Merge pull request #13126 from srikarshastry/feature/srsistla/crowdstrikeApi

[CrowdstrikeApiConnector] - fix rate limit exceptions

Author: hassanchawiche

Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_Definition.json

@@ -101,7 +101,8 @@
             "requiredPermissions": {
               "write": true,
               "read": true,
-              "delete": true
+              "delete": true,
+              "action": false
             }
           }
         ]
@@ -111,12 +112,6 @@
           "title": "Configuration steps for the CrowdStrike API",
           "description": "Follow the instructions below to obtain your CrowdStrike API credentials.",
           "instructions": [
-            {
-              "type": "Markdown",
-              "parameters": {
-                "content": "#### Configuration steps for the CrowdStrike API\nFollow the instructions below to obtain your CrowdStrike API credentials."
-              }
-            },
             {
               "type": "Markdown",
               "parameters": {

Solutions/CrowdStrike Falcon Endpoint Protection/Data Connectors/CrowdStrikeAPI_ccp/CrowdStrikeAPI_PollingConfig.json

@@ -20,11 +20,11 @@
       "request": {
         "apiEndpoint": "[[concat(parameters('apiUrl'),'/spotlight/combined/vulnerabilities/v1')]",
         "httpMethod": "GET",
-        "rateLimitQPS": 10,
-        "queryWindowInMin": 5,
+        "rateLimitQPS": 1,
+        "queryWindowInMin": 15,
         "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "retryCount": 3,
-        "timeoutInSeconds": 68,
+        "retryCount": 5,
+        "timeoutInSeconds": 90,
         "headers": {
           "Content-Type": "application/json",
           "Accept": "application/json",
@@ -45,7 +45,7 @@
         "pagingType": "NextPageToken",
         "nextPageTokenJsonPath": "$.meta.pagination.after",
         "NextPageParaName": "after",
-        "pageSize": 100,
+        "pageSize": 50,
         "pageSizeParameterName": "limit"
       },
       "connectorDefinitionName": "CrowdStrikeAPICCPDefinition",
@@ -78,11 +78,11 @@
       "request": {
         "apiEndpoint": "[[concat(parameters('apiUrl'),'/alerts/combined/alerts/v1')]",
         "httpMethod": "POST",
-        "rateLimitQPS": 10,
-        "queryWindowInMin": 5,
+        "rateLimitQPS": 1,
+        "queryWindowInMin": 15,
         "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "retryCount": 3,
-        "timeoutInSeconds": 91,
+        "retryCount": 5,
+        "timeoutInSeconds": 120,
         "isPostPayloadJson": true,
         "headers": {
           "Content-Type": "application/json",
@@ -101,7 +101,7 @@
         "pagingType": "PersistentToken",
         "nextPageTokenJsonPath": "$.meta.pagination.after",
         "nextPageParaName": "after",
-        "pageSize": 100
+        "pageSize": 50
       },
       "connectorDefinitionName": "CrowdStrikeAPICCPDefinition",
       "dataType": "CrowdStrikeAlerts",
@@ -133,20 +133,19 @@
       "request": {
         "apiEndpoint": "[[concat(parameters('apiUrl'),'/incidents/queries/incidents/v1')]",
         "httpMethod": "GET",
-        "rateLimitQPS": 10,
-        "queryWindowInMin": 7,
+        "rateLimitQPS": 1,
+        "queryWindowInMin": 15,
         "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "retryCount": 3,
-        "timeoutInSeconds": 60,
+        "retryCount": 5,
+        "timeoutInSeconds": 90,
         "headers": {
           "Content-Type": "application/json",
           "Accept": "application/json",
           "User-Agent": "Scuba"
         },
         "queryParameters": {
           "filter": "modified_timestamp:>'{_QueryWindowStartTime}'+modified_timestamp:<='{_QueryWindowEndTime}'",
-          "sort": "modified_timestamp.asc",
-          "limit": "500"
+          "sort": "modified_timestamp.asc"
         }
       },
       "response": {
@@ -158,7 +157,7 @@
       "paging": {
         "pagingType": "Offset",
         "offsetParaName": "offset",
-        "pageSize": 500,
+        "pageSize": 50,
         "pageSizeParameterName": "limit"
       },
       "stepInfo": {
@@ -176,10 +175,10 @@
           "request": {
             "apiEndpoint": "[[concat(parameters('apiUrl'),'/incidents/entities/incidents/GET/v1')]",
             "httpMethod": "POST",
-            "rateLimitQPS": 10,
+            "rateLimitQPS": 1,
             "queryWindowInMin": 5,
-            "retryCount": 3,
-            "timeoutInSeconds": 65,
+            "retryCount": 5,
+            "timeoutInSeconds": 90,
             "logResponseContent": true,
             "isPostPayloadJson": true,
             "headers": {
@@ -227,11 +226,11 @@
       "request": {
         "apiEndpoint": "[[concat(parameters('apiUrl'),'/alerts/combined/alerts/v1')]",
         "httpMethod": "POST",
-        "rateLimitQPS": 10,
-        "queryWindowInMin": 6,
+        "rateLimitQPS": 1,
+        "queryWindowInMin": 15,
         "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "retryCount": 3,
-        "timeoutInSeconds": 70,
+        "retryCount": 5,
+        "timeoutInSeconds": 120,
         "isPostPayloadJson": true,
         "headers": {
           "Content-Type": "application/json",
@@ -250,7 +249,7 @@
         "pagingType": "PersistentToken",
         "nextPageTokenJsonPath": "$.meta.pagination.after",
         "nextPageParaName": "after",
-        "pageSize": 100
+        "pageSize": 50
       },
       "connectorDefinitionName": "CrowdStrikeAPICCPDefinition",
       "dataType": "CrowdStrikeDetections",
@@ -282,11 +281,11 @@
       "request": {
         "apiEndpoint": "[[concat(parameters('apiUrl'),'/devices/combined/devices/v1')]",
         "httpMethod": "GET",
-        "rateLimitQPS": 10,
-        "queryWindowInMin": 5,
+        "rateLimitQPS": 1,
+        "queryWindowInMin": 15,
         "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-        "retryCount": 3,
-        "timeoutInSeconds": 63,
+        "retryCount": 5,
+        "timeoutInSeconds": 90,
         "headers": {
           "Content-Type": "application/json",
           "Accept": "application/json",
@@ -307,7 +306,7 @@
         "pagingType": "NextPageToken",
         "nextPageTokenJsonPath": "$.meta.pagination.next",
         "NextPageParaName": "offset",
-        "pageSize": 100,
+        "pageSize": 50,
         "pageSizeParameterName": "limit"
       },
       "connectorDefinitionName": "CrowdStrikeAPICCPDefinition",

Solutions/CrowdStrike Falcon Endpoint Protection/Data/Solution_CrowdStrike.json

@@ -30,7 +30,7 @@
    "azuresentinel.azure-sentinel-solution-commoneventformat"
    ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\CrowdStrike Falcon Endpoint Protection",
-  "Version": "3.1.6",
+  "Version": "3.1.7",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false