From 47738d5650624bcd29d107632f140f6bd0db7684 Mon Sep 17 00:00:00 2001
From: Darya Koval <72339940+daryakoval@users.noreply.github.com>
Date: Thu, 7 Sep 2023 16:49:07 +0300
Subject: [PATCH] Cs limit in idp detections (#29550)

* revert change in idp detections

* rn

* rn

* fixes

* revert limit

---------

Co-authored-by: YuvHayun <yhayun011@gmail.com>
---
 .../Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py     | 4 ++--
 Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_9.md              | 6 ++++++
 Packs/CrowdStrikeFalcon/pack_metadata.json                  | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_9.md

diff --git a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
index 8323ce049b01..7fa1c6e32eaa 100644
--- a/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
+++ b/Packs/CrowdStrikeFalcon/Integrations/CrowdStrikeFalcon/CrowdStrikeFalcon.py
@@ -1369,7 +1369,7 @@ def get_idp_detections_ids(filter_arg=None, offset: int = 0, limit=INCIDENTS_PER
         :rtype ``dict``
     """
     params = {
-        'sort': 'created_timestamp.asc',
+        'sort': 'start_time.asc',
         'offset': offset,
         'filter': filter_arg
     }
@@ -2632,7 +2632,7 @@ def fetch_incidents():
                                                                     date_format=IDP_DATE_FORMAT)
         fetch_limit = current_fetch_info_idp_detections.get('limit') or INCIDENTS_PER_FETCH
         fetch_query = demisto.params().get('idp_detections_fetch_query', "")
-        filter = f"product:'idp'+created_timestamp:>'{start_fetch_time}'"
+        filter = f"product:'idp'+start_time:>'{start_fetch_time}'"
 
         if fetch_query:
             filter += f"+{fetch_query}"
diff --git a/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_9.md b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_9.md
new file mode 100644
index 000000000000..56afca738520
--- /dev/null
+++ b/Packs/CrowdStrikeFalcon/ReleaseNotes/1_11_9.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### CrowdStrike Falcon
+
+- Fixed an issue where there was inconsistency in the last_run object for **IDP Detection** incident type.
\ No newline at end of file
diff --git a/Packs/CrowdStrikeFalcon/pack_metadata.json b/Packs/CrowdStrikeFalcon/pack_metadata.json
index 333712b72797..2eaa4fbd29bf 100644
--- a/Packs/CrowdStrikeFalcon/pack_metadata.json
+++ b/Packs/CrowdStrikeFalcon/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "CrowdStrike Falcon",
     "description": "The CrowdStrike Falcon OAuth 2 API (formerly the Falcon Firehose API), enables fetching and resolving detections, searching devices, getting behaviors by ID, containing hosts, and lifting host containment.",
     "support": "xsoar",
-    "currentVersion": "1.11.8",
+    "currentVersion": "1.11.9",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",