Use filename

Packs/Code42/Integrations/Code42/Code42.py

@@ -152,7 +152,7 @@ def _get_all_high_risk_employees_from_page(page, risk_tags):
 
 def _try_convert_str_list_to_list(str_list):
     if isinstance(str_list, str):
-        return str_list.split()
+        return str_list.split(",")
     return str_list
 
 
@@ -952,9 +952,10 @@ def user_reactivate_command(client, args):
 
 def download_file_command(client, args):
     file_hash = args.get("hash")
+    filename = args.get("filename") or file_hash
     response = client.download_file(file_hash)
     file_chunks = [c for c in response.iter_content(chunk_size=128) if c]
-    return fileResult(file_hash, data=b"".join(file_chunks))
+    return fileResult(filename, data=b"".join(file_chunks))
 
 
 """Fetching"""
@@ -1117,7 +1118,7 @@ def get_command_map():
         "code42-user-block": user_block_command,
         "code42-user-unblock": user_unblock_command,
         "code42-user-deactivate": user_deactivate_command,
-        "code42_user-reactivate": user_reactivate_command,
+        "code42-user-reactivate": user_reactivate_command,
         "code42-download-file": download_file_command,
     }
 

Packs/Code42/Integrations/Code42/Code42.yml

@@ -419,11 +419,20 @@ script:
       description: The username of the High Risk Employee.
       type: Unknown
   - arguments:
-    - default: false
-      description: To filter results by employees who have these risk tags. Space
+    - auto: PREDEFINED
+      default: false
+      description: To filter results by employees who have these risk tags. Comma
         delimited.
       isArray: false
       name: risktags
+      predefined:
+      - PERFORMANCE_CONCERNS
+      - PERFORMANCE_CONCERNS
+      - POOR_SECURITY_PRACTICES
+      - HIGH_IMPACT_EMPLOYEE
+      - ELEVATED_ACCESS_PRIVILEGES
+      - FLIGHT_RISK
+      - CONTRACT_EMPLOYEE
       required: false
       secret: false
     - default: false
@@ -453,10 +462,19 @@ script:
       name: username
       required: true
       secret: false
-    - default: false
-      description: Space-delimited risk tags to associate with the High Risk Employee.
+    - auto: PREDEFINED
+      default: false
+      description: Comma-delimited risk tags to associate with the High Risk Employee.
       isArray: false
       name: risktags
+      predefined:
+      - PERFORMANCE_CONCERNS
+      - PERFORMANCE_CONCERNS
+      - POOR_SECURITY_PRACTICES
+      - HIGH_IMPACT_EMPLOYEE
+      - ELEVATED_ACCESS_PRIVILEGES
+      - FLIGHT_RISK
+      - CONTRACT_EMPLOYEE
       required: true
       secret: false
     deprecated: false
@@ -480,10 +498,19 @@ script:
       name: username
       required: true
       secret: false
-    - default: false
-      description: Space-delimited risk tags to disassociate from the High Risk Employee.
+    - auto: PREDEFINED
+      default: false
+      description: Comma-delimited risk tags to disassociate from the High Risk Employee.
       isArray: false
       name: risktags
+      predefined:
+      - PERFORMANCE_CONCERNS
+      - PERFORMANCE_CONCERNS
+      - POOR_SECURITY_PRACTICES
+      - HIGH_IMPACT_EMPLOYEE
+      - ELEVATED_ACCESS_PRIVILEGES
+      - FLIGHT_RISK
+      - CONTRACT_EMPLOYEE
       required: true
       secret: false
     deprecated: false
@@ -604,6 +631,12 @@ script:
       name: hash
       required: true
       secret: false
+    - default: false
+      description: The filename to save the file as.
+      isArray: false
+      name: filename
+      required: false
+      secret: false
     deprecated: false
     description: Downloads a file from Code42 servers.
     execution: false

Packs/Code42/Integrations/Code42/Code42_test.py

@@ -70,8 +70,8 @@
             "deviceUserName":"[email protected]",
             "osHostName":"HOSTNAME",
             "domainName":"host.docker.internal",
-            "publicIpAddress":"162.222.47.183",
-            "privateIpAddresses":["172.20.128.36","127.0.0.1"],
+            "publicIpAddress":"255.255.255.255",
+            "privateIpAddresses":["255.255.255.255","127.0.0.1"],
             "deviceUid":"935873453596901068",
             "userUid":"912098363086307495",
             "actor":null,
@@ -134,7 +134,7 @@
             "deviceUserName":"[email protected]",
             "osHostName":"TEST'S MAC",
             "domainName":"host.docker.internal",
-            "publicIpAddress":"162.222.47.183",
+            "publicIpAddress":"255.255.255.255",
             "privateIpAddresses":["127.0.0.1"],
             "deviceUid":"935873453596901068",
             "userUid":"912098363086307495",
@@ -198,7 +198,7 @@
             "deviceUserName":"[email protected]",
             "osHostName":"Test's Windows",
             "domainName":"host.docker.internal",
-            "publicIpAddress":"162.222.47.183",
+            "publicIpAddress":"255.255.255.255",
             "privateIpAddresses":["0:0:0:0:0:0:0:1","127.0.0.1"],
             "deviceUid":"935873453596901068",
             "userUid":"912098363086307495",
@@ -248,7 +248,7 @@
 MOCK_CODE42_EVENT_CONTEXT = [
     {
         "ApplicationTabURL": "example.com",
-        "DevicePrivateIPAddress": ["172.20.128.36", "127.0.0.1"],
+        "DevicePrivateIPAddress": ["255.255.255.255", "127.0.0.1"],
         "DeviceUsername": "[email protected]",
         "EndpointID": "935873453596901068",
         "EventID": "0_1d71796f-af5b-4231-9d8e-df6434da4663_935873453596901068_956171635867906205_5",
@@ -1380,7 +1380,7 @@ def test_departingemployee_get_all_command_when_no_employees(
         no_employees_response
     )
     client = create_client(code42_departing_employee_mock)
-    cmd_res = departingemployee_get_all_command(client,{})
+    cmd_res = departingemployee_get_all_command(client, {})
     assert cmd_res.outputs_prefix == "Code42.DepartingEmployee"
     assert cmd_res.outputs_key_field == "UserID"
     assert cmd_res.raw_response == {}
@@ -1456,7 +1456,7 @@ def test_highriskemployee_get_all_command_when_given_risk_tags_only_gets_employe
     client = create_client(code42_high_risk_employee_mock)
     cmd_res = highriskemployee_get_all_command(
         client,
-        {"risktags": "PERFORMANCE_CONCERNS SUSPICIOUS_SYSTEM_ACTIVITY POOR_SECURITY_PRACTICES"},
+        {"risktags": "PERFORMANCE_CONCERNS,SUSPICIOUS_SYSTEM_ACTIVITY,POOR_SECURITY_PRACTICES"},
     )
     expected_response = [json.loads(MOCK_GET_ALL_HIGH_RISK_EMPLOYEES_RESPONSE)["items"][0]]
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
@@ -1494,7 +1494,7 @@ def test_highriskemployee_get_all_command_when_no_employees(code42_high_risk_emp
     client = create_client(code42_high_risk_employee_mock)
     cmd_res = highriskemployee_get_all_command(
         client,
-        {"risktags": "PERFORMANCE_CONCERNS SUSPICIOUS_SYSTEM_ACTIVITY POOR_SECURITY_PRACTICES"},
+        {"risktags": "PERFORMANCE_CONCERNS,SUSPICIOUS_SYSTEM_ACTIVITY,POOR_SECURITY_PRACTICES"},
     )
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
     assert cmd_res.outputs_key_field == "UserID"
@@ -1507,7 +1507,7 @@ def test_highriskemployee_add_risk_tags_command(code42_sdk_mock):
     tags = "FLIGHT_RISK"
     client = create_client(code42_sdk_mock)
     cmd_res = highriskemployee_add_risk_tags_command(
-        client, {"username": _TEST_USERNAME, "risktags": "FLIGHT_RISK"}
+        client, {"username": _TEST_USERNAME, "risktags": tags}
     )
     assert cmd_res.raw_response == _TEST_USER_ID
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
@@ -1516,21 +1516,21 @@ def test_highriskemployee_add_risk_tags_command(code42_sdk_mock):
     assert cmd_res.outputs["Username"] == _TEST_USERNAME
     assert cmd_res.outputs["RiskTags"] == tags
     code42_sdk_mock.detectionlists.add_user_risk_tags.assert_called_once_with(
-        _TEST_USER_ID, ["FLIGHT_RISK"]
+        _TEST_USER_ID, [tags]
     )
 
 
 def test_highriskemployee_remove_risk_tags_command(code42_sdk_mock):
     client = create_client(code42_sdk_mock)
     cmd_res = highriskemployee_remove_risk_tags_command(
-        client, {"username": _TEST_USERNAME, "risktags": "FLIGHT_RISK CONTRACT_EMPLOYEE"}
+        client, {"username": _TEST_USERNAME, "risktags": "FLIGHT_RISK,CONTRACT_EMPLOYEE"}
     )
     assert cmd_res.raw_response == _TEST_USER_ID
     assert cmd_res.outputs_prefix == "Code42.HighRiskEmployee"
     assert cmd_res.outputs_key_field == "UserID"
     assert cmd_res.outputs["UserID"] == _TEST_USER_ID
     assert cmd_res.outputs["Username"] == _TEST_USERNAME
-    assert cmd_res.outputs["RiskTags"] == "FLIGHT_RISK CONTRACT_EMPLOYEE"
+    assert cmd_res.outputs["RiskTags"] == "FLIGHT_RISK,CONTRACT_EMPLOYEE"
     code42_sdk_mock.detectionlists.remove_user_risk_tags.assert_called_once_with(
         _TEST_USER_ID, ["FLIGHT_RISK", "CONTRACT_EMPLOYEE"]
     )

Packs/Code42/Integrations/Code42/README.md

@@ -420,7 +420,7 @@ Get all employees on the High Risk Employee List.
 
 | **Argument Name** | **Description** | **Required** |
 | --- | --- | --- |
-| risktags | To filter results by employees who have these risk tags. Space delimited. | Optional | 
+| risktags | To filter results by employees who have these risk tags. Comma delimited. | Optional | 
 | results | The number of items to return. | Optional |