Closed xC0uNt3r7hr34t closed 6 months ago
jholtmann
commented
7 months ago Is this a recent change in the way PQ handles scope IDs? I haven't checked recently but last I tested omitting the account ID led to receiving results from the global scope.
xC0uNt3r7hr34t
commented
7 months ago I'm unsure if it was a change in the API or not. Based on the API docs and my testing, you can query with only the account ID, only the site ID, or both and it will return proper results. The main issue was the variables for kwargs were not correct and not picking up the actual input. With the checks if the account ID existed it was adding the site ID instead of the account ID.
xC0uNt3r7hr34t
commented
6 months ago can these changes be merged?
Resolves filtering issues with SentinelOne when specifying id filters in the cmdline. it also fixes a code check validating the account id is always added when site ids are in use. It should be noted that PQ does not require an account id but the code was left as it was as a safety precaution in case API requirements change in the future. Including both account and site ids will result in the same output as just specifying the site id and it will also avoid if there is ever a site id collision among multiple account ids.
Resolves #155