rapid7 · nmccullagh-r7 · Nov 18, 2024 · Nov 18, 2024
diff --git a/plugins/carbon_black_cloud/.CHECKSUM b/plugins/carbon_black_cloud/.CHECKSUM
@@ -1,7 +1,7 @@
 {
-	"spec": "e65a2ba63a0336dd71483fe60f8fc09e",
-	"manifest": "cc99bad588629becc537d4e9726b339c",
-	"setup": "a3be16b44e39ce0215df20244b1b719d",
+	"spec": "d3a3c54a6cc4009e9e997792b2c21ffa",
+	"manifest": "a613c9c4b5853d61cfcc13528600116b",
+	"setup": "4efb422e05d1ff929fa90a296d69a426",
 	"schemas": [
 		{
 			"identifier": "get_agent_details/schema.py",

diff --git a/plugins/carbon_black_cloud/Dockerfile b/plugins/carbon_black_cloud/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.1.4
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:6.2.0
 
 LABEL organization=rapid7
 LABEL sdk=python

diff --git a/plugins/carbon_black_cloud/bin/icon_carbon_black_cloud b/plugins/carbon_black_cloud/bin/icon_carbon_black_cloud
@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "VMware Carbon Black Cloud"
 Vendor = "rapid7"
-Version = "2.2.7"
+Version = "2.2.8"
 Description = "The [VMware Carbon Black Cloud](https://www.carbonblack.com/products/vmware-carbon-black-cloud/) is a cloud-native endpoint protection platform (EPP) that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console. Manage and contain threats on your Carbon Black endpoints using this plugin"
 
 

diff --git a/plugins/carbon_black_cloud/help.md b/plugins/carbon_black_cloud/help.md
diff --git a/plugins/carbon_black_cloud/icon_carbon_black_cloud/tasks/monitor_alerts/task.py b/plugins/carbon_black_cloud/icon_carbon_black_cloud/tasks/monitor_alerts/task.py
@@ -119,12 +119,19 @@ def run(self, params={}, state={}, custom_config={}):  # pylint: disable=unused-
             state[RATE_LIMITED] = (self._get_current_time() + timedelta(minutes=5)).strftime(TIME_FORMAT)
             return alerts_and_observations, state, False, 200, rate_limit_error
         except HTTPErrorException as http_error:
-            state = self._update_state_in_404(http_error.status_code, state, alerts_success)
+
+            status_code, has_more_pages, error, state = self._handle_404_status_code(http_error, state, alerts_success)
+
             self.logger.info(
-                f"HTTP error from Carbon Black. State={state}, Status code={http_error.status_code}, returning"
-                f" {(len(alerts_and_observations))} items..."
+                "HTTP error from Carbon Black",
+                error=http_error.cause,
+                status_code=http_error.status_code,
+                returning_code=status_code,
+                state=state,
             )
-            return alerts_and_observations, state, False, http_error.status_code, http_error
+
+            return alerts_and_observations, state, has_more_pages, status_code, error
+
         except Exception as error:
             self.logger.error(
                 f"Hit an unexpected error during task execution. State={state}, Error={error}", exc_info=True
@@ -378,11 +385,17 @@ def _check_if_job_time_exceeded(self, job_start_time: str, job_id: str) -> bool:
 
         return False  # job time is still valid - honor contact vs completed values
 
-    def _update_state_in_404(self, status_code: int, state: Dict[str, str], alerts_success: bool) -> Dict[str, str]:
+    def _handle_404_status_code(
+        self, http_exception: HTTPErrorException, state: Dict[str, str], alerts_success: bool
+    ) -> tuple[int, bool, HTTPErrorException, Dict[str, str]]:
         """
         In the case that the observation ID from CB is no longer available and we return a 404, we should delete this ID
         from the state so that the next run can move on and not continually poll for this missing job.
         """
+
+        has_more_pages = False
+        status_code = http_exception.status_code
+        http_error = http_exception
         if alerts_success and status_code == 404:
             observation_job_id = state.get(LAST_OBSERVATION_JOB)
             if observation_job_id:
@@ -392,9 +405,13 @@ def _update_state_in_404(self, status_code: int, state: Dict[str, str], alerts_s
                 )
                 # Only delete the observation ID and the time this was triggered
                 # But keep the hashes and timings in the state for the next job
+                status_code = 200
+                has_more_pages = True
+                http_error = None
                 del state[LAST_OBSERVATION_JOB]
                 del state[LAST_OBSERVATION_JOB_TIME]
-        return state
+
+        return status_code, has_more_pages, http_error, state
 
     @staticmethod
     def _get_current_time():

diff --git a/plugins/carbon_black_cloud/plugin.spec.yaml b/plugins/carbon_black_cloud/plugin.spec.yaml
@@ -4,7 +4,7 @@ products: [insightconnect]
 name: carbon_black_cloud
 title: VMware Carbon Black Cloud
 description: The [VMware Carbon Black Cloud](https://www.carbonblack.com/products/vmware-carbon-black-cloud/) is a cloud-native endpoint protection platform (EPP) that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console. Manage and contain threats on your Carbon Black endpoints using this plugin
-version: 2.2.7
+version: 2.2.8
 vendor: rapid7
 support: rapid7
 cloud_ready: true
@@ -18,6 +18,7 @@ requirements:
   - API Credentials
   - Base URL
 version_history:
+  - "2.2.8 - Fix error handling for HTTP Not Found status code responses from Carbon Black Cloud | Update SDK to 6.2.0"
   - "2.2.7 - Restrain the observability window to a configurable amount if data collection falls behind"
   - "2.2.6 - Update SDK to 6.1.4"
   - "2.2.5 - To split the PAGE_SIZE limit into ALERT_PAGE_SIZE and OBSERVATION_PAGE_SIZE"
@@ -53,7 +54,7 @@ hub_tags:
   features: []
 sdk:
   type: full
-  version: 6.1.4
+  version: 6.2.0
   user: nobody
 types:
   agent:

diff --git a/plugins/carbon_black_cloud/setup.py b/plugins/carbon_black_cloud/setup.py
@@ -3,7 +3,7 @@
 
 
 setup(name="carbon_black_cloud-rapid7-plugin",
-      version="2.2.7",
+      version="2.2.8",
       description="The [VMware Carbon Black Cloud](https://www.carbonblack.com/products/vmware-carbon-black-cloud/) is a cloud-native endpoint protection platform (EPP) that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console. Manage and contain threats on your Carbon Black endpoints using this plugin",
       author="rapid7",
       author_email="",

diff --git a/plugins/carbon_black_cloud/unit_test/test_monitor_alerts.py b/plugins/carbon_black_cloud/unit_test/test_monitor_alerts.py
@@ -257,7 +257,7 @@ def test_rate_limiting_on_getting_observation(self, mock_req: MagicMock, _mock_d
                 ],
                 task_404_on_third_request,
                 1,  # able to retrieve the alerts then dedupe and save the observation ID,
-                404,
+                200,
             ],
             [
                 [ConnectTimeout(), "empty_response", "empty_response"],
@@ -294,7 +294,7 @@ def test_http_exceptions(
 
         self.assertEqual(expected_status_code, status_code)
         self.assertEqual(num_logs, len(response))
-        self.assertFalse(has_more_pages)
+        self.assertEqual(has_more_pages, status_code == 200)
 
         self.assertDictEqual(expected_state, new_state)