Skip to content

Nozomi Networks Add Alert Update Workflow and Improve Authentication Resilience #303#305

Merged
ChrisCollinsIBM merged 2 commits intoIBM:masterfrom
NozomiNetworks:nozomi_networks_workflows_update
Mar 5, 2026
Merged

Nozomi Networks Add Alert Update Workflow and Improve Authentication Resilience #303#305
ChrisCollinsIBM merged 2 commits intoIBM:masterfrom
NozomiNetworks:nozomi_networks_workflows_update

Conversation

@nicoloereni
Copy link
Contributor

@nicoloereni nicoloereni commented Feb 20, 2026

  • Added a new workflow file NN-Universal-Alert-Updated-Workflow.xml for improved alert retrieval and processing, including robust pagination, bookmarking, and error handling.
  • Enhanced bearer token extraction logic in NN-Universal-Alert-Workflow.xml and NN-Universal-Asset-Workflow.xml to handle both Authorization and authorization header casing, improving compatibility with different API responses.

@nicoloereni nicoloereni force-pushed the nozomi_networks_workflows_update branch from 7af5acb to 0adb7d1 Compare February 20, 2026 14:57
@nicoloereni
Copy link
Contributor Author

nicoloereni commented Mar 2, 2026

Hi @ChrisCollinsIBM,

Could you please review the PR when you get a chance?

Thanks!

@ChrisCollinsIBM
Copy link
Contributor

ChrisCollinsIBM commented Mar 2, 2026

Hi @nicoloereni, can you provide some clarification on what Community Developed/NozomiNetworks/Universal/NN-Universal-Alert-Updated-Workflow.xml is specifically for?

It's a new file added this PR, but has the 1.0.1 version number still and isn't mentioned in the README.

When would someone want to use this workflow file?

@nicoloereni
Copy link
Contributor Author

nicoloereni commented Mar 4, 2026
edited
Loading

Hi @nicoloereni, can you provide some clarification on what Community Developed/NozomiNetworks/Universal/NN-Universal-Alert-Updated-Workflow.xml is specifically for?

It's a new file added this PR, but has the 1.0.1 version number still and isn't mentioned in the README.

When would someone want to use this workflow file?

@ChrisCollinsIBM good point, thanks.

The NN-Universal-Alert-Updated workflow is intended for environments where alerts need to be retrieved based on record_updated_at rather than record_created_at. This allows QRadar to receive not only newly created alerts but also updates to existing alerts.

The existing NN-Universal-Alert workflow instead retrieves alerts only based on record_created_at, so it only sends newly created alerts.

I’ve updated the README to clarify when each workflow should be used.

@nicoloereni
* Added a new workflow file NN-Universal-Alert-Updated-Workflow.xml
543f9c3 
… for improved alert retrieval and processing, including robust pagination, bookmarking, and error handling.

* Enhanced bearer token extraction logic in `NN-Universal-Alert-Workflow.xml` and `NN-Universal-Asset-Workflow.xml` to handle both `Authorization` and `authorization` header casing, improving compatibility with different API responses.

Signed-off-by: Nicolò <[email protected]>
@nicoloereni
* update readme
fbd5602 
Signed-off-by: Nicolò <[email protected]>
@nicoloereni nicoloereni force-pushed the nozomi_networks_workflows_update branch from 3df2a0e to fbd5602 Compare March 4, 2026 14:26
@ChrisCollinsIBM
Copy link
Contributor

ChrisCollinsIBM commented Mar 5, 2026

Hi @nicoloereni, can you provide some clarification on what Community Developed/NozomiNetworks/Universal/NN-Universal-Alert-Updated-Workflow.xml is specifically for?
It's a new file added this PR, but has the 1.0.1 version number still and isn't mentioned in the README.
When would someone want to use this workflow file?

@ChrisCollinsIBM good point, thanks.

The NN-Universal-Alert-Updated workflow is intended for environments where alerts need to be retrieved based on record_updated_at rather than record_created_at. This allows QRadar to receive not only newly created alerts but also updates to existing alerts.

The existing NN-Universal-Alert workflow instead retrieves alerts only based on record_created_at, so it only sends newly created alerts.

I’ve updated the README to clarify when each workflow should be used.

Perfect, that helps clarify things. Thanks!

@ChrisCollinsIBM ChrisCollinsIBM self-requested a review March 5, 2026 15:42
ChrisCollinsIBM
ChrisCollinsIBM approved these changes Mar 5, 2026
View reviewed changes
Copy link
Contributor

@ChrisCollinsIBM ChrisCollinsIBM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update and the clarification on the README as to the use case for the new workflow file.

@ChrisCollinsIBM ChrisCollinsIBM merged commit ec0e9f8 into IBM:master Mar 5, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChrisCollinsIBM ChrisCollinsIBM ChrisCollinsIBM approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nicoloereni @ChrisCollinsIBM