rapid7 · ablakley-r7 · Jun 6, 2025 · Jun 6, 2025
@@ -1,51 +1,51 @@
 {
-	"spec": "75575247b4d695fef8e1e71294f98c43",
-	"manifest": "890583ee056a00ff5e7a235cbe4b4243",
-	"setup": "1909f54fc45c060127294dc9e92c0133",
+	"spec": "79fd30e6eaa09b554ba273b9ea1e778b",
+	"manifest": "bae6043142fcb0a3ff8847bf20220744",
+	"setup": "ab80666d86586b42b97f89de530d3dfb",
 	"schemas": [
 		{
 			"identifier": "allow_file/schema.py",
-			"hash": "3e67339cb17d76d74fd81fb073511a36"
+			"hash": "8410950b3c04b201b524dfbc1233cf6f"
 		},
 		{
 			"identifier": "block_file/schema.py",
-			"hash": "bff8d1ae355617cdca391d2b8bb49d7d"
+			"hash": "35704ca51430c17dd945bc3be27dc569"
 		},
 		{
 			"identifier": "get_endpoint_details/schema.py",
-			"hash": "83ee203288356907ab97aae2f90c2154"
+			"hash": "41a3d16e10275d9b2a3ee77453d6c6ae"
 		},
 		{
 			"identifier": "get_file_quarantine_status/schema.py",
-			"hash": "ec41c5f88476f5b2b05e1dfb4d788759"
+			"hash": "cea0fb4403c33b1e776c7212e88b0ad4"
 		},
 		{
 			"identifier": "get_xql_query_results/schema.py",
-			"hash": "c10e83968468efc155da6d9ba710cb47"
+			"hash": "38de385c6e281776c4157eca58c63caa"
 		},
 		{
 			"identifier": "isolate_endpoint/schema.py",
-			"hash": "2b35a79f32fd38e7548b0bd8e145356b"
+			"hash": "19e67fa494b3d62f3fcf3007fb428481"
 		},
 		{
 			"identifier": "connection/schema.py",
-			"hash": "292b006db45e73f699b01cd785efda35"
+			"hash": "6ff40fad3766592f67a1df4c88e4080a"
 		},
 		{
 			"identifier": "monitor_alerts/schema.py",
-			"hash": "fa218a52dd4f09cd84af6fd581de5ff7"
+			"hash": "cd820dd29b247aec9843955c80d98999"
 		},
 		{
 			"identifier": "get_alerts/schema.py",
-			"hash": "bc4bfab861c9ddeb3508cf1ab1af537b"
+			"hash": "2a96d7510064e221b2f1a758979a4266"
 		},
 		{
 			"identifier": "get_incidents/schema.py",
-			"hash": "4b052146052a423541583920d8afd5c6"
+			"hash": "b2a10bd1078accd63088e17bd8aec8e4"
 		},
 		{
 			"identifier": "get_query_results/schema.py",
-			"hash": "64c151d95839f2c46a85d401b0d98e5f"
+			"hash": "52d974437eb78eb6dd99dd3f88895955"
 		}
 	]
-}
+}
@@ -1,20 +1,34 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.2.4
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.3.4 AS builder
+
+WORKDIR /python/src
+
+ADD ./plugin.spec.yaml /plugin.spec.yaml
+ADD ./requirements.txt /python/src/requirements.txt
+ADD . /python/src
+
+
+
+RUN pip install .
+RUN pip uninstall -y setuptools
+
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.3.4
 
 LABEL organization=rapid7
 LABEL sdk=python
 
 WORKDIR /python/src
 
-ADD ./plugin.spec.yaml /plugin.spec.yaml
-ADD ./requirements.txt /python/src/requirements.txt
+COPY --from=builder /python/src /python/src
+COPY --from=builder /plugin.spec.yaml /plugin.spec.yaml
+
 
 RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
 
-ADD . /python/src
+ENV PYTHONPATH="/python/src:${PYTHONPATH}"
 
-RUN python setup.py build && python setup.py install
+RUN rm -rf /root/.cache;
 
 # User to run plugin code. The two supported users are: root, nobody
 USER nobody
 
-ENTRYPOINT ["/usr/local/bin/icon_palo_alto_cortex_xdr"]
+ENTRYPOINT ["python", "/python/src/bin/icon_palo_alto_cortex_xdr"]
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Palo Alto Cortex XDR"
 Vendor = "rapid7"
-Version = "4.0.6"
+Version = "4.0.7"
 Description = "Stop modern attacks with the industry's first extended detection and response platform that spans your endpoints, network and cloud data"
 
 

@@ -927,6 +927,7 @@ Isolate Endpoint fails with 500 error - This will happen if an isolation action
 
 # Version History
 
+* 4.0.7 - Update `MonitorAlerts` to resume alert monitoring from appropriate cutoff value if restarted | Update SDK to 6.3.4
 * 4.0.6 - Update `MonitorAlerts` to resume alert monitoring from the last task run time | Update error handling to log additional data | Update SDK to 6.2.4
 * 4.0.5 - Update `MonitorAlerts` task pagination decision handling | update SDK to 6.2.2
 * 4.0.4 - Raise authentication errors if provided invalid credentials

@@ -11,4 +11,3 @@
 from .block_file.action import BlockFile
 
 from .get_xql_query_results.action import GetXqlQueryResults
-
@@ -18,7 +18,8 @@ class Output:
 
 
 class AllowFileInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -49,14 +50,16 @@ class AllowFileInput(insightconnect_plugin_runtime.Input):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class AllowFileOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -73,7 +76,8 @@ class AllowFileOutput(insightconnect_plugin_runtime.Output):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -18,7 +18,8 @@ class Output:
 
 
 class BlockFileInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -49,14 +50,16 @@ class BlockFileInput(insightconnect_plugin_runtime.Input):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class BlockFileOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -73,7 +76,8 @@ class BlockFileOutput(insightconnect_plugin_runtime.Output):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -17,7 +17,8 @@ class Output:
 
 
 class GetEndpointDetailsInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -34,14 +35,16 @@ class GetEndpointDetailsInput(insightconnect_plugin_runtime.Input):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class GetEndpointDetailsOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -195,7 +198,8 @@ class GetEndpointDetailsOutput(insightconnect_plugin_runtime.Output):
     }
   }
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -18,7 +18,8 @@ class Output:
 
 
 class GetFileQuarantineStatusInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -49,14 +50,16 @@ class GetFileQuarantineStatusInput(insightconnect_plugin_runtime.Input):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class GetFileQuarantineStatusOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -73,7 +76,8 @@ class GetFileQuarantineStatusOutput(insightconnect_plugin_runtime.Output):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -20,7 +20,8 @@ class Output:
 
 
 class GetXqlQueryResultsInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -66,14 +67,16 @@ class GetXqlQueryResultsInput(insightconnect_plugin_runtime.Input):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class GetXqlQueryResultsOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -145,7 +148,8 @@ class GetXqlQueryResultsOutput(insightconnect_plugin_runtime.Output):
     }
   }
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -18,7 +18,8 @@ class Output:
 
 
 class IsolateEndpointInput(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -57,14 +58,16 @@ class IsolateEndpointInput(insightconnect_plugin_runtime.Input):
   ],
   "definitions": {}
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
 
 
 class IsolateEndpointOutput(insightconnect_plugin_runtime.Output):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -106,7 +109,8 @@ class IsolateEndpointOutput(insightconnect_plugin_runtime.Output):
     }
   }
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -11,7 +11,8 @@ class Input:
 
 
 class ConnectionSchema(insightconnect_plugin_runtime.Input):
-    schema = json.loads(r"""
+    schema = json.loads(
+        r"""
    {
   "type": "object",
   "title": "Variables",
@@ -73,7 +74,8 @@ class ConnectionSchema(insightconnect_plugin_runtime.Input):
     }
   }
 }
-    """)
+    """
+    )
 
     def __init__(self):
         super(self.__class__, self).__init__(self.schema)
@@ -1,4 +1,3 @@
 # GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT
 
 from .monitor_alerts.task import MonitorAlerts
-
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,4 +11,3 @@
		from .block_file.action import BlockFile

		from .get_xql_query_results.action import GetXqlQueryResults
Original file line number	Diff line number	Diff line change
		@@ -1,4 +1,3 @@
		# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT

		from .monitor_alerts.task import MonitorAlerts