diff --git a/backend/routes/ivantiFpWorkflow.js b/backend/routes/ivantiFpWorkflow.js index 882d5a3..917051c 100644 --- a/backend/routes/ivantiFpWorkflow.js +++ b/backend/routes/ivantiFpWorkflow.js @@ -858,11 +858,21 @@ function createIvantiFpWorkflowRouter(db, requireAuth) { } const mapUrl = `/client/${encodeURIComponent(clientId)}/workflowBatch/falsePositive/${encodeURIComponent(mapUuid)}/map`; - const formFields = [{ name: 'subjectFilterRequest', value: buildSubjectFilterRequest(findingIds) }]; + const mapBody = { + subject: 'hostFinding', + filterRequest: { + filters: [{ + field: 'id', + exclusive: false, + operator: 'IN', + value: findingIds.map(id => String(id)).join(',') + }] + } + }; let mapResult; try { - mapResult = await ivantiFormPost(mapUrl, formFields, [], apiKey, skipTls); + mapResult = await ivantiPost(mapUrl, mapBody, apiKey, skipTls); } catch (networkErr) { logAudit(db, { userId: req.user.id, username: req.user.username, @@ -876,7 +886,7 @@ function createIvantiFpWorkflowRouter(db, requireAuth) { if (mapResult.status !== 200 && mapResult.status !== 201 && mapResult.status !== 202) { console.error('[mapFindings] Ivanti map failed — status:', mapResult.status, 'body:', (mapResult.body || '').substring(0, 500)); console.error('[mapFindings] Request URL:', mapUrl); - console.error('[mapFindings] Request fields:', JSON.stringify(formFields)); + console.error('[mapFindings] Request body:', JSON.stringify(mapBody)); const errorMap = { 401: 'Ivanti API key is invalid or missing. Contact your administrator.', 419: 'API key lacks permissions for this operation.',