Skip to content

Update index_prisma.py#24

Open
carreirorco wants to merge 1 commit into
PaloAltoNetworks:masterfrom
carreirorco:patch-1
Open

Update index_prisma.py#24
carreirorco wants to merge 1 commit into
PaloAltoNetworks:masterfrom
carreirorco:patch-1

Conversation

@carreirorco

@carreirorco carreirorco commented Jun 16, 2023

Copy link
Copy Markdown

Prisma sends alertId: "T-0" to SQS, so you need to change "P-0" to "T-0" for it to work.

Description

When Prisma validates the integration with AWS SQS, the alertId parameter is sent with the value "T-0" instead of "P-0" as it is in the test validation.

Motivation and Context

Example of the error that was occurring:

Error in SQS record. Raw message: {'messageId': 'XXX', 'receiptHandle': 'XXX', 'body': '{
        "sender": "Prisma Cloud Test Notification",
        "sentTs": XXX,
        "alertId": "T-0",
        "message":"This is a test message from Prisma Cloud initiated by \'XXX\' to validate integration \'XXX\'."
    }...
'resourceRegionId': Exception
Traceback (most recent call last):
  File "/var/task/index_prisma.py", line 156, in lambda_handler
    raise Exception(parsed_alert['error'])
Exception: 'resourceRegionId'

How Has This Been Tested?

After the change, just test the integration again and follow the log via AWS Cloudwatch:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|   timestamp   |                                                                               message                                                                                |
|---------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1686938679085 | INIT_START Runtime Version: python:3.10.v5 Runtime Version ARN: arn:aws:XXX                                                                                          |
| 1686938679439 | START RequestId: XXX           Version: $LATEST                                                                                                                      |
| 1686938679439 | #### Received 1 record(s) ####                                                                                                                                       |
| 1686938679439 | Prisma Cloud Test Notification                                                                                                                                       |
| 1686938679440 | END RequestId: XXX                                                                                                                                                   |
| 1686938679440 | REPORT RequestId: XXX Duration: 1.57 ms Billed Duration: 2 ms Memory Size: 128 MB Max Memory Used: 53 MB Init Duration: 352.81 ms                                    |
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes if appropriate.
  • All new and existing tests passed.

Prisma sends alertId: "T-0" to SQS, so you need to change "P-0" to "T-0" for it to work.
@welcome-to-palo-alto-networks

Copy link
Copy Markdown

🎉 Thanks for opening this pull request! We really appreciate contributors like you! 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant