Hi community, I am new here.
I am trying to integrate the Cortex XDR API for incidents into Azure Sentinel using the new Codeless Connector Platform (CCP). The challenge I have is that the Cortex API doesn't appear to have any indicator as to where you are up to in the response that is coming back. It gives the total number of records and the number in the batch but not the number of batches or where you are up to. With the CCP there are limited options when it comes to pagination and tracking the number of responses does not appear to be something it can do.
I was wondering if anyone has been able to implement pagination in such a way that you don't have to track where you are up to. I had looked at using the last items date as the start of the next, but because the filter is a "gte" operator that won't work as I will always get stuck on the last item as it will always return something and never return an empty result set.
Any help appreciated.
Hi @Phil007 The way I'd try to handle pagination is by iterating through calls based on the total_count parameter. Note that the list of results,
The search size must fulfill the requirement: 0 < search_size <= 100. So you'll need to iterate through the total_count of incidents, incrementing the starting and ending values of the search_size by 100 with each iteration.
An example of that would be a tenant with 256 incidents (incident values 0-255).
I have also provided another example in this post here for you to review and see if it meets your needs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!