ebarti / cortex-xdr-client Goto Github PK

hi from the cortex i have already the hash authentication so another hash will get authentication issue :

Traceback (most recent call last):
  ...
  File "ib/python3.9/site-packages/cortex_xdr_client/api/xql_api.py", line 51, in start_xql_query
    response = self._call(call_name="start_xql_query", json_value=request_data)
  File "lib/python3.9/site-packages/cortex_xdr_client/api/base_api.py", line 46, in _call
    return self._execute_call(url=url,
  File "python3.9/site-packages/cortex_xdr_client/api/base_api.py", line 67, in _execute_call
    response.raise_for_status()
  File "python3.9/site-packages/requests/models.py", line 1021, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url

is there a way to add flag to set hash api key that will put instead of "Authorization": api_key_hash "Authorization": self._api_key
in _get_headers() line 30 in base_api.py file? or how can i get the not hash api from the product ?

Given enum ScanStatus

• Aborted
• Timeout

During the invocation of the endpoints_api.isolate_endpoints or endpoints.api.unisolate_endpoints the client returns b'{"reply": {"err_code": 500, "err_msg": "An error occurred while processing XDR public API - No endpoint was found for creating the requested action", "err_extra": "can\'t create group action id for ISOLATE"}}' even though provided endpoint_list is selected directly from the Cortex XDR dashboard``

Python 3.9
API Version 1.7.2

The parse on models/alerts.py fails on parsing response json for the alerts_api for some alerts. I got the raw response before parsing and it might be the ' OR " json issue. For example some alerts return a simple description as "Suspicious executable detected" where others return ""The \'schtasks\' command was executed on DESKTOP-XXXX to schedule a local task. Child process command line: \\""

Traceback (most recent call last): File "/Users/r/Library/Application Support/JetBrains/PyCharm2021.3/scratches/scratch.py", line 12, in <module> end = auto.alerts_api.get_alerts(search_from=25, search_to=26) File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/cortex_xdr_client/api/alerts_api.py", line 63, in get_alerts return GetAlertsResponse.parse_obj(response.json()) File "pydantic/main.py", line 521, in pydantic.main.BaseModel.parse_obj File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__ pydantic.error_wrappers.ValidationError: 1 validation error for GetAlertsResponse reply -> alerts -> 0 -> description str type expected (type=type_error.str)