diff --git a/stix_shifter_modules/msatp/stix_transmission/connector.py b/stix_shifter_modules/msatp/stix_transmission/connector.py index 864c9b790..86f55db03 100644 --- a/stix_shifter_modules/msatp/stix_transmission/connector.py +++ b/stix_shifter_modules/msatp/stix_transmission/connector.py @@ -76,7 +76,7 @@ async def create_results_connection(self, query, offset, length): async def api_run(q): return await self.api_client_run_search(q, length, offset) - return util.post_process(response_data, return_obj, api_run) + return await util.post_process(response_data, return_obj, api_run) except Exception as ex: if response_txt is not None: ErrorResponder.fill_error(return_obj, message='unexpected exception', connector=self.connector) diff --git a/stix_shifter_modules/msatp/stix_transmission/connector_post_processing.py b/stix_shifter_modules/msatp/stix_transmission/connector_post_processing.py index ed4e31225..d1853bb30 100644 --- a/stix_shifter_modules/msatp/stix_transmission/connector_post_processing.py +++ b/stix_shifter_modules/msatp/stix_transmission/connector_post_processing.py @@ -182,7 +182,7 @@ def join_query_with_other_tables(self, query, include_alerts=True): query = ConnectorPostProcessing.DEVICE_NETWORK_QUERY.format(query) return query - def post_process(self, response_data, return_obj, api_client_run_search): + async def post_process(self, response_data, return_obj, api_client_run_search): response_data = merge_alerts(response_data) for event_data in response_data: table = event_data.get('TableName') @@ -194,7 +194,7 @@ def post_process(self, response_data, return_obj, api_client_run_search): # query events table according to alert fields joined_query = self.join_alert_with_events(timestamp, device_name, report_id) print("joining alert with events: ", joined_query) - events_data = api_client_run_search(joined_query) + events_data = await api_client_run_search(joined_query) if len(events_data) == 0: # if only alert - assign the alert title to x-oca-event event_data['ActionType'] = event_data.get("Title")