Filtering via site-id or account-id is ignored when specified in the cmdline params for SentinelOne. Using the config works as expected.
What side of Surveyor is impacted?
[ ] Definition File
[x] Code/Logic
[ ] Other (please explain)
What product is impacted?
[ ] All Products
[ ] Carbon Black Response
[ ] Carbon Black Threat Hunter
[ ] Defender for Endpoints
[x] SentinelOne
[ ] Cortex
[ ] Other
Steps to reproduce
run surveyor with an account id specified in the config then run using a site-id filter.
What did you do?
What is the command line you're running that is causing the error?
Command line 'py .\surveyor.py --profile dfir --deffile .\definitions\rmm.json s1 --creds credfile.ini --site-id 1533494755586512471'
Expected behavior
When using the site-id filter in the cmdline params the site id should be added and used to filter down the results, however this is not being added and utilized when the api calls are being made.
It was also identified that the code checking for needing account ids when using power query is unneeded based on the current settings of the api. It was also identified that it was not functioning correctly as it was written.
Describe the bug
Filtering via site-id or account-id is ignored when specified in the cmdline params for SentinelOne. Using the config works as expected.
What side of Surveyor is impacted?
What product is impacted?
Steps to reproduce
run surveyor with an account id specified in the config then run using a site-id filter.
What did you do?
What is the command line you're running that is causing the error? Command line 'py .\surveyor.py --profile dfir --deffile .\definitions\rmm.json s1 --creds credfile.ini --site-id 1533494755586512471'
Expected behavior
When using the site-id filter in the cmdline params the site id should be added and used to filter down the results, however this is not being added and utilized when the api calls are being made.
Logfile output
[2023-12-15 10:02:47,910] [DEBUG ] [surveyor.s1 ] [sentinel_one.py :294 ] Site IDs: [ ] [2023-12-15 10:02:47,910] [DEBUG ] [surveyor.s1 ] [sentinel_one.py :295 ] Account IDs: ['1257393871178784542']
Additional context
It was also identified that the code checking for needing account ids when using power query is unneeded based on the current settings of the api. It was also identified that it was not functioning correctly as it was written.