SI-33125: fix token expiry, add trigger checkpointing, add filters to…#3814
Draft
landrisek-r7 wants to merge 1 commit intomasterfrom
Draft
SI-33125: fix token expiry, add trigger checkpointing, add filters to…#3814landrisek-r7 wants to merge 1 commit intomasterfrom
landrisek-r7 wants to merge 1 commit intomasterfrom
Conversation
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Collaborator
|
This has been address in the following PR (#3822) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes three issues found during escalation SI-33125 where the Azure Sentinel trigger stops picking up incidents after running for a while.
What changed:
api.py — Auth token was set once in init and never refreshed. After ~60 min it expires and all API calls start failing with 401. Now self.headers is a property that checks token TTL and refreshes proactively before expiry.
trigger.py — Polling window was calculated as now - interval on every tick with no state persistence. If the container restarts or lags, incidents in the gap are lost. Now uses self.state to checkpoint the last processed incident timestamp across restarts.
action.py + plugin.spec.yaml — List Incidents action had no support for status or time filters, making the Timer + List Incidents workaround useless. Added optional status and created_from params using the same generate_query_params logic the trigger uses.
Bumped version to 2.2.0.