Filter type param

Packs/Code42/Integrations/Code42/Code42.py

@@ -193,10 +193,11 @@ def remove_user_from_departing_employee(self, username):
         self._get_sdk().detectionlists.departing_employee.remove(user_id)
         return user_id
 
-    def get_all_departing_employees(self, results):
+    def get_all_departing_employees(self, results, filter_type):
         res = []
-        results = int(results) if results else None
-        pages = self._get_sdk().detectionlists.departing_employee.get_all()
+        results = int(results) if results else 50
+        filter_type = filter_type if filter_type else "OPEN"
+        pages = self._get_sdk().detectionlists.departing_employee.get_all(filter_type=filter_type)
         for page in pages:
             # Note: page is a `Py42Response` and has no `get()` method.
             employees = page["items"]
@@ -230,11 +231,12 @@ def remove_user_risk_tags(self, username, risk_tags):
         self._get_sdk().detectionlists.remove_user_risk_tags(user_id, risk_tags)
         return user_id
 
-    def get_all_high_risk_employees(self, risk_tags, results):
+    def get_all_high_risk_employees(self, risk_tags, results, filter_type):
         risk_tags = _try_convert_str_list_to_list(risk_tags)
-        results = int(results) if results else None
+        results = int(results) if results else 50
+        filter_type = filter_type if filter_type else "OPEN"
         res = []
-        pages = self._get_sdk().detectionlists.high_risk_employee.get_all()
+        pages = self._get_sdk().detectionlists.high_risk_employee.get_all(filter_type=filter_type)
         for page in pages:
             employees = _get_all_high_risk_employees_from_page(page, risk_tags)
             for employee in employees:
@@ -759,8 +761,9 @@ def departingemployee_remove_command(client, args):
 
 @logger
 def departingemployee_get_all_command(client, args):
-    results = args.get("results") or 50
-    employees = client.get_all_departing_employees(results)
+    results = args.get("results", 50)
+    filter_type = args.get("filtertype", "OPEN")
+    employees = client.get_all_departing_employees(results, filter_type)
     if not employees:
         return CommandResults(
             readable_output="No results found",
@@ -823,8 +826,9 @@ def highriskemployee_remove_command(client, args):
 @logger
 def highriskemployee_get_all_command(client, args):
     tags = args.get("risktags")
-    results = args.get("results") or 50
-    employees = client.get_all_high_risk_employees(tags, results)
+    results = args.get("results", 50)
+    filter_type = args.get("filtertype", "OPEN")
+    employees = client.get_all_high_risk_employees(tags, results, filter_type)
     if not employees:
         return CommandResults(
             readable_output="No results found",

Packs/Code42/Integrations/Code42/Code42.yml

@@ -356,6 +356,19 @@ script:
       name: results
       required: false
       secret: false
+    - auto: PREDEFINED
+      default: true
+      defaultValue: OPEN
+      description: Filters the results based on specific filters.
+      isArray: false
+      name: filtertype
+      predefined:
+      - EXFILTRATION_30_DAYS
+      - EXFILTRATION_24_HOURS
+      - OPEN
+      - LEAVING_TODAY
+      required: false
+      secret: false
     deprecated: false
     description: Get all employees on the Departing Employee List.
     execution: false
@@ -441,6 +454,18 @@ script:
       name: results
       required: false
       secret: false
+    - auto: PREDEFINED
+      default: true
+      defaultValue: OPEN
+      description: Filters the results based on specific filters.
+      isArray: false
+      name: filtertype
+      predefined:
+      - EXFILTRATION_30_DAYS
+      - EXFILTRATION_24_HOURS
+      - OPEN
+      required: false
+      secret: false
     deprecated: false
     description: Get all employees on the High Risk Employee List.
     execution: false
@@ -624,66 +649,6 @@ script:
     - contextPath: Code42.User.UserID
       description: The ID of a Code42 User.
       type: String
-  - arguments:
-    - default: false
-      description: The username of the user to add to the given legal hold matter.
-      isArray: false
-      name: username
-      required: true
-      secret: false
-    - default: false
-      description: The name of the legal hold matter to which to which the user will be added.
-      isArray: false
-      name: mattername
-      required: true
-      secret: false
-    deprecated: false
-    description: Adds a Code42 user to a legal hold matter.
-    execution: false
-    name: code42-legalhold-add-user
-    outputs:
-    - contextPath: Code42.LegalHold.UserID
-      description: The ID of a Code42 user.
-      type: Unknown
-    - contextPath: Code42.LegalHold.MatterID
-      description: The ID of a Code42 legal hold matter.
-      type: String
-    - contextPath: Code42.LegalHold.Username
-      description: A username for a Code42 user.
-      type: String
-    - contextPath: Code42.LegalHold.MatterName
-      description: A name for a Code42 legal hold matter.
-      type: String
-  - arguments:
-      - default: false
-        description: The username of the user to remove from the given legal hold matter.
-        isArray: false
-        name: username
-        required: true
-        secret: false
-      - default: false
-        description: The name of the legal hold matter from which to which the user will be removed.
-        isArray: false
-        name: mattername
-        required: true
-        secret: false
-    deprecated: false
-    description: Removes a Code42 user from a legal hold matter.
-    execution: false
-    name: code42-legalhold-remove-user
-    outputs:
-      - contextPath: Code42.LegalHold.UserID
-        description: The ID of a Code42 user.
-        type: Unknown
-      - contextPath: Code42.LegalHold.MatterID
-        description: The ID of a Code42 legal hold matter.
-        type: String
-      - contextPath: Code42.LegalHold.Username
-        description: A username for a Code42 user.
-        type: String
-      - contextPath: Code42.LegalHold.MatterName
-        description: A name for a Code42 legal hold matter.
-        type: String
   - arguments:
     - default: false
       description: Either the SHA256 or MD5 hash of the file.

Packs/Code42/Integrations/Code42/Code42_test.py

@@ -361,45 +361,43 @@
       "type$": "ALERT_SUMMARY",
       "tenantId": "1d700000-af5b-4231-9d8e-df6434d00000",
       "type": "FED_ENDPOINT_EXFILTRATION",
-      "name": "Exposure on an endpoint",
-      "description": "This default rule alerts you when departing employees move data from an endpoint.",
-      "actor": "test.testerson@example.com",
+      "name": "Departing Employee Alert",
+      "description": "Cortex XSOAR is cool.",
+      "actor": "user1@example.com",
       "target": "N/A",
       "severity": "HIGH",
       "ruleId": "9befe477-3487-40b7-89a6-bbcced4cf1fe",
       "ruleSource": "Departing Employee",
-      "id": "fbeaabc1-9205-4620-ad53-95d0633429a3",
-      "createdAt": "2020-05-04T20:46:45.8106280Z",
+      "id": "36fb8ca5-0533-4d25-9763-e09d35d60610",
+      "createdAt": "2019-10-02T17:02:23.5867670Z",
       "state": "OPEN"
     },
     {
       "type$": "ALERT_SUMMARY",
       "tenantId": "1d700000-af5b-4231-9d8e-df6434d00000",
-      "type": "FED_ENDPOINT_EXFILTRATION",
-      "name": "Exposure on an endpoint",
-      "description": "This default rule alerts you when departing employees move data from an endpoint.",
-      "actor": "[email protected]",
+      "type": "FED_CLOUD_SHARE_PERMISSIONS",
+      "name": "High-Risk Employee Alert",
+      "actor": "[email protected]",
       "target": "N/A",
-      "severity": "LOW",
+      "severity": "MEDIUM",
       "ruleId": "9befe477-3487-40b7-89a6-bbcced4cf1fe",
       "ruleSource": "Departing Employee",
-      "id": "6bb7ca1e-c8cf-447d-a732-9652869e42d0",
-      "createdAt": "2020-05-04T20:35:54.2400240Z",
+      "id": "18ac641d-7d9c-4d37-a48f-c89396c07d03",
+      "createdAt": "2019-10-02T17:02:24.2071980Z",
       "state": "OPEN"
     },
     {
       "type$": "ALERT_SUMMARY",
       "tenantId": "1d700000-af5b-4231-9d8e-df6434d00000",
       "type": "FED_ENDPOINT_EXFILTRATION",
-      "name": "Exposure on an endpoint",
-      "description": "This default rule alerts you when departing employees move data from an endpoint.",
-      "actor": "[email protected]",
+      "name": "Custom Alert 1",
+      "actor": "[email protected]",
       "target": "N/A",
-      "severity": "HIGH",
+      "severity": "LOW",
       "ruleId": "9befe477-3487-40b7-89a6-bbcced4cf1fe",
       "ruleSource": "Departing Employee",
-      "id": "c2c3aef3-8fd9-4e7a-a04e-16bec9e27625",
-      "createdAt": "2020-05-04T20:19:34.7121300Z",
+      "id": "3137ff1b-b824-42e4-a476-22bccdd8ddb8",
+      "createdAt": "2019-10-02T17:03:28.2885720Z",
       "state": "OPEN"
     }
   ],