Please use Instant type for startTime and endTime

nit: See if using Optional<> for paginationLink adds any redability.

Use Noisy flag to avoid repeated logging in the case of repeated failures.

log.error(NOISY, "Error fetching CrowdStrike content from URI: {}", uri, e);

Also, it looks like you are not doing anything here by catching. Do you really want to catch it here?

I wanted to log the exact URI that's throwing error but I'm also doing it in invokeGetAPI method, I'll remove this try catch block.

headers itself could be null. Either handle null case or have only one constructor that takes both the arguments and that is the only way to initialize this instance.

CrowdStrike API returns a header even if API throws an error. I'll create a constructor that takes header and body as inputs.

May be it is good to have this synchronized block inside getAuthToken() method? Otherwise, there is no protection if someone call getAuthToken() concurrently

@san81 I think we should keep synchronized block inside refreshToken method because getAuthToken is called from initCredentials as well. initCredentials is only called once before we start crawler, it doesn't need synchronization. RefreshToken is the only way to call getAuthToken in multi-thread manner and if multiple threads are trying to refreshToken at the same time we can block them there itself.

I would recommend to see the possibility of reusing existing code here. I see the current RestClient code is more inside the Atlassian commons but we can pull that out into the source crawler and make it available for any future saas sources as well.

By reusing, we will minimize the future code maintenance and make sure every plugin gets the future fixes.

I see the additional headers setup in this method which was done here in the Atlassian case. That is also generalizable.

AddressValidation validation is something that you probably don't need as you are not even asking for url from the customer. Apart from that, we can reuse rest of the logic. Lets try that here.

Thanks @san81 I'll refactor this in the follow up PR.

is it Ok to continue in this case?

Yes, it is okay to continue here because there is no point in further validating that sub filter. We will just ignore that subfilter completely and move on to the next one. for example if url is last_updated:>=1745519529+bad%ZZsegment+_marker:<'abc'> we will ignore bad%ZZsegment and santize url last_updated:>=1745519529+_marker:<'abc'>

nit: double / after crowdstrike.com. probably a typo?

is null an acceptable value for startTime and endTime?

No, startTime and endTime cannot be null anymore because we are passing Instant now and startTime.getEpochSeconds() with throw NPE. I'll add a null check in the method itself. Thanks for catching this.

See if you can add any test case to validate the searchCallLatencyTimer metric as well.

minor: can we rename method and append to code comments to indicate this indicator API if it's not a generic get for all api responses

Having configurable client timeouts will help

I'll consider adding this as part of source configuration along with look_back_days in follow up PR.

minor: startTimeFilter, endTimeFilter would be better names than filter1, filter2

Minor: @Data contains both @Getter and @Setter functionality + has the added bonus of providing a toString implementation for logging

nit: can we rename this as CrowdstrikeIntelApiResponse for disambiguation purposes.. since there are other APIs we could be integrating in the future

minor: plz also use CONSTANTS like GREATER_THAN, LESSER_THAN and explain in code comments with an example of what the final url will look like for readability