Jamf computer fetch assets and refactored (#38336)

* refactored and computer fetch assets firs version

* added logs and improve get_events while loop

* tests updated and more

* dataset name added to description

* mypy fixes and rn

* docs update

* tests add_fields_to_events function

* rn with bc note

* Update Packs/JamfProtect/ReleaseNotes/1_2_0.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/JamfProtect/Integrations/JamfProtectEventCollector/README.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/JamfProtect/Integrations/JamfProtectEventCollector/JamfProtectEventCollector_description.md

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/JamfProtect/Integrations/JamfProtectEventCollector/JamfProtectEventCollector.yml

Co-authored-by: ShirleyDenkberg <[email protected]>

* Update Packs/JamfProtect/Integrations/JamfProtectEventCollector/README.md

Co-authored-by: JudithB <[email protected]>

* Update Packs/JamfProtect/Integrations/JamfProtectEventCollector/JamfProtectEventCollector.py

Co-authored-by: JudithB <[email protected]>

* Update Packs/JamfProtect/Integrations/JamfProtectEventCollector/JamfProtectEventCollector.py

Co-authored-by: JudithB <[email protected]>

* updated test module, and added fetch assets command, and tests for it

* updated rn note

* sections added

* log type update to computers

* removed should push events parameter in fetch assets command

* Update Packs/JamfProtect/ReleaseNotes/1_2_0.md

Co-authored-by: JudithB <[email protected]>

---------

Co-authored-by: ShirleyDenkberg <[email protected]>
Co-authored-by: JudithB <[email protected]>

Author: 3 people

Packs/JamfProtect/Integrations/JamfProtectEventCollector/JamfProtectEventCollector.py

@@ -48,23 +48,25 @@ configuration:
   type: 0
   advanced: true
   section: Collect
-- additionalinfo: Maximum number of computer events to fetch at a time.
-  defaultvalue: '500'
-  display: Max computer events per fetch
-  name: max_fetch_computer
-  required: false
-  type: 0
+- additionalinfo: The fetch interval. It is recommended to set it to 12 hours. The minimum interval is 1 hour.
+  defaultvalue: 720
+  display: Fetch Computer Assets Interval
+  name: assetsFetchInterval
+  type: 19
+  section: Collect
   advanced: true
+  required: false
+- display: Fetch Events
+  name: isFetchEvents
+  type: 8
+  required: false
   section: Collect
-- display: Fetch all computers
-  name: fetch_all_computers
-  defaultvalue: "false"
+- display: Fetch Assets
+  name: isFetchAssets
   type: 8
   required: false
-  advanced: true
   section: Collect
-  additionalinfo: When set to true, retrieves all available computers during the initial fetch.
-description: Use this integration to fetch audit logs, alerts and computer events from Jamf Protect as events in Cortex XSIAM.
+description: Use this integration to fetch audit logs events, alerts events and computer assets from Jamf Protect to Cortex XSIAM.
 display: Jamf Protect Event Collector
 name: Jamf Protect Event Collector
 script:
@@ -87,11 +89,18 @@ script:
       required: false
     description: Gets events from Jamf Protect.
     name: jamf-protect-get-events
+  - arguments:
+    - description: The number of computer assets to return.
+      name: limit
+      defaultValue: 10
+    description: Gets computer assets from Jamf Protect.
+    name: jamf-protect-get-computer-assets
   runonce: false
   script: "-"
   type: python
   subtype: python3
   isfetchevents: true
+  isfetchassets: true
   dockerimage: demisto/python3:3.11.10.116949
 marketplaces:
 - marketplacev2

Packs/JamfProtect/Integrations/JamfProtectEventCollector/JamfProtectEventCollector.yml

@@ -1,8 +1,13 @@
-_____
+
 ## Jamf Protect Event Collector
-_____
-Use this integration to fetch audit logs, alerts and computer events from Jamf Protect as events in Cortex XSIAM.
-_____
+
+Use this integration to fetch audit logs, alerts events and computer assets from Jamf Protect to Cortex XSIAM.
+
+To fetch computer assets, enable the *Fetch assets and vulnerabilities* option. To retrieve audit logs and alert events, enable the *Fetch events*option.
+
+Computer assets dataset name: **jamf_protect_computers_raw**
+Events dataset name: **jamf_protect_raw**
+
 ## Creating an API Client in Jamf Protect
 Before you configure the integration, retrieve the API Client and Password from your Jamf Protect environment:
 1. In Jamf Protect, click **Administrative** > **API Clients**.