log_type': [raw_entries[0]], 'Y_log_type': [raw_entries[1]]}
 
         expected_parsed_incident_entries = [{'name': 'dummy_device1 000000002', 'occurred': '2022-01-01T13:00:00Z',
-                                             'rawJSON': json.dumps(raw_entries[0]), 'type': 'X_log_type'},
+                                             'rawJSON': json.dumps(raw_entries[0])},
                                             {'name': 'dummy_device2 000000001', 'occurred': '2022-01-01T13:00:00Z',
-                                             'rawJSON': json.dumps(raw_entries[1]), 'type': 'Y_log_type'}]
+                                             'rawJSON': json.dumps(raw_entries[1])}]
         fetch_start_datetime_dict = {'X_log_type': dateparser.parse(
             '2022/1/1 11:00:00', settings={'TIMEZONE': 'UTC'}),
             'Y_log_type': dateparser.parse(
@@ -6824,9 +6823,9 @@ def test_second_fetch_with_two_incidents_with_different_log_types_and_different_
         fetch_incidents_request_result = {'X_log_type': X_log_type_raw_entries, 'Y_log_type': Y_log_type_raw_entries}
 
         expected_parsed_incident_entries = [{'name': 'dummy_device1 000000002', 'occurred': '2022-01-01T13:00:00Z',
-                                             'rawJSON': json.dumps(X_log_type_raw_entries[0]), 'type': 'X_log_type'},
+                                             'rawJSON': json.dumps(X_log_type_raw_entries[0])},
                                             {'name': 'dummy_device2 000000003', 'occurred': '2022-01-01T13:00:00Z',
-                                             'rawJSON': json.dumps(Y_log_type_raw_entries[0]), 'type': 'Y_log_type'}]
+                                             'rawJSON': json.dumps(Y_log_type_raw_entries[0])}]
         fetch_start_datetime_dict = {'X_log_type': dateparser.parse('2022/1/1 11:00:00', settings={'TIMEZONE': 'UTC'}),
                                      'Y_log_type': dateparser.parse('2022/1/1 11:00:00', settings={'TIMEZONE': 'UTC'})}
 
@@ -7453,7 +7452,7 @@ def test_fetch_incidents_correlation(mocker: MockerFixture):
     )
 
     assert entries[0]["name"] == "Correlation 1"
-    assert entries[0]["type"] == "CORRELATION"
+    assert "CORRELATION" in entries[0]["rawJSON"]
     assert mock_get_query_entries.call_args_list[0].args == (
         "Correlation", "query and (match_time geq '2024/04/08 07:22:54')", 10, 1
     )  # asserting that "match_time" is used instead of "time_generated".

Packs/PAN-OS/Integrations/Panorama/test_data/fetch_incidents_input.py

@@ -180,7 +180,6 @@ def assert_datetime_objects(returned: datetime | None, expected: datetime | None
             "name": "testing_device1 00000000001",
             "occurred": utc_time_twelve.isoformat() + "Z",
             "rawJSON": '{"seqno": "00000000001", "type": "X_log_type", "time_generated": "2022/01/01 12:00:00", "device_name": "testing_device1"}',
-            "type": "X_log_type",
         }
     ],
 )
@@ -208,13 +207,11 @@ def assert_datetime_objects(returned: datetime | None, expected: datetime | None
             "name": "testing_device2 00000000001",
             "occurred": utc_time_eleven.isoformat() + "Z",
             "rawJSON": '{"seqno": "00000000001", "type": "X_log_type", "time_generated": "2022/01/01 11:00:00", "device_name": "testing_device2"}',
-            "type": "X_log_type",
         },
         {
             "name": "testing_device3 00000000002",
             "occurred": utc_time_twelve.isoformat() + "Z",
             "rawJSON": '{"seqno": "00000000002", "type": "X_log_type", "time_generated": "2022/01/01 12:00:00", "device_name": "testing_device3"}',
-            "type": "X_log_type",
         },
     ],
 )
@@ -250,7 +247,6 @@ def assert_datetime_objects(returned: datetime | None, expected: datetime | None
                 '{"seqno": "00000000001", "type": "X_log_type", "time_generated":'
                 ' "2022/01/01 12:00:00", "device_name": "testing_device1"}'
             ),
-            "type": "X_log_type",
         }
     ],
 )

Packs/PAN-OS/ReleaseNotes/2_1_33.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### Palo Alto Networks PAN-OS
+
+- Fixed an issue in which incidents were not correctly classified.

Packs/PAN-OS/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "PAN-OS by Palo Alto Networks",
     "description": "Manage Palo Alto Networks Firewall and Panorama. Use this pack to manage Prisma Access through Panorama. For more information see Panorama documentation.",
     "support": "xsoar",
-    "currentVersion": "2.1.32",
+    "currentVersion": "2.1.33",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",