fix: use JSON POST instead of multipart for Ivanti map endpoint

backend/routes/ivantiFpWorkflow.js

@@ -858,11 +858,21 @@ function createIvantiFpWorkflowRouter(db, requireAuth) {
             }
 
             const mapUrl = `/client/${encodeURIComponent(clientId)}/workflowBatch/falsePositive/${encodeURIComponent(mapUuid)}/map`;
-            const formFields = [{ name: 'subjectFilterRequest', value: buildSubjectFilterRequest(findingIds) }];
+            const mapBody = {
+                subject: 'hostFinding',
+                filterRequest: {
+                    filters: [{
+                        field: 'id',
+                        exclusive: false,
+                        operator: 'IN',
+                        value: findingIds.map(id => String(id)).join(',')
+                    }]
+                }
+            };
 
             let mapResult;
             try {
-                mapResult = await ivantiFormPost(mapUrl, formFields, [], apiKey, skipTls);
+                mapResult = await ivantiPost(mapUrl, mapBody, apiKey, skipTls);
             } catch (networkErr) {
                 logAudit(db, {
                     userId: req.user.id, username: req.user.username,
@@ -876,7 +886,7 @@ function createIvantiFpWorkflowRouter(db, requireAuth) {
             if (mapResult.status !== 200 && mapResult.status !== 201 && mapResult.status !== 202) {
                 console.error('[mapFindings] Ivanti map failed — status:', mapResult.status, 'body:', (mapResult.body || '').substring(0, 500));
                 console.error('[mapFindings] Request URL:', mapUrl);
-                console.error('[mapFindings] Request fields:', JSON.stringify(formFields));
+                console.error('[mapFindings] Request body:', JSON.stringify(mapBody));
                 const errorMap = {
                     401: 'Ivanti API key is invalid or missing. Contact your administrator.',
                     419: 'API key lacks permissions for this operation.',