Fix proxy usage (#85) (demisto#29630)

* Fix proxy usage (#85) (demisto#29181)

* Fix proxy usage (#85)

* Fix proxy usage in ZF client

* Fix variable USE_SSL to verify requests

* Remove proxy object from client

Given that the proxy works by default with env vars, the proxy object
is not necessary

* Update version and add release notes

* Fix call to modified alerts (#86)

* Fix call to modified alerts

* Update docker image

* Fix tests associated with get modified data

* change rn

* fix validation

---------

Co-authored-by: Felipe Garrido <[email protected]>
Co-authored-by: ostolero <[email protected]>
Co-authored-by: ostolero <[email protected]>

Author: 3 people

Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.py

@@ -1100,10 +1100,9 @@ def get_modified_remote_data_command(
     args = GetModifiedRemoteDataArgs(args)
     last_update = args.last_update
 
-    # Get alerts created before `last_update` and modified after `last_update`
+    # Get alerts modified after `last_update`
     list_alert_params = {
         "last_modified_min_date": str(last_update),
-        "max_timestamp": str(last_update),
     }
 
     try:
@@ -1674,7 +1673,9 @@ def main():
     FETCH_TIME: str = params.get(
         "fetch_time", FETCH_TIME_DEFAULT,
     ).strip()
-    FETCH_LIMIT: int = int(demisto.params().get("fetch_limit", "100"))
+    FETCH_LIMIT: int = int(params.get("fetch_limit", "100"))
+    USE_SSL: bool = not params.get("insecure", False)
+    PROXY: bool = params.get('proxy', False)
 
     commands: dict[str, Callable[[ZFClient, dict[str, Any]], Any]] = {
         "get-modified-remote-data": get_modified_remote_data_command,
@@ -1700,15 +1701,17 @@ def main():
         "zerofox-search-exploits": search_exploits_command,
     }
     try:
+        handle_proxy()
         client = ZFClient(
             base_url=BASE_URL,
             ok_codes={200, 201},
             username=USERNAME,
             password=PASSWORD,
             fetch_limit=FETCH_LIMIT,
+            verify=USE_SSL,
+            proxy=PROXY,
         )
 
-        handle_proxy()
         command = demisto.command()
 
         if command == 'test-module':

Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.yml

@@ -522,13 +522,13 @@ script:
     - default: false
       description: |-
         Indicates the type of string matching used for comparing entity names
-        to impersonator names. It must be `true` or `false`
+        to impersonator names. It must be `true` or `false`.
       isArray: false
       name: strict_name_matching
     - description: |-
         Comma-separated list of string tags for tagging the entity.
         For example:
-        label1,label2,label3
+        label1,label2,label3.
       isArray: true
       name: tags
     - description: The ID of the policy to assign to the new entity. Can be retrieved running the zerofox-get-policy-types command.
@@ -617,7 +617,7 @@ script:
       description: The organization associated with the entity.
       type: String
     - contextPath: ZeroFox.Entity.Tags
-      description: A list of tags of the entity
+      description: A list of tags of the entity.
       type: String
     - contextPath: ZeroFox.Entity.StrictNameMatching
       description: Indicates the type of string matching used for comparing entity names to impersonator names.
@@ -638,7 +638,7 @@ script:
       description: The ID of the type of entity.
       type: Number
     - contextPath: ZeroFox.Entity.TypeName
-      description: The name of the type of entity
+      description: The name of the type of entity.
       type: String
   - description: Shows a table of all entity type names and IDs in the War Room.
     name: zerofox-get-entity-types
@@ -648,25 +648,25 @@ script:
     - name: source
       required: true
       auto: PREDEFINED
-      description: Content to be considered a threat
+      description: Content to be considered a threat.
       type: keyValue
     - name: alert_type
       required: true
       auto: PREDEFINED
-      description: Type of content acting as a threat, could be one of email, ip, domain, url, phone, mail_exchange, page_content or account
+      description: Type of content acting as a threat, could be one of email, ip, domain, url, phone, mail_exchange, page_content or account.
       type: keyValue
     - name: violation
       required: true
       auto: PREDEFINED
-      description: Type of infringement the submitted threat represents, could be one of phishing, malware, rogue_app, impersonation, trademark, copyright, private_data, fraud or other
+      description: Type of infringement the submitted threat represents, could be one of phishing, malware, rogue_app, impersonation, trademark, copyright, private_data, fraud or other.
       type: keyValue
     - name: entity_id
       required: true
       auto: PREDEFINED
-      description: Identifier of the entity being threatened by submitted content
+      description: Identifier of the entity being threatened by submitted content.
       type: keyValue
     - name: notes
-      description: Additional notes to include in submission
+      description: Additional notes to include in submission.
       type: textArea
     deprecated: false
     description: Submits potential threats into the ZF alert registry for disruption.
@@ -680,104 +680,104 @@ script:
     arguments:
     - name: domain
       required: true
-      description: Domain to search
+      description: Domain to search.
       type: keyValue
-    description: Looks for a given domain in Zerofox's CTI feeds
+    description: Looks for a given domain in Zerofox's CTI feeds.
     outputs:
     - contextPath: ZeroFox.CompromisedDomains.Domain
       type: string
-      description: Domain in which the search domain was found
+      description: Domain in which the search domain was found.
     - contextPath: ZeroFox.CompromisedDomains.LastModified
       type: string
-      description: Last time that the threat was found
+      description: Last time that the threat was found.
     - contextPath: ZeroFox.CompromisedDomains.IPs
       type: string
-      description: Related domains to the threat separated by commas
+      description: Related domains to the threat separated by commas.
   - name: zerofox-search-compromised-email
     arguments:
     - name: email
       required: true
       auto: PREDEFINED
-      description: email to search
+      description: email to search.
       type: keyValue
     outputs:
     - contextPath: ZeroFox.CompromisedEmails.Domain
       type: string
-      description: Domain in which the search domain was found
+      description: Domain in which the search domain was found.
     - contextPath: ZeroFox.CompromisedEmails.Email
       type: string
-      description: Email involved in the threat
+      description: Email involved in the threat.
     - contextPath: ZeroFox.CompromisedEmails.CreatedAt
       type: string
-      description: Date in which the email was found related to a threat
-    description: Looks for a given email in ZeroFox's CTI feeds
+      description: Date in which the email was found related to a threat.
+    description: Looks for a given email in ZeroFox's CTI feeds.
   - name: zerofox-search-malicious-ip
     arguments:
     - name: ip
       required: true
       auto: PREDEFINED
-      description: ip to search
+      description: ip to search.
       type: keyValue
     outputs:
     - contextPath: ZeroFox.MaliciousIPs.Domain
       type: string
-      description: Domain in which the search domain was found
+      description: Domain in which the search domain was found.
     - contextPath: ZeroFox.MaliciousIPs.IPAddress
       type: string
-      description: IP in which the search domain was found
+      description: IP in which the search domain was found.
     - contextPath: ZeroFox.MaliciousIPs.CreatedAt
       type: string
-      description: Date in which the ip was found related to a threat
-    description: Looks for malicious ips in ZeroFox's CTI feeds
+      description: Date in which the ip was found related to a threat.
+    description: Looks for malicious ips in ZeroFox's CTI feeds.
   - name: zerofox-search-malicious-hash
     arguments:
     - name: hash
       required: true
       auto: PREDEFINED
-      description: hash to search
+      description: hash to search.
       type: keyValue
     outputs:
     - contextPath: ZeroFox.MaliciousHashes.CreatedAt
-      description: Date in which the ip was found related to a threat
+      description: Date in which the ip was found related to a threat.
       type: string
     - contextPath: ZeroFox.MaliciousHashes.Family
-      description: Family related threat
+      description: Family related threat.
       type: string
     - contextPath: ZeroFox.MaliciousHashes.MD5
-      description: Hash in MD5 format
+      description: Hash in MD5 format.
       type: string
     - contextPath: ZeroFox.MaliciousHashes.SHA1
-      description: Hash in SHA1 format
+      description: Hash in SHA1 format.
       type: string
     - contextPath: ZeroFox.MaliciousHashes.SHA256
-      description: Hash in SHA256 format
+      description: Hash in SHA256 format.
       type: string
     - contextPath: ZeroFox.MaliciousHashes.SHA512
-      description: Hash in SHA512 format
+      description: Hash in SHA512 format.
       type: string
     - contextPath: ZeroFox.MaliciousHashes.FoundHash
-      description: Indicates in which hash format was found the search
+      description: Indicates in which hash format was found the search.
       type: string
-    description: Looks for registered hashes in ZeroFox's CTI feeds
+    description: Looks for registered hashes in ZeroFox's CTI feeds.
   - name: zerofox-search-exploits
     arguments:
     - name: since
       required: true
       auto: PREDEFINED
-      description: Staring date for exploit search
+      description: Staring date for exploit search.
       type: keyValue
     outputs:
     - contextPath: ZeroFox.Exploits.CreatedAt
-      description: Date in which the ip was found related to a threat
+      description: Date in which the ip was found related to a threat.
       type: string
     - contextPath: ZeroFox.Exploits.CVECode
-      description: CVE Code to identify the exploit
+      description: CVE Code to identify the exploit.
       type: string
     - contextPath: ZeroFox.Exploits.URLs
-      description: URLs associated to the threat separated by commas
+      description: URLs associated to the threat separated by commas.
       type: string
-    description: Looks for registered exploits in ZeroFox's CTI feeds
-  dockerimage: demisto/python3:3.10.13.72123
+    description: Looks for registered exploits in ZeroFox's CTI feeds.
+  dockerimage: demisto/python3:3.10.13.73190
   isfetch: true
   longRunning: false
   longRunningPort: false

Packs/ZeroFox/Integrations/ZeroFox/ZeroFox_test.py

@@ -223,7 +223,6 @@ def test_get_modified_remote_data_command_with_no_data(requests_mock, mocker):
     spy.assert_called_once()
     list_alerts_call_args = spy.call_args[0][0]
     assert list_alerts_call_args["last_modified_min_date"] == args["lastUpdate"]
-    assert list_alerts_call_args["max_timestamp"] == args["lastUpdate"]
     assert len(results.modified_incident_ids) == 0
 
 
@@ -249,7 +248,6 @@ def test_get_modified_remote_data_command(requests_mock, mocker):
     spy.assert_called_once()
     list_alerts_call_args = spy.call_args[0][0]
     assert list_alerts_call_args["last_modified_min_date"] == args["lastUpdate"]
-    assert list_alerts_call_args["max_timestamp"] == args["lastUpdate"]
     assert len(results.modified_incident_ids) == 10
     for modified_incident_id in results.modified_incident_ids:
         assert isinstance(modified_incident_id, str)

Packs/ZeroFox/ReleaseNotes/1_1_2.md

@@ -0,0 +1,4 @@
+#### Integrations
+##### ZeroFox
+- Fixed an issue related to the usage of a proxy.
+- Updated the Docker image to: *demisto/python3:3.10.13.73190*.

Packs/ZeroFox/pack_metadata.json

@@ -2,11 +2,10 @@
     "name": "ZeroFox",
     "description": "Cloud-based SaaS to detect risks found on social media and digital channels.",
     "support": "partner",
-    "currentVersion": "1.1.1",
+    "currentVersion": "1.1.2",
     "author": "ZeroFox",
     "url": "https://www.zerofox.com/contact-us/",
     "email": "[email protected]",
-
     "created": "2020-04-14T00:00:00Z",
     "categories": [
         "Data Enrichment & Threat Intelligence"
@@ -20,4 +19,4 @@
     ],
     "dependencies": {},
     "displayedImages": []
-}
+}