From c18b7e8eaacceb2d9da400ba4a45225332eb898f Mon Sep 17 00:00:00 2001
From: "idan.noy" <idan.noy@xmcyber.com>
Date: Mon, 15 Jun 2026 17:48:58 +0300
Subject: [PATCH] Updated Scenarios and Security Score API endpoints and app
 version

Signed-off-by: idan.noy <idan.noy@xmcyber.com>
---
 .../XM Cyber/XM-Cyber-Parameter-Values.xml    |   54 +-
 .../XM Cyber/XMCyber-AuditTrails-Workflow.xml |  806 ++++++-------
 .../XM Cyber/XMCyber-Devices-Workflow.xml     |  662 +++++------
 .../XM Cyber/XMCyber-Entities-Workflow.xml    | 1024 ++++++++---------
 .../XMCyber-FindingsExposures-Workflow.xml    |  658 +++++------
 .../XM Cyber/XMCyber-Products-Workflow.xml    |  676 +++++------
 .../XM Cyber/XMCyber-Scenarios-Workflow.xml   |  638 +++++-----
 .../XMCyber-SecurityScore-Workflow.xml        |  743 ++++++------
 .../XM Cyber/XMCyber-Sensors-Workflow.xml     |  638 +++++-----
 .../XMCyber-Vulnerabilities-Workflow.xml      |  676 +++++------
 Community Developed/XM Cyber/readMe.md        |  180 +--
 11 files changed, 3377 insertions(+), 3378 deletions(-)

diff --git a/Community Developed/XM Cyber/XM-Cyber-Parameter-Values.xml b/Community Developed/XM Cyber/XM-Cyber-Parameter-Values.xml
index d7d1586..e8b855c 100644
--- a/Community Developed/XM Cyber/XM-Cyber-Parameter-Values.xml	
+++ b/Community Developed/XM Cyber/XM-Cyber-Parameter-Values.xml	
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V2_1">
-    
-    <!-- XM Cyber tenant name (hostname). Do not add http or https. -->
-    <Value name="tenantName" value="your-tenant.clients.xmcyber.com" />
-    
-    <!-- API Key for authentication -->
-    <Value name="apiKey" value="" />
-
-    <!-- Required for Audit Trails collection. Provide the Audit Trails start time in the format YYYY-MM-DDTHH:MM:SS.SSSZ -->
-    <Value name="auditTrailsStartTime" value="" />
-
-    <!-- Required for Entities collection. Must be from [true, false].-->
-    <!-- If set to True, entities chokepoint statistics will also be ingested into QRadar as an event after entity data collection. -->
-    <Value name="ingestChokepointStats" value="false" />
-
-    <!-- Required for Security Score collection.-->
-
-    <!-- If set to True, scenarios data collected during Security Score data collection will also be ingested into QRadar. -->
-    <!-- Must be from [true, false].-->
-    <Value name="ingestScenarios" value="false" />
-
-    <!--Defines the start time for collecting Security Score data. Example: timeAgo_days_7.-->
-    <!-- Must be from [timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_365].-->
-    <Value name="timeId" value="timeAgo_days_7" />
-    
-</WorkflowParameterValues>
+<?xml version="1.0" encoding="UTF-8" ?>
+<WorkflowParameterValues xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/WorkflowParameterValues/V2_1">
+    
+    <!-- XM Cyber tenant name (hostname). Do not add http or https. -->
+    <Value name="tenantName" value="your-tenant.clients.xmcyber.com" />
+    
+    <!-- API Key for authentication -->
+    <Value name="apiKey" value="" />
+
+    <!-- Required for Audit Trails collection. Provide the Audit Trails start time in the format YYYY-MM-DDTHH:MM:SS.SSSZ -->
+    <Value name="auditTrailsStartTime" value="" />
+
+    <!-- Required for Entities collection. Must be from [true, false].-->
+    <!-- If set to True, entities chokepoint statistics will also be ingested into QRadar as an event after entity data collection. -->
+    <Value name="ingestChokepointStats" value="false" />
+
+    <!-- Required for Security Score collection.-->
+
+    <!-- If set to True, scenarios data collected during Security Score data collection will also be ingested into QRadar. -->
+    <!-- Must be from [true, false].-->
+    <Value name="ingestScenarios" value="false" />
+
+    <!--Defines the start time for collecting Security Score data. Example: timeAgo_days_7.-->
+    <!-- Must be from [timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_180].-->
+    <Value name="timeId" value="timeAgo_days_7" />
+    
+</WorkflowParameterValues>
diff --git a/Community Developed/XM Cyber/XMCyber-AuditTrails-Workflow.xml b/Community Developed/XM Cyber/XMCyber-AuditTrails-Workflow.xml
index fc81b60..88f0dd5 100644
--- a/Community Developed/XM Cyber/XMCyber-AuditTrails-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-AuditTrails-Workflow.xml	
@@ -1,403 +1,403 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Audit Trails" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="true"/>
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][AuditTrails][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/auditTrailsEndpoint" value="/api/audit-trail/auditRecords" />
-        <Initialize path="/pageSize" value="1000" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="audit_trails" />
-        <Initialize path="/auditTrailsPage" value="" />
-        <Initialize path="/auditTrailsTime" value="" />
-
-        <Set path="/currentPage" value="1" />
-        <Set path="/totalPages" value="1" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Audit Trails collection started." />
-
-        <!-- Validate auditTrailsStartTime format with regex -->
-        <RegexCapture pattern="^(\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12][0-9]|3[01])T(?:[01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]\.\d{3}Z)$" value="${/auditTrailsStartTime}" savePath="/auditTrailsStartTimeValidation" />
-
-        <If condition="${empty(/auditTrailsStartTimeValidation)} = 'true'">
-            <Log type="INFO" message="${/logPrefix} Abort - Invalid auditTrailsStartTime format. Expected format: YYYY-MM-DDTHH:MM:SS.SSSZ" />
-            <Abort reason="Invalid auditTrailsStartTime format. Expected format: YYYY-MM-DDTHH:MM:SS.SSSZ" />
-        </If>
-
-        <!-- Get current UTC timestamp -->
-        <Set path="/currentTimestamp" value="${time()}" />
-        <FormatDate pattern="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'" timeZone="UTC" time="${/currentTimestamp}" savePath="/currentTimestampFormatted" />
-
-
-        <!-- Calculate 90 days retention limit -->
-        <Set path="/retentionDays" value="90" />
-        <Set path="/millisecondsPerDay" value="86400000" />
-        <Set path="/retentionLimitMillis" value="${/retentionDays * /millisecondsPerDay}" />
-        <Set path="/retentionLimitTimestamp" value="${/currentTimestamp - /retentionLimitMillis}" />
-        <FormatDate pattern="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'" timeZone="UTC" time="${/retentionLimitTimestamp}" savePath="/retentionLimitFormatted" />
-
-        <!-- Validate that auditTrailsStartTime is not greater than current time -->
-        <If condition="${/auditTrailsStartTime &gt; /currentTimestampFormatted}">
-            <Log type="INFO" message="${/logPrefix} Abort - auditTrailsStartTime cannot be greater than current UTC time." />
-            <Abort reason="auditTrailsStartTime cannot be greater than current UTC time." />
-        </If>
-
-
-        <!-- Check for stored auditTrailsTime checkpoint -->
-        <Initialize path="/fromTimestamp" value="${/auditTrailsStartTime}" />
-        <Log type="INFO" message="${/logPrefix} - Checking for stored auditTrailsTime checkpoint parameter." />
-
-        <!-- Get checkpoint parameter if it exists -->
-        <If condition="${empty(/auditTrailsTime)} = 'true'">
-            <!-- No checkpoint - validate auditTrailsStartTime retention before using it -->
-            <If condition="${/auditTrailsStartTime &lt; /retentionLimitFormatted}">
-                <Log type="INFO" message="${/logPrefix} Abort - auditTrailsStartTime cannot be earlier than ${/retentionDays} days from current UTC time." />
-                <Abort reason="auditTrailsStartTime cannot be earlier than ${/retentionDays} days from current UTC time." />
-            </If>
-            <Log type="INFO" message="${/logPrefix} - No auditTrailsTime checkpoint found. Using auditTrailsStartTime from parameter file: ${/fromTimestamp}" />
-        </If>
-        <Else>
-            <Log type="INFO" message="${/logPrefix} - Found stored auditTrailsTime checkpoint: ${/auditTrailsTime}" />
-            
-            <!-- Validate checkpoint timestamp format with regex -->
-            <RegexCapture pattern="^(\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12][0-9]|3[01])T(?:[01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]\.\d{3}Z)$" value="${/auditTrailsTime}" savePath="/checkpointValidation" />
-            <If condition="${empty(/checkpointValidation)} = 'true'">
-                <Log type="INFO" message="${/logPrefix} - Invalid checkpoint auditTrailsTime format. Using current time." />
-                <Set path="/fromTimestamp" value="${/currentTimestampFormatted}" />
-            </If>
-            <Else>
-                <!-- Validate that auditTrailsTime is not earlier than retention limit -->
-                <If condition="${/auditTrailsTime &lt; /retentionLimitFormatted}">
-                    <Log type="INFO" message="${/logPrefix} - Checkpoint auditTrailsTime is earlier than ${/retentionDays} days. Using 90 days back time." />
-                    <Set path="/fromTimestamp" value="${/retentionLimitFormatted}" />
-                </If>
-                <Else>
-                    <Set path="/fromTimestamp" value="${/auditTrailsTime}" />
-                    <Log type="INFO" message="${/logPrefix} - Using checkpoint auditTrailsTime: ${/fromTimestamp}" />
-                    
-                    <!-- Check for page checkpoint if auditTrailsTime is being used -->
-                    <If condition="${empty(/auditTrailsPage)} = 'false' and ${/auditTrailsPage} != '1'">
-                        <Set path="/currentPage" value="${/auditTrailsPage}" />
-                        <Log type="INFO" message="${/logPrefix} - Found stored auditTrailsPage checkpoint: ${/auditTrailsPage}. Resuming from page ${/currentPage}" />
-                    </If>
-                </Else>
-            </Else>
-        </Else>
-
-        <!-- Set to_timestamp to current UTC formatted time -->
-        <Set path="/toTimestamp" value="${/currentTimestampFormatted}" />
-
-        <Log type="INFO" message="${/logPrefix} - Data collection period: from ${/fromTimestamp} to ${/toTimestamp}" />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch audit trails data with pagination support and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/auditTrailsEndpoint} with query parameters page: ${/currentPage}, pageSize: ${/pageSize}, filter: {&quot;timestamp&quot;:{&quot;$gt&quot;:&quot;${/fromTimestamp}&quot;,&quot;$lte&quot;:&quot;${/toTimestamp}&quot;}}, sort: timestamp." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call audit trails API with timestamp filter and pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/auditTrailsEndpoint}" method="GET" savePath="/auditTrails/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="filter" value="{&quot;timestamp&quot;:{&quot;$gt&quot;:&quot;${/fromTimestamp}&quot;,&quot;$lte&quot;:&quot;${/toTimestamp}&quot;}}" />
-                        <QueryParameter name="sort" value="timestamp" />
-                        <QueryParameter name="page" value="${/currentPage}" />
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/auditTrails/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/auditTrails/response/status_code = 200">
-
-                    <!-- Extract pagination information -->
-                    <Set path="/totalPages" value="${/auditTrails/response/body/paging/totalPages}" />
-                    <Set path="/currentPageSize" value="${count(/auditTrails/response/body/data)}" />
-                    
-                    <!-- Process collected audit trail events, add metadata -->
-                    <ForEach item="/currentEvent" items="/auditTrails/response/body/data">
-                        <Set path="/currentEvent/event_id" value="audit_trail" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-
-                    
-                    <!-- Check if there are more pages to process -->
-                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
-                        <!-- Store current page in checkpoint after successful ingestion -->
-                        <Set path="/auditTrailsPage" value="${/currentPage + 1}" />
-                        <Set path="/auditTrailsTime" value="${/fromTimestamp}" />
-                        <Log type="INFO" message="${/logPrefix} - Updated auditTrailsPage checkpoint to: ${/currentPage + 1}" />
-
-                        <Set path="/currentPage" value="${/currentPage + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        
-                        <!-- Update checkpoint parameters -->
-                        <Set path="/auditTrailsTime" value="${/toTimestamp}" />
-                        <Set path="/auditTrailsPage" value="1" />
-                        <Log type="INFO" message="${/logPrefix} Updated auditTrailsTime checkpoint to: ${/toTimestamp}" />
-                        <Log type="INFO" message="${/logPrefix} Reset auditTrailsPage checkpoint to: 1" />
-                        <Log type="INFO" message="${/logPrefix} Audit Trails collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/auditTrails/response/status_code} = 419 or ${/auditTrails/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/auditTrails/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/auditTrails/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/auditTrails/response/status_code}, Body - ${/auditTrails/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/auditTrails/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Audit Trails" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="true"/>
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][AuditTrails][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/auditTrailsEndpoint" value="/api/audit-trail/auditRecords" />
+        <Initialize path="/pageSize" value="1000" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="audit_trails" />
+        <Initialize path="/auditTrailsPage" value="" />
+        <Initialize path="/auditTrailsTime" value="" />
+
+        <Set path="/currentPage" value="1" />
+        <Set path="/totalPages" value="1" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Audit Trails collection started." />
+
+        <!-- Validate auditTrailsStartTime format with regex -->
+        <RegexCapture pattern="^(\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12][0-9]|3[01])T(?:[01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]\.\d{3}Z)$" value="${/auditTrailsStartTime}" savePath="/auditTrailsStartTimeValidation" />
+
+        <If condition="${empty(/auditTrailsStartTimeValidation)} = 'true'">
+            <Log type="INFO" message="${/logPrefix} Abort - Invalid auditTrailsStartTime format. Expected format: YYYY-MM-DDTHH:MM:SS.SSSZ" />
+            <Abort reason="Invalid auditTrailsStartTime format. Expected format: YYYY-MM-DDTHH:MM:SS.SSSZ" />
+        </If>
+
+        <!-- Get current UTC timestamp -->
+        <Set path="/currentTimestamp" value="${time()}" />
+        <FormatDate pattern="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'" timeZone="UTC" time="${/currentTimestamp}" savePath="/currentTimestampFormatted" />
+
+
+        <!-- Calculate 90 days retention limit -->
+        <Set path="/retentionDays" value="90" />
+        <Set path="/millisecondsPerDay" value="86400000" />
+        <Set path="/retentionLimitMillis" value="${/retentionDays * /millisecondsPerDay}" />
+        <Set path="/retentionLimitTimestamp" value="${/currentTimestamp - /retentionLimitMillis}" />
+        <FormatDate pattern="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'" timeZone="UTC" time="${/retentionLimitTimestamp}" savePath="/retentionLimitFormatted" />
+
+        <!-- Validate that auditTrailsStartTime is not greater than current time -->
+        <If condition="${/auditTrailsStartTime &gt; /currentTimestampFormatted}">
+            <Log type="INFO" message="${/logPrefix} Abort - auditTrailsStartTime cannot be greater than current UTC time." />
+            <Abort reason="auditTrailsStartTime cannot be greater than current UTC time." />
+        </If>
+
+
+        <!-- Check for stored auditTrailsTime checkpoint -->
+        <Initialize path="/fromTimestamp" value="${/auditTrailsStartTime}" />
+        <Log type="INFO" message="${/logPrefix} - Checking for stored auditTrailsTime checkpoint parameter." />
+
+        <!-- Get checkpoint parameter if it exists -->
+        <If condition="${empty(/auditTrailsTime)} = 'true'">
+            <!-- No checkpoint - validate auditTrailsStartTime retention before using it -->
+            <If condition="${/auditTrailsStartTime &lt; /retentionLimitFormatted}">
+                <Log type="INFO" message="${/logPrefix} Abort - auditTrailsStartTime cannot be earlier than ${/retentionDays} days from current UTC time." />
+                <Abort reason="auditTrailsStartTime cannot be earlier than ${/retentionDays} days from current UTC time." />
+            </If>
+            <Log type="INFO" message="${/logPrefix} - No auditTrailsTime checkpoint found. Using auditTrailsStartTime from parameter file: ${/fromTimestamp}" />
+        </If>
+        <Else>
+            <Log type="INFO" message="${/logPrefix} - Found stored auditTrailsTime checkpoint: ${/auditTrailsTime}" />
+            
+            <!-- Validate checkpoint timestamp format with regex -->
+            <RegexCapture pattern="^(\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12][0-9]|3[01])T(?:[01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]\.\d{3}Z)$" value="${/auditTrailsTime}" savePath="/checkpointValidation" />
+            <If condition="${empty(/checkpointValidation)} = 'true'">
+                <Log type="INFO" message="${/logPrefix} - Invalid checkpoint auditTrailsTime format. Using current time." />
+                <Set path="/fromTimestamp" value="${/currentTimestampFormatted}" />
+            </If>
+            <Else>
+                <!-- Validate that auditTrailsTime is not earlier than retention limit -->
+                <If condition="${/auditTrailsTime &lt; /retentionLimitFormatted}">
+                    <Log type="INFO" message="${/logPrefix} - Checkpoint auditTrailsTime is earlier than ${/retentionDays} days. Using 90 days back time." />
+                    <Set path="/fromTimestamp" value="${/retentionLimitFormatted}" />
+                </If>
+                <Else>
+                    <Set path="/fromTimestamp" value="${/auditTrailsTime}" />
+                    <Log type="INFO" message="${/logPrefix} - Using checkpoint auditTrailsTime: ${/fromTimestamp}" />
+                    
+                    <!-- Check for page checkpoint if auditTrailsTime is being used -->
+                    <If condition="${empty(/auditTrailsPage)} = 'false' and ${/auditTrailsPage} != '1'">
+                        <Set path="/currentPage" value="${/auditTrailsPage}" />
+                        <Log type="INFO" message="${/logPrefix} - Found stored auditTrailsPage checkpoint: ${/auditTrailsPage}. Resuming from page ${/currentPage}" />
+                    </If>
+                </Else>
+            </Else>
+        </Else>
+
+        <!-- Set to_timestamp to current UTC formatted time -->
+        <Set path="/toTimestamp" value="${/currentTimestampFormatted}" />
+
+        <Log type="INFO" message="${/logPrefix} - Data collection period: from ${/fromTimestamp} to ${/toTimestamp}" />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch audit trails data with pagination support and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/auditTrailsEndpoint} with query parameters page: ${/currentPage}, pageSize: ${/pageSize}, filter: {&quot;timestamp&quot;:{&quot;$gt&quot;:&quot;${/fromTimestamp}&quot;,&quot;$lte&quot;:&quot;${/toTimestamp}&quot;}}, sort: timestamp." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call audit trails API with timestamp filter and pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/auditTrailsEndpoint}" method="GET" savePath="/auditTrails/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="filter" value="{&quot;timestamp&quot;:{&quot;$gt&quot;:&quot;${/fromTimestamp}&quot;,&quot;$lte&quot;:&quot;${/toTimestamp}&quot;}}" />
+                        <QueryParameter name="sort" value="timestamp" />
+                        <QueryParameter name="page" value="${/currentPage}" />
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/auditTrails/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/auditTrails/response/status_code = 200">
+
+                    <!-- Extract pagination information -->
+                    <Set path="/totalPages" value="${/auditTrails/response/body/paging/totalPages}" />
+                    <Set path="/currentPageSize" value="${count(/auditTrails/response/body/data)}" />
+                    
+                    <!-- Process collected audit trail events, add metadata -->
+                    <ForEach item="/currentEvent" items="/auditTrails/response/body/data">
+                        <Set path="/currentEvent/event_id" value="audit_trail" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+
+                    
+                    <!-- Check if there are more pages to process -->
+                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
+                        <!-- Store current page in checkpoint after successful ingestion -->
+                        <Set path="/auditTrailsPage" value="${/currentPage + 1}" />
+                        <Set path="/auditTrailsTime" value="${/fromTimestamp}" />
+                        <Log type="INFO" message="${/logPrefix} - Updated auditTrailsPage checkpoint to: ${/currentPage + 1}" />
+
+                        <Set path="/currentPage" value="${/currentPage + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        
+                        <!-- Update checkpoint parameters -->
+                        <Set path="/auditTrailsTime" value="${/toTimestamp}" />
+                        <Set path="/auditTrailsPage" value="1" />
+                        <Log type="INFO" message="${/logPrefix} Updated auditTrailsTime checkpoint to: ${/toTimestamp}" />
+                        <Log type="INFO" message="${/logPrefix} Reset auditTrailsPage checkpoint to: 1" />
+                        <Log type="INFO" message="${/logPrefix} Audit Trails collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/auditTrails/response/status_code} = 419 or ${/auditTrails/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/auditTrails/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/auditTrails/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/auditTrails/response/status_code}, Body - ${/auditTrails/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/auditTrails/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-Devices-Workflow.xml b/Community Developed/XM Cyber/XMCyber-Devices-Workflow.xml
index 3fdcd31..7c6120b 100644
--- a/Community Developed/XM Cyber/XMCyber-Devices-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-Devices-Workflow.xml	
@@ -1,331 +1,331 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Devices" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Devices][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/devicesEndpoint" value="/api/v2/vavm/devices" />
-        <Initialize path="/pageSize" value="5000" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="devices" />
-
-        <Set path="/currentPage" value="1" />
-        <Set path="/totalPages" value="1" />
-
-        <!-- Get current timestamp -->
-        <Set path="/currentTimestamp" value="${time()}" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Devices collection started." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch devices data with pagination support and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/devicesEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call devices API with OAuth authentication and pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/devicesEndpoint}" method="GET" savePath="/devices/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="page" value="${/currentPage}" />
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/devices/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/devices/response/status_code = 200">
-
-                    <!-- Extract pagination information -->
-                    <Set path="/totalPages" value="${/devices/response/body/paging/totalPages}" />
-                    <Set path="/currentPageSize" value="${count(/devices/response/body/data)}" />
-
-                    <!-- Add completion timestamp to the last device event if this is the last page -->
-                    <If condition="${/currentPage + 0} = ${/totalPages + 0}">
-                        <If condition="${/currentPageSize} > 0">
-                            <!-- Add collectionStartTime to the last device event -->
-                            <Set path="/devices/response/body/data[${/currentPageSize - 1}]/collectionStartTime" value="${/currentTimestamp}" />
-                        </If>
-                    </If>
-
-                    <!-- Process collected device events, add tenant prefix and metadata -->
-                    <ForEach item="/currentEvent" items="/devices/response/body/data">
-                        <Set path="/currentEvent/event_id" value="device" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                    
-                    <!-- Check if there are more pages to process -->
-                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
-                        <Set path="/currentPage" value="${/currentPage + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} Devices collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/devices/response/status_code} = 419 or ${/devices/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/devices/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/devices/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/devices/response/status_code}, Body - ${/devices/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/devices/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Devices" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Devices][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/devicesEndpoint" value="/api/v2/vavm/devices" />
+        <Initialize path="/pageSize" value="5000" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="devices" />
+
+        <Set path="/currentPage" value="1" />
+        <Set path="/totalPages" value="1" />
+
+        <!-- Get current timestamp -->
+        <Set path="/currentTimestamp" value="${time()}" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Devices collection started." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch devices data with pagination support and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/devicesEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call devices API with OAuth authentication and pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/devicesEndpoint}" method="GET" savePath="/devices/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="page" value="${/currentPage}" />
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/devices/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/devices/response/status_code = 200">
+
+                    <!-- Extract pagination information -->
+                    <Set path="/totalPages" value="${/devices/response/body/paging/totalPages}" />
+                    <Set path="/currentPageSize" value="${count(/devices/response/body/data)}" />
+
+                    <!-- Add completion timestamp to the last device event if this is the last page -->
+                    <If condition="${/currentPage + 0} = ${/totalPages + 0}">
+                        <If condition="${/currentPageSize} > 0">
+                            <!-- Add collectionStartTime to the last device event -->
+                            <Set path="/devices/response/body/data[${/currentPageSize - 1}]/collectionStartTime" value="${/currentTimestamp}" />
+                        </If>
+                    </If>
+
+                    <!-- Process collected device events, add tenant prefix and metadata -->
+                    <ForEach item="/currentEvent" items="/devices/response/body/data">
+                        <Set path="/currentEvent/event_id" value="device" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                    
+                    <!-- Check if there are more pages to process -->
+                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
+                        <Set path="/currentPage" value="${/currentPage + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} Devices collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/devices/response/status_code} = 419 or ${/devices/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/devices/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/devices/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/devices/response/status_code}, Body - ${/devices/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/devices/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-Entities-Workflow.xml b/Community Developed/XM Cyber/XMCyber-Entities-Workflow.xml
index 8eb262a..0bed92a 100644
--- a/Community Developed/XM Cyber/XMCyber-Entities-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-Entities-Workflow.xml	
@@ -1,512 +1,512 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Entities" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="true"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Entities][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/reportsEntitiesEndpoint" value="/api/v2/reports/data/scenariosCriticalAssetsReport/entities" />
-        <Initialize path="/entitiesEndpoint" value="/api/entityInventory/entities" />
-        <Initialize path="/chokepointStatsEndpoint" value="/api/v2/reports/data/scenariosChokePointsReport/chokePointsEntities" />
-        <Initialize path="/pageSize" value="500" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="entities" />
-
-        <Set path="/currentPage" value="1" />
-        <Set path="/totalPages" value="1" />
-        <Set path="/reportsCurrentPage" value="1" />
-        <Set path="/reportsTotalPages" value="1" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Entities collection started with ingestChokepointStats: ${/ingestChokepointStats}." />
-
-        <Set path="/errorCount" value="0" />
-        <Set path="/reportsEntitiesCompleted" value="false" />
-        <Set path="/entitiesCompleted" value="false" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount + 0} &lt; ${/maxRetry + 0}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-            <Set path="/reportsLoopBreaker" value="false" />
-
-            <!-- Step 1: Collect and ingest reports entities data (compromised entities) -->
-            <If condition="${/reportsEntitiesCompleted} = false">
-                
-                <While condition="${/reportsLoopBreaker} = false">
-                    
-                    <Log type="INFO" message="${/logPrefix} Collecting compromised entities data from ${/reportsEntitiesEndpoint} - Page ${/reportsCurrentPage}, pageSize ${/pageSize}." />
-                    
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                        
-                        <!-- Call reports entities API with OAuth authentication and pagination -->
-                        <CallEndpoint url="${/xmCyberUrl}${/reportsEntitiesEndpoint}" method="GET" savePath="/reportsEntities/response">
-                            <BearerAuthentication token="${/accessToken}" />
-                            
-                            <QueryParameter name="page" value="${/reportsCurrentPage}" />
-                            <QueryParameter name="pageSize" value="${/pageSize}" />
-                            
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="accept" value="application/json" />
-                            
-                            <RequestBody type="application/json" encoding="UTF-8">
-                            {
-                                "Accept": "application/json",
-                                "content-type": "application/x-www-form-urlencoded"
-                            }
-                            </RequestBody>
-                        </CallEndpoint>
-                        
-                        <!-- Handle rate limit (429) -->
-                        <If condition="${/reportsEntities/response/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded for compromised entities. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting compromised entities data." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting compromised entities data." />
-                            </If>
-                            
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-                    
-                    <!-- Handle successful response (200) -->
-                    <If condition="/reportsEntities/response/status_code = 200">
-                        
-                        <!-- Extract pagination information -->
-                        <Set path="/reportsTotalPages" value="${/reportsEntities/response/body/paging/totalPages}" />
-                        <Set path="/reportsCurrentPageSize" value="${count(/reportsEntities/response/body/data)}" />
-                        
-                        <!-- Process and ingest each compromised entity -->
-                        <ForEach item="/compromisedEntity" items="/reportsEntities/response/body/data">
-                            <!-- Add standard metadata for compromised entities -->
-                            <Set path="/compromisedEntity/event_id" value="compromised_entity" />
-                            <Set path="/compromisedEntity/event_category" value="XM Cyber" />
-                            <Set path="/compromisedEntity/tenant" value="${/tenantPrefix}" />
-                            <PostEvent path="/compromisedEntity"/>
-                        </ForEach>
-                        
-                        <!-- Log ingested count for current page -->
-                        <Log type="INFO" message="${/logPrefix} - Page ${/reportsCurrentPage}: ${/reportsCurrentPageSize} compromised entities ingested in QRadar." />
-                        
-                        <!-- Check if there are more pages to process -->
-                        <If condition="${/reportsCurrentPage + 0} &lt; ${/reportsTotalPages + 0}">
-                            <Set path="/reportsCurrentPage" value="${/reportsCurrentPage + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - Moving to next compromised entities page: ${/reportsCurrentPage} of ${/reportsTotalPages}." />
-                        </If>
-                        <Else>
-                            <!-- All pages processed, complete the collection -->
-                            <Set path="/reportsLoopBreaker" value="true"/>
-                            <Set path="/reportsEntitiesCompleted" value="true" />
-                            <Log type="INFO" message="${/logPrefix} - Compromised entities collection completed successfully." />
-                        </Else>
-                        
-                    </If>
-                    
-                    <!-- Handle token expired (419 or 401) -->
-                    <ElseIf condition="${/reportsEntities/response/status_code} = 419 or ${/reportsEntities/response/status_code} = 401">
-                        <!-- To retry for token expiration -->
-                        <Set path="/reportsLoopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/errorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/reportsEntities/response/status_code}." />
-                        <Set path="/accessToken" value="" />
-                    </ElseIf>
-                    
-                    <!-- Handle 403 Forbidden -->
-                    <ElseIf condition="/reportsEntities/response/status_code = 403">
-                        <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting compromised entities data. Status code = 403." />
-                        <Abort reason="Insufficient permissions while collecting compromised entities data. Status code = 403." />
-                    </ElseIf>
-                    
-                    <!-- Handle other error status codes -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} - API call failed for collecting compromised entities data with status code - ${/reportsEntities/response/status_code}, Body - ${/reportsEntities/response/body}" />
-                        <Abort reason="API call failed for collecting compromised entities data with status code - ${/reportsEntities/response/status_code}." />
-                    </Else>
-                </While>
-            </If>
-
-            <!-- Step 2: Fetch entity inventory data and ingest -->
-            <If condition="${/reportsEntitiesCompleted} = true and ${/entitiesCompleted} = false">
-                <While condition="${/loopBreaker} = false">
-
-                    <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/entitiesEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
-
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                        
-                        <!-- Call entities API with OAuth authentication and pagination -->
-                        <CallEndpoint url="${/xmCyberUrl}${/entitiesEndpoint}" method="GET" savePath="/entities/response">
-                            <BearerAuthentication token="${/accessToken}" />
-
-                            <QueryParameter name="page" value="${/currentPage}" />
-                            <QueryParameter name="pageSize" value="${/pageSize}" />
-
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="accept" value="application/json" />
-
-                            <RequestBody type="application/json" encoding="UTF-8">
-                            {
-                                "Accept": "application/json",
-                                "content-type": "application/x-www-form-urlencoded"
-                            }
-                            </RequestBody>
-                        </CallEndpoint>
-
-                        <!-- Handle rate limit (429) -->
-                        <If condition="${/entities/response/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            </If>
-
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Handle successful response (200) -->
-                    <If condition="/entities/response/status_code = 200">
-
-                        <!-- Extract pagination information -->
-                        <Set path="/totalPages" value="${/entities/response/body/paging/totalPages}" />
-                        <Set path="/currentPageSize" value="${count(/entities/response/body/data)}" />
-                        
-                        <!-- Process collected inventory entities events and add metadata -->
-                        <ForEach item="/currentEvent" items="/entities/response/body/data">
-                            <!-- Add standard metadata -->
-                            <Set path="/currentEvent/event_id" value="entity" />
-                            <Set path="/currentEvent/event_category" value="XM Cyber" />
-                            <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                            <PostEvent path="/currentEvent"/>
-                        </ForEach>
-
-                        <!-- Log ingested event count for current page -->
-                        <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                        
-                        <!-- Check if there are more pages to process -->
-                        <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
-                            <Set path="/currentPage" value="${/currentPage + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
-                        </If>
-                        <Else>
-                            <!-- All pages processed, complete the collection -->
-                            <Set path="/loopBreaker" value="true"/>
-                            <Set path="/entitiesCompleted" value="true" />
-                            <Log type="INFO" message="${/logPrefix} Entities collection completed successfully." />
-                        </Else>
-
-                    </If>
-                    
-                    <!-- Handle token expired (419 or 401) -->
-                    <ElseIf condition="${/entities/response/status_code} = 419 or ${/entities/response/status_code} = 401">
-                        <!-- To retry for token expiration -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/errorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/entities/response/status_code}." />
-                        <Set path="/accessToken" value="" />
-                    </ElseIf>
-
-                    <!-- Handle 403 Forbidden -->
-                    <ElseIf condition="/entities/response/status_code = 403">
-                        <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                        <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    </ElseIf>
-
-                    <!-- Handle other error status codes -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/entities/response/status_code}, Body - ${/entities/response/body}" />
-                        <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/entities/response/status_code}." />
-                    </Else>
-                </While>
-            </If>
-
-            <!-- Fetch chokepoint stats if enabled -->
-            <If condition="${/entitiesCompleted} = true">
-                <If condition="${'${lower(/ingestChokepointStats)}' = 'true'}">
-                    <Log type="INFO" message="${/logPrefix} - Collecting chokepoint stats from ${/chokepointStatsEndpoint}." />
-
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">  
-                        <!-- Access-Token-based authentication -->
-                        <CallEndpoint url="${/xmCyberUrl}${/chokepointStatsEndpoint}" method="GET" savePath="/chokepointStats/response">
-                            <BearerAuthentication token="${/accessToken}" />
-
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="accept" value="application/json" />
-
-                            <RequestBody type="application/json" encoding="UTF-8">
-                            {
-                                "Accept": "application/json",
-                                "content-type": "application/x-www-form-urlencoded"
-                            }
-                            </RequestBody>
-                        </CallEndpoint>
-
-                        <!-- Handle rate limit (429) -->
-                        <If condition="${/chokepointStats/response/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded for chokepoint stats. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting chokepoint stats." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting chokepoint stats." />
-                            </If>
-
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Handle successful chokepoint stats response (200) -->
-                    <If condition="/chokepointStats/response/status_code = 200">
-                        <!-- Extract total count from paging information -->
-                        <Set path="/totalChokepointCount" value="${/chokepointStats/response/body/paging/total}" />
-                        
-                        <!-- Create chokepoint stats event -->
-                        <Set path="/chokepointEvent/totalChokepoint" value="${/totalChokepointCount}" />
-                        <Set path="/chokepointEvent/event_id" value="entities_chokepoint" />
-                        <Set path="/chokepointEvent/event_category" value="XM Cyber" />
-                        <Set path="/chokepointEvent/tenant" value="${/tenantPrefix}" />
-                        <PostEvent path="/chokepointEvent"/>
-
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} - Chokepoint stats ingested successfully. Total chokepoints: ${/totalChokepointCount}." />
-                    </If>
-                    
-                    <!-- Handle token expired (419) for chokepoint stats -->
-                    <ElseIf condition="${/chokepointStats/response/status_code} = 419 or ${/chokepointStats/response/status_code} = 401">
-                        <Set path="/errorCount" value="${/errorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/chokepointStats/response/status_code} while collecting chokepoint stats." />
-                        <Set path="/accessToken" value="" />
-                    </ElseIf>
-
-                    <!-- Handle 403 Forbidden for chokepoint stats -->
-                    <ElseIf condition="/chokepointStats/response/status_code = 403">
-                        <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting chokepoint stats. Status code = 403." />
-                        <Abort reason="Insufficient permissions while collecting chokepoint stats. Status code = 403." />
-                    </ElseIf>
-
-                    <!-- Handle other error status codes for chokepoint stats -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} - API call failed for collecting chokepoint stats with status code - ${/chokepointStats/response/status_code}, Body - ${/chokepointStats/response/body}" />
-                        <Abort reason="API call failed for collecting chokepoint stats with status code - ${/chokepointStats/response/status_code}." />
-                    </Else>
-                </If>
-                <Else>
-                    <Set path="/errorCount" value="${/maxRetry}"/>
-                    <Log type="INFO" message="${/logPrefix} - Chokepoint stats collection is disabled (ingestChokepointStats = ${/ingestChokepointStats})." />
-                </Else>
-            </If>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Entities" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="true"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Entities][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/reportsEntitiesEndpoint" value="/api/v2/reports/data/scenariosCriticalAssetsReport/entities" />
+        <Initialize path="/entitiesEndpoint" value="/api/entityInventory/entities" />
+        <Initialize path="/chokepointStatsEndpoint" value="/api/v2/reports/data/scenariosChokePointsReport/chokePointsEntities" />
+        <Initialize path="/pageSize" value="500" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="entities" />
+
+        <Set path="/currentPage" value="1" />
+        <Set path="/totalPages" value="1" />
+        <Set path="/reportsCurrentPage" value="1" />
+        <Set path="/reportsTotalPages" value="1" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Entities collection started with ingestChokepointStats: ${/ingestChokepointStats}." />
+
+        <Set path="/errorCount" value="0" />
+        <Set path="/reportsEntitiesCompleted" value="false" />
+        <Set path="/entitiesCompleted" value="false" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount + 0} &lt; ${/maxRetry + 0}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+            <Set path="/reportsLoopBreaker" value="false" />
+
+            <!-- Step 1: Collect and ingest reports entities data (compromised entities) -->
+            <If condition="${/reportsEntitiesCompleted} = false">
+                
+                <While condition="${/reportsLoopBreaker} = false">
+                    
+                    <Log type="INFO" message="${/logPrefix} Collecting compromised entities data from ${/reportsEntitiesEndpoint} - Page ${/reportsCurrentPage}, pageSize ${/pageSize}." />
+                    
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                        
+                        <!-- Call reports entities API with OAuth authentication and pagination -->
+                        <CallEndpoint url="${/xmCyberUrl}${/reportsEntitiesEndpoint}" method="GET" savePath="/reportsEntities/response">
+                            <BearerAuthentication token="${/accessToken}" />
+                            
+                            <QueryParameter name="page" value="${/reportsCurrentPage}" />
+                            <QueryParameter name="pageSize" value="${/pageSize}" />
+                            
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="accept" value="application/json" />
+                            
+                            <RequestBody type="application/json" encoding="UTF-8">
+                            {
+                                "Accept": "application/json",
+                                "content-type": "application/x-www-form-urlencoded"
+                            }
+                            </RequestBody>
+                        </CallEndpoint>
+                        
+                        <!-- Handle rate limit (429) -->
+                        <If condition="${/reportsEntities/response/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded for compromised entities. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting compromised entities data." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting compromised entities data." />
+                            </If>
+                            
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+                    
+                    <!-- Handle successful response (200) -->
+                    <If condition="/reportsEntities/response/status_code = 200">
+                        
+                        <!-- Extract pagination information -->
+                        <Set path="/reportsTotalPages" value="${/reportsEntities/response/body/paging/totalPages}" />
+                        <Set path="/reportsCurrentPageSize" value="${count(/reportsEntities/response/body/data)}" />
+                        
+                        <!-- Process and ingest each compromised entity -->
+                        <ForEach item="/compromisedEntity" items="/reportsEntities/response/body/data">
+                            <!-- Add standard metadata for compromised entities -->
+                            <Set path="/compromisedEntity/event_id" value="compromised_entity" />
+                            <Set path="/compromisedEntity/event_category" value="XM Cyber" />
+                            <Set path="/compromisedEntity/tenant" value="${/tenantPrefix}" />
+                            <PostEvent path="/compromisedEntity"/>
+                        </ForEach>
+                        
+                        <!-- Log ingested count for current page -->
+                        <Log type="INFO" message="${/logPrefix} - Page ${/reportsCurrentPage}: ${/reportsCurrentPageSize} compromised entities ingested in QRadar." />
+                        
+                        <!-- Check if there are more pages to process -->
+                        <If condition="${/reportsCurrentPage + 0} &lt; ${/reportsTotalPages + 0}">
+                            <Set path="/reportsCurrentPage" value="${/reportsCurrentPage + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - Moving to next compromised entities page: ${/reportsCurrentPage} of ${/reportsTotalPages}." />
+                        </If>
+                        <Else>
+                            <!-- All pages processed, complete the collection -->
+                            <Set path="/reportsLoopBreaker" value="true"/>
+                            <Set path="/reportsEntitiesCompleted" value="true" />
+                            <Log type="INFO" message="${/logPrefix} - Compromised entities collection completed successfully." />
+                        </Else>
+                        
+                    </If>
+                    
+                    <!-- Handle token expired (419 or 401) -->
+                    <ElseIf condition="${/reportsEntities/response/status_code} = 419 or ${/reportsEntities/response/status_code} = 401">
+                        <!-- To retry for token expiration -->
+                        <Set path="/reportsLoopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/errorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/reportsEntities/response/status_code}." />
+                        <Set path="/accessToken" value="" />
+                    </ElseIf>
+                    
+                    <!-- Handle 403 Forbidden -->
+                    <ElseIf condition="/reportsEntities/response/status_code = 403">
+                        <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting compromised entities data. Status code = 403." />
+                        <Abort reason="Insufficient permissions while collecting compromised entities data. Status code = 403." />
+                    </ElseIf>
+                    
+                    <!-- Handle other error status codes -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} - API call failed for collecting compromised entities data with status code - ${/reportsEntities/response/status_code}, Body - ${/reportsEntities/response/body}" />
+                        <Abort reason="API call failed for collecting compromised entities data with status code - ${/reportsEntities/response/status_code}." />
+                    </Else>
+                </While>
+            </If>
+
+            <!-- Step 2: Fetch entity inventory data and ingest -->
+            <If condition="${/reportsEntitiesCompleted} = true and ${/entitiesCompleted} = false">
+                <While condition="${/loopBreaker} = false">
+
+                    <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/entitiesEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
+
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                        
+                        <!-- Call entities API with OAuth authentication and pagination -->
+                        <CallEndpoint url="${/xmCyberUrl}${/entitiesEndpoint}" method="GET" savePath="/entities/response">
+                            <BearerAuthentication token="${/accessToken}" />
+
+                            <QueryParameter name="page" value="${/currentPage}" />
+                            <QueryParameter name="pageSize" value="${/pageSize}" />
+
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="accept" value="application/json" />
+
+                            <RequestBody type="application/json" encoding="UTF-8">
+                            {
+                                "Accept": "application/json",
+                                "content-type": "application/x-www-form-urlencoded"
+                            }
+                            </RequestBody>
+                        </CallEndpoint>
+
+                        <!-- Handle rate limit (429) -->
+                        <If condition="${/entities/response/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            </If>
+
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Handle successful response (200) -->
+                    <If condition="/entities/response/status_code = 200">
+
+                        <!-- Extract pagination information -->
+                        <Set path="/totalPages" value="${/entities/response/body/paging/totalPages}" />
+                        <Set path="/currentPageSize" value="${count(/entities/response/body/data)}" />
+                        
+                        <!-- Process collected inventory entities events and add metadata -->
+                        <ForEach item="/currentEvent" items="/entities/response/body/data">
+                            <!-- Add standard metadata -->
+                            <Set path="/currentEvent/event_id" value="entity" />
+                            <Set path="/currentEvent/event_category" value="XM Cyber" />
+                            <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                            <PostEvent path="/currentEvent"/>
+                        </ForEach>
+
+                        <!-- Log ingested event count for current page -->
+                        <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                        
+                        <!-- Check if there are more pages to process -->
+                        <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
+                            <Set path="/currentPage" value="${/currentPage + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
+                        </If>
+                        <Else>
+                            <!-- All pages processed, complete the collection -->
+                            <Set path="/loopBreaker" value="true"/>
+                            <Set path="/entitiesCompleted" value="true" />
+                            <Log type="INFO" message="${/logPrefix} Entities collection completed successfully." />
+                        </Else>
+
+                    </If>
+                    
+                    <!-- Handle token expired (419 or 401) -->
+                    <ElseIf condition="${/entities/response/status_code} = 419 or ${/entities/response/status_code} = 401">
+                        <!-- To retry for token expiration -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/errorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/entities/response/status_code}." />
+                        <Set path="/accessToken" value="" />
+                    </ElseIf>
+
+                    <!-- Handle 403 Forbidden -->
+                    <ElseIf condition="/entities/response/status_code = 403">
+                        <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                        <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    </ElseIf>
+
+                    <!-- Handle other error status codes -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/entities/response/status_code}, Body - ${/entities/response/body}" />
+                        <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/entities/response/status_code}." />
+                    </Else>
+                </While>
+            </If>
+
+            <!-- Fetch chokepoint stats if enabled -->
+            <If condition="${/entitiesCompleted} = true">
+                <If condition="${'${lower(/ingestChokepointStats)}' = 'true'}">
+                    <Log type="INFO" message="${/logPrefix} - Collecting chokepoint stats from ${/chokepointStatsEndpoint}." />
+
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">  
+                        <!-- Access-Token-based authentication -->
+                        <CallEndpoint url="${/xmCyberUrl}${/chokepointStatsEndpoint}" method="GET" savePath="/chokepointStats/response">
+                            <BearerAuthentication token="${/accessToken}" />
+
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="accept" value="application/json" />
+
+                            <RequestBody type="application/json" encoding="UTF-8">
+                            {
+                                "Accept": "application/json",
+                                "content-type": "application/x-www-form-urlencoded"
+                            }
+                            </RequestBody>
+                        </CallEndpoint>
+
+                        <!-- Handle rate limit (429) -->
+                        <If condition="${/chokepointStats/response/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded for chokepoint stats. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting chokepoint stats." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting chokepoint stats." />
+                            </If>
+
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Handle successful chokepoint stats response (200) -->
+                    <If condition="/chokepointStats/response/status_code = 200">
+                        <!-- Extract total count from paging information -->
+                        <Set path="/totalChokepointCount" value="${/chokepointStats/response/body/paging/total}" />
+                        
+                        <!-- Create chokepoint stats event -->
+                        <Set path="/chokepointEvent/totalChokepoint" value="${/totalChokepointCount}" />
+                        <Set path="/chokepointEvent/event_id" value="entities_chokepoint" />
+                        <Set path="/chokepointEvent/event_category" value="XM Cyber" />
+                        <Set path="/chokepointEvent/tenant" value="${/tenantPrefix}" />
+                        <PostEvent path="/chokepointEvent"/>
+
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} - Chokepoint stats ingested successfully. Total chokepoints: ${/totalChokepointCount}." />
+                    </If>
+                    
+                    <!-- Handle token expired (419) for chokepoint stats -->
+                    <ElseIf condition="${/chokepointStats/response/status_code} = 419 or ${/chokepointStats/response/status_code} = 401">
+                        <Set path="/errorCount" value="${/errorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/chokepointStats/response/status_code} while collecting chokepoint stats." />
+                        <Set path="/accessToken" value="" />
+                    </ElseIf>
+
+                    <!-- Handle 403 Forbidden for chokepoint stats -->
+                    <ElseIf condition="/chokepointStats/response/status_code = 403">
+                        <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting chokepoint stats. Status code = 403." />
+                        <Abort reason="Insufficient permissions while collecting chokepoint stats. Status code = 403." />
+                    </ElseIf>
+
+                    <!-- Handle other error status codes for chokepoint stats -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} - API call failed for collecting chokepoint stats with status code - ${/chokepointStats/response/status_code}, Body - ${/chokepointStats/response/body}" />
+                        <Abort reason="API call failed for collecting chokepoint stats with status code - ${/chokepointStats/response/status_code}." />
+                    </Else>
+                </If>
+                <Else>
+                    <Set path="/errorCount" value="${/maxRetry}"/>
+                    <Log type="INFO" message="${/logPrefix} - Chokepoint stats collection is disabled (ingestChokepointStats = ${/ingestChokepointStats})." />
+                </Else>
+            </If>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-FindingsExposures-Workflow.xml b/Community Developed/XM Cyber/XMCyber-FindingsExposures-Workflow.xml
index 24371f8..4a7fc6a 100644
--- a/Community Developed/XM Cyber/XMCyber-FindingsExposures-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-FindingsExposures-Workflow.xml	
@@ -1,329 +1,329 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Findings Exposures" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][FindingsExposures][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/findingsExposuresEndpoint" value="/api/v2/reports/data/scenariosExposureReport/exposures" />
-        <Initialize path="/pageSize" value="1000" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="findings exposures" />
-
-        <Set path="/currentPage" value="1" />
-        <Set path="/totalPages" value="1" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Findings and Exposures collection started." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch findings exposures data with page-based pagination and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/findingsExposuresEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call findings exposures API with OAuth authentication and pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/findingsExposuresEndpoint}" method="GET" savePath="/findingsExposures/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="page" value="${/currentPage}" />
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/findingsExposures/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/findingsExposures/response/status_code = 200">
-
-                    <!-- Extract pagination information -->
-                    <Set path="/totalPages" value="${/findingsExposures/response/body/paging/totalPages}" />
-                    <Set path="/currentPageSize" value="${count(/findingsExposures/response/body/data)}" />
-                    
-                    <!-- Process collected findings exposures events, add tenant prefix and metadata -->
-                    <ForEach item="/currentEvent" items="/findingsExposures/response/body/data">
-                        <Set path="/currentEvent/event_id" value="finding_and_exposure" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                        
-                        <!-- Extract MITRE tactics names from mitre array -->
-                        <If condition="${count(/currentEvent/mitre)} > 0">
-                            <Set path="/currentEvent/mitreTactics" value="[]" />
-                            <ForEach item="/mitreItem" items="/currentEvent/mitre">
-                                <Add path="/currentEvent/mitreTactics" value="${/mitreItem/name}" />
-                            </ForEach>
-                        </If>
-                        
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                    
-                    <!-- Check if there are more pages to process -->
-                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
-                        <Set path="/currentPage" value="${/currentPage + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} Findings and Exposures collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/findingsExposures/response/status_code} = 419 or ${/findingsExposures/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/findingsExposures/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/findingsExposures/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/findingsExposures/response/status_code}, Body - ${/findingsExposures/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/findingsExposures/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Findings Exposures" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][FindingsExposures][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/findingsExposuresEndpoint" value="/api/v2/reports/data/scenariosExposureReport/exposures" />
+        <Initialize path="/pageSize" value="1000" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="findings exposures" />
+
+        <Set path="/currentPage" value="1" />
+        <Set path="/totalPages" value="1" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Findings and Exposures collection started." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch findings exposures data with page-based pagination and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/findingsExposuresEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call findings exposures API with OAuth authentication and pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/findingsExposuresEndpoint}" method="GET" savePath="/findingsExposures/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="page" value="${/currentPage}" />
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/findingsExposures/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/findingsExposures/response/status_code = 200">
+
+                    <!-- Extract pagination information -->
+                    <Set path="/totalPages" value="${/findingsExposures/response/body/paging/totalPages}" />
+                    <Set path="/currentPageSize" value="${count(/findingsExposures/response/body/data)}" />
+                    
+                    <!-- Process collected findings exposures events, add tenant prefix and metadata -->
+                    <ForEach item="/currentEvent" items="/findingsExposures/response/body/data">
+                        <Set path="/currentEvent/event_id" value="finding_and_exposure" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                        
+                        <!-- Extract MITRE tactics names from mitre array -->
+                        <If condition="${count(/currentEvent/mitre)} > 0">
+                            <Set path="/currentEvent/mitreTactics" value="[]" />
+                            <ForEach item="/mitreItem" items="/currentEvent/mitre">
+                                <Add path="/currentEvent/mitreTactics" value="${/mitreItem/name}" />
+                            </ForEach>
+                        </If>
+                        
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                    
+                    <!-- Check if there are more pages to process -->
+                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
+                        <Set path="/currentPage" value="${/currentPage + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} Findings and Exposures collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/findingsExposures/response/status_code} = 419 or ${/findingsExposures/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/findingsExposures/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/findingsExposures/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/findingsExposures/response/status_code}, Body - ${/findingsExposures/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/findingsExposures/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-Products-Workflow.xml b/Community Developed/XM Cyber/XMCyber-Products-Workflow.xml
index 94bb151..393c4a9 100644
--- a/Community Developed/XM Cyber/XMCyber-Products-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-Products-Workflow.xml	
@@ -1,338 +1,338 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Products" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Products][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/productsEndpoint" value="/api/v2/vavm/public/products" />
-        <Initialize path="/pageSize" value="100" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="products" />
-
-        <Set path="/cursor" value="" />
-
-        <!-- Get current timestamp -->
-        <Set path="/currentTimestamp" value="${time()}" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Products collection started." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch products data with cursor-based pagination and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/productsEndpoint} - pageSize ${/pageSize}, cursor: ${/cursor}." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call products API with OAuth authentication and cursor-based pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/productsEndpoint}" method="GET" savePath="/products/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-                        <QueryParameter name="cursor" value="${/cursor}" omitIfEmpty="true" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/products/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/products/response/status_code = 200">
-
-                    <!-- Extract cursor information for next page -->
-                    <Set path="/nextCursor" value="${/products/response/body/meta/next}" />
-                    <Set path="/currentPageSize" value="${count(/products/response/body/data)}" />
-
-                    <!-- Add completion timestamp to the last event if this is the last page -->
-                    <If condition="${/nextCursor = '' or /nextCursor = 'null' or /nextCursor = 'undefined'}">
-                        <If condition="${/currentPageSize} > 0">
-                            <Set path="/products/response/body/data[${/currentPageSize - 1}]/collectionStartTime" value="${/currentTimestamp}" />
-                        </If>
-                    </If>
-
-                    <!-- Process collected product events, add tenant prefix and metadata -->
-                    <ForEach item="/currentEvent" items="/products/response/body/data">
-                        <Set path="/currentEvent/event_id" value="product" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                    
-                    <!-- Check if there are more pages to process based on cursor -->
-                    <If condition="${/nextCursor != '' and /nextCursor != 'null' and /nextCursor != 'undefined'}">
-                        <Split value="${/nextCursor}" delimiter="cursor=" savePath="/cursorParts" />
-                        <Set path="/cursor" value="${/cursorParts[1]}" />
-
-                        <If condition="${/cursor != '' and /cursor != 'null' and /cursor != 'undefined'}">
-                            <Log type="INFO" message="${/logPrefix} - Moving to next page with cursor: ${/cursor}." />
-                        </If>
-                        <Else>
-                            <!-- All pages processed, complete the collection -->
-                            <Set path="/loopBreaker" value="true"/>
-                            <Set path="/errorCount" value="${/maxRetry}"/>
-                            <Log type="INFO" message="${/logPrefix} Products collection completed successfully." />
-                        </Else>
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} Products collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/products/response/status_code} = 419 or ${/products/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/products/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/products/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/products/response/status_code}, Body - ${/products/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/products/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Products" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Products][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/productsEndpoint" value="/api/v2/vavm/public/products" />
+        <Initialize path="/pageSize" value="100" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="products" />
+
+        <Set path="/cursor" value="" />
+
+        <!-- Get current timestamp -->
+        <Set path="/currentTimestamp" value="${time()}" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Products collection started." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch products data with cursor-based pagination and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/productsEndpoint} - pageSize ${/pageSize}, cursor: ${/cursor}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call products API with OAuth authentication and cursor-based pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/productsEndpoint}" method="GET" savePath="/products/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+                        <QueryParameter name="cursor" value="${/cursor}" omitIfEmpty="true" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/products/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/products/response/status_code = 200">
+
+                    <!-- Extract cursor information for next page -->
+                    <Set path="/nextCursor" value="${/products/response/body/meta/next}" />
+                    <Set path="/currentPageSize" value="${count(/products/response/body/data)}" />
+
+                    <!-- Add completion timestamp to the last event if this is the last page -->
+                    <If condition="${/nextCursor = '' or /nextCursor = 'null' or /nextCursor = 'undefined'}">
+                        <If condition="${/currentPageSize} > 0">
+                            <Set path="/products/response/body/data[${/currentPageSize - 1}]/collectionStartTime" value="${/currentTimestamp}" />
+                        </If>
+                    </If>
+
+                    <!-- Process collected product events, add tenant prefix and metadata -->
+                    <ForEach item="/currentEvent" items="/products/response/body/data">
+                        <Set path="/currentEvent/event_id" value="product" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                    
+                    <!-- Check if there are more pages to process based on cursor -->
+                    <If condition="${/nextCursor != '' and /nextCursor != 'null' and /nextCursor != 'undefined'}">
+                        <Split value="${/nextCursor}" delimiter="cursor=" savePath="/cursorParts" />
+                        <Set path="/cursor" value="${/cursorParts[1]}" />
+
+                        <If condition="${/cursor != '' and /cursor != 'null' and /cursor != 'undefined'}">
+                            <Log type="INFO" message="${/logPrefix} - Moving to next page with cursor: ${/cursor}." />
+                        </If>
+                        <Else>
+                            <!-- All pages processed, complete the collection -->
+                            <Set path="/loopBreaker" value="true"/>
+                            <Set path="/errorCount" value="${/maxRetry}"/>
+                            <Log type="INFO" message="${/logPrefix} Products collection completed successfully." />
+                        </Else>
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} Products collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/products/response/status_code} = 419 or ${/products/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/products/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/products/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/products/response/status_code}, Body - ${/products/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/products/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-Scenarios-Workflow.xml b/Community Developed/XM Cyber/XMCyber-Scenarios-Workflow.xml
index c842b08..07f2fb2 100644
--- a/Community Developed/XM Cyber/XMCyber-Scenarios-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-Scenarios-Workflow.xml	
@@ -1,319 +1,319 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Scenarios" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Scenarios][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/scenariosEndpoint" value="/api/scenariosInfo/scenarios" />
-        <Initialize path="/pageSize" value="1000" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="scenarios" />
-
-        <Set path="/currentPage" value="1" />
-        <Set path="/totalPages" value="1" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Scenarios collection started." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch scenarios data with pagination support and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/scenariosEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call scenarios API with OAuth authentication and pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/scenariosEndpoint}" method="GET" savePath="/scenarios/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="page" value="${/currentPage}" />
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/scenarios/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/scenarios/response/status_code = 200">
-
-                    <!-- Extract pagination information -->
-                    <Set path="/totalPages" value="${/scenarios/response/body/paging/totalPages}" />
-                    <Set path="/currentPageSize" value="${count(/scenarios/response/body/data)}" />
-                    
-                    <!-- Process collected scenario events, add tenant prefix and metadata -->
-                    <ForEach item="/currentEvent" items="/scenarios/response/body/data">
-                        <Set path="/currentEvent/event_id" value="scenario" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                    
-                    <!-- Check if there are more pages to process -->
-                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
-                        <Set path="/currentPage" value="${/currentPage + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} Scenarios collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/scenarios/response/status_code} = 419 or ${/scenarios/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/scenarios/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/scenarios/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/scenarios/response/status_code}, Body - ${/scenarios/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/scenarios/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Scenarios" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Scenarios][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/scenariosEndpoint" value="/api/scenarios/v2/scenarios" />
+        <Initialize path="/pageSize" value="1000" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="scenarios" />
+
+        <Set path="/currentPage" value="1" />
+        <Set path="/totalPages" value="1" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Scenarios collection started." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch scenarios data with pagination support and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/scenariosEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call scenarios API with OAuth authentication and pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/scenariosEndpoint}" method="GET" savePath="/scenarios/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="page" value="${/currentPage}" />
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/scenarios/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/scenarios/response/status_code = 200">
+
+                    <!-- Extract pagination information -->
+                    <Set path="/totalPages" value="${/scenarios/response/body/paging/totalPages}" />
+                    <Set path="/currentPageSize" value="${count(/scenarios/response/body/data)}" />
+                    
+                    <!-- Process collected scenario events, add tenant prefix and metadata -->
+                    <ForEach item="/currentEvent" items="/scenarios/response/body/data">
+                        <Set path="/currentEvent/event_id" value="scenario" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                    
+                    <!-- Check if there are more pages to process -->
+                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
+                        <Set path="/currentPage" value="${/currentPage + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} Scenarios collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/scenarios/response/status_code} = 419 or ${/scenarios/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/scenarios/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/scenarios/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/scenarios/response/status_code}, Body - ${/scenarios/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/scenarios/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-SecurityScore-Workflow.xml b/Community Developed/XM Cyber/XMCyber-SecurityScore-Workflow.xml
index a660e95..4e8dbf5 100644
--- a/Community Developed/XM Cyber/XMCyber-SecurityScore-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-SecurityScore-Workflow.xml	
@@ -1,372 +1,371 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Security Score" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="true"/>
-        <Parameter name="timeId" label="Time ID" required="true"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][SecurityScore][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/securityScoreEndpoint" value="/api/systemReport/riskScoreV2" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="security_score" />
-        <Initialize path="/trimmedData" value="[]" />
-        
-        <!-- Validate timeId parameter -->
-        <If condition="${/timeId != 'timeAgo_days_7' and /timeId != 'timeAgo_days_14' and /timeId != 'timeAgo_days_30' and /timeId != 'timeAgo_days_365'}">
-            <Log type="INFO" message="${/logPrefix} - Invalid timeId value: ${/timeId}. Must be one of: timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_365" />
-            <Abort reason="Invalid timeId parameter. Must be one of: timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_365" />
-        </If>
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Security Score collection started with timeId: ${/timeId}, ingestScenarios: ${/ingestScenarios}." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch security score data with retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/securityScoreEndpoint} with timeId: ${/timeId} and resolution: 1." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call security score API with OAuth authentication -->
-                    <CallEndpoint url="${/xmCyberUrl}${/securityScoreEndpoint}" method="GET" savePath="/securityScore/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="timeId" value="${/timeId}" />
-                        <QueryParameter name="resolution" value="1" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/securityScore/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/securityScore/response/status_code = 200">
-
-                    <!-- Process main security score data (remove scenarios array and ingest as single event) -->
-                    <Set path="/securityScoreData" value="${/securityScore/response/body/data}" />
-                    
-                    <!-- Validate if security score data is not empty before ingesting -->
-                    <If condition="${empty(/securityScoreData)} = false">
-                        <!-- Remove scenarios array from the main data -->
-                        <Delete path="/securityScoreData/scenarios"/>
-                        
-                        <!-- Add metadata to security score event -->
-                        <Set path="/securityScoreData/event_id" value="security_score" />
-                        <Set path="/securityScoreData/event_category" value="XM Cyber" />
-                        <Set path="/securityScoreData/tenant" value="${/tenantPrefix}" />
-                        
-                        <!-- Ingest main security score event -->
-                        <PostEvent path="/securityScoreData"/>
-                        <Log type="INFO" message="${/logPrefix} - Security score data ingested in QRadar." />
-                    </If>
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} - Security score data is empty. " />
-                    </Else>
-
-                    <!-- Check if scenarios should be ingested -->
-                    <If condition="${'${lower(/ingestScenarios)}' = 'true'}">
-                        <Log type="INFO" message="${/logPrefix} - Processing scenarios data for ingestion." />
-                        
-                        <!-- Process each scenario individually -->
-                        <Set path="/scenariosCount" value="0" />
-                        <ForEach item="/currentScenario" items="/securityScore/response/body/data/scenarios">
-                            <!-- Limit graphData to last 30 objects if more than 30 exist -->
-                            <Set path="/graphCount" value="${count(/currentScenario/graphData)}" />
-                            <If condition="${/graphCount + 0} &gt; 30">
-                                <!-- Process last 30 entries and extract only required fields (fromDate, toDate, score) -->
-                                <Set path="/trimmedData" value="[]" />
-                                <Set path="/startIndex" value="${/graphCount - 30}" />
-                                <Set path="/currentIndex" value="${/startIndex + 0}" />
-                                <While condition="${/currentIndex + 0} &lt; ${/graphCount + 0}">
-                                    <!-- Delete Campain and Grade fields -->
-                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/campaigns" />
-                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/grade" />
-                                    <Add path="/trimmedData" value="${/currentScenario/graphData[${/currentIndex}]}" />
-                                    <Set path="/currentIndex" value="${/currentIndex + 1}" />
-                                </While>
-                                <Set path="/currentScenario/graphData" value="${/trimmedData}" />
-                            </If>
-                            <Else>
-                                <!-- Process all entries and remove unwanted fields directly -->
-                                <Set path="/currentIndex" value="0" />
-                                <While condition="${/currentIndex + 0} &lt; ${/graphCount + 0}">
-                                    <!-- Delete Campain and Grade fields -->
-                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/campaigns" />
-                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/grade" />
-                                    <Set path="/currentIndex" value="${/currentIndex + 1}" />
-                                </While>
-                            </Else>
-
-                            <!-- Add metadata to each scenario event -->
-                            <Set path="/currentScenario/event_id" value="security_score_scenario" />
-                            <Set path="/currentScenario/event_category" value="XM Cyber" />
-                            <Set path="/currentScenario/tenant" value="${/tenantPrefix}" />
-                            
-                            <!-- Ingest individual scenario event -->
-                            <PostEvent path="/currentScenario"/>
-                            <Set path="/scenariosCount" value="${/scenariosCount + 1}" />
-                        </ForEach>
-                        
-                        <Log type="INFO" message="${/logPrefix} - ${/scenariosCount} scenario events ingested in QRadar." />
-                    </If>
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} - Scenarios ingestion is disabled (ingestScenarios = ${/ingestScenarios})." />
-                    </Else>
-
-                    <!-- Complete the collection -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/maxRetry}"/>
-                    <Log type="INFO" message="${/logPrefix} Security Score collection completed successfully." />
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/securityScore/response/status_code} = 419 or ${/securityScore/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/securityScore/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/securityScore/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/securityScore/response/status_code}, Body - ${/securityScore/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/securityScore/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Security Score" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="true"/>
+        <Parameter name="timeId" label="Time ID" required="true"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][SecurityScore][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/securityScoreEndpoint" value="/api/scenarios/v2/scenarios/riskScore" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="security_score" />
+        <Initialize path="/trimmedData" value="[]" />
+        
+        <!-- Validate timeId parameter -->
+        <If condition="${/timeId != 'timeAgo_days_7' and /timeId != 'timeAgo_days_14' and /timeId != 'timeAgo_days_30' and /timeId != 'timeAgo_days_180'}">
+            <Log type="INFO" message="${/logPrefix} - Invalid timeId value: ${/timeId}. Must be one of: timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_180" />
+            <Abort reason="Invalid timeId parameter. Must be one of: timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_180" />
+        </If>
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Security Score collection started with timeId: ${/timeId}, ingestScenarios: ${/ingestScenarios}." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch security score data with retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/securityScoreEndpoint} with timeId: ${/timeId}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call security score API with OAuth authentication -->
+                    <CallEndpoint url="${/xmCyberUrl}${/securityScoreEndpoint}" method="GET" savePath="/securityScore/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="timeId" value="${/timeId}" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/securityScore/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/securityScore/response/status_code = 200">
+
+                    <!-- Process main security score data (remove scenarios array and ingest as single event) -->
+                    <Set path="/securityScoreData" value="${/securityScore/response/body/data}" />
+                    
+                    <!-- Validate if security score data is not empty before ingesting -->
+                    <If condition="${empty(/securityScoreData)} = false">
+                        <!-- Remove scenarios array from the main data -->
+                        <Delete path="/securityScoreData/scenarios"/>
+                        
+                        <!-- Add metadata to security score event -->
+                        <Set path="/securityScoreData/event_id" value="security_score" />
+                        <Set path="/securityScoreData/event_category" value="XM Cyber" />
+                        <Set path="/securityScoreData/tenant" value="${/tenantPrefix}" />
+                        
+                        <!-- Ingest main security score event -->
+                        <PostEvent path="/securityScoreData"/>
+                        <Log type="INFO" message="${/logPrefix} - Security score data ingested in QRadar." />
+                    </If>
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} - Security score data is empty. " />
+                    </Else>
+
+                    <!-- Check if scenarios should be ingested -->
+                    <If condition="${'${lower(/ingestScenarios)}' = 'true'}">
+                        <Log type="INFO" message="${/logPrefix} - Processing scenarios data for ingestion." />
+                        
+                        <!-- Process each scenario individually -->
+                        <Set path="/scenariosCount" value="0" />
+                        <ForEach item="/currentScenario" items="/securityScore/response/body/data/scenarios">
+                            <!-- Limit graphData to last 30 objects if more than 30 exist -->
+                            <Set path="/graphCount" value="${count(/currentScenario/graphData)}" />
+                            <If condition="${/graphCount + 0} &gt; 30">
+                                <!-- Process last 30 entries and extract only required fields (fromDate, toDate, score) -->
+                                <Set path="/trimmedData" value="[]" />
+                                <Set path="/startIndex" value="${/graphCount - 30}" />
+                                <Set path="/currentIndex" value="${/startIndex + 0}" />
+                                <While condition="${/currentIndex + 0} &lt; ${/graphCount + 0}">
+                                    <!-- Delete Campain and Grade fields -->
+                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/campaigns" />
+                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/grade" />
+                                    <Add path="/trimmedData" value="${/currentScenario/graphData[${/currentIndex}]}" />
+                                    <Set path="/currentIndex" value="${/currentIndex + 1}" />
+                                </While>
+                                <Set path="/currentScenario/graphData" value="${/trimmedData}" />
+                            </If>
+                            <Else>
+                                <!-- Process all entries and remove unwanted fields directly -->
+                                <Set path="/currentIndex" value="0" />
+                                <While condition="${/currentIndex + 0} &lt; ${/graphCount + 0}">
+                                    <!-- Delete Campain and Grade fields -->
+                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/campaigns" />
+                                    <Delete path="/currentScenario/graphData[${/currentIndex}]/grade" />
+                                    <Set path="/currentIndex" value="${/currentIndex + 1}" />
+                                </While>
+                            </Else>
+
+                            <!-- Add metadata to each scenario event -->
+                            <Set path="/currentScenario/event_id" value="security_score_scenario" />
+                            <Set path="/currentScenario/event_category" value="XM Cyber" />
+                            <Set path="/currentScenario/tenant" value="${/tenantPrefix}" />
+                            
+                            <!-- Ingest individual scenario event -->
+                            <PostEvent path="/currentScenario"/>
+                            <Set path="/scenariosCount" value="${/scenariosCount + 1}" />
+                        </ForEach>
+                        
+                        <Log type="INFO" message="${/logPrefix} - ${/scenariosCount} scenario events ingested in QRadar." />
+                    </If>
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} - Scenarios ingestion is disabled (ingestScenarios = ${/ingestScenarios})." />
+                    </Else>
+
+                    <!-- Complete the collection -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/maxRetry}"/>
+                    <Log type="INFO" message="${/logPrefix} Security Score collection completed successfully." />
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/securityScore/response/status_code} = 419 or ${/securityScore/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/securityScore/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/securityScore/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/securityScore/response/status_code}, Body - ${/securityScore/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/securityScore/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-Sensors-Workflow.xml b/Community Developed/XM Cyber/XMCyber-Sensors-Workflow.xml
index 967542e..e604d95 100644
--- a/Community Developed/XM Cyber/XMCyber-Sensors-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-Sensors-Workflow.xml	
@@ -1,319 +1,319 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Sensors" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Sensors][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/sensorsEndpoint" value="/api/sensors" />
-        <Initialize path="/pageSize" value="1000" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="sensors" />
-
-        <Set path="/currentPage" value="1" />
-        <Set path="/totalPages" value="1" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Sensors collection started." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-            
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successfull authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch sensors data with pagination support and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/sensorsEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call sensors API with OAuth authentication and pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/sensorsEndpoint}" method="GET" savePath="/sensors/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="page" value="${/currentPage}" />
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/sensors/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/sensors/response/status_code = 200">
-
-                    <!-- Extract pagination information -->
-                    <Set path="/totalPages" value="${/sensors/response/body/paging/totalPages}" />
-                    <Set path="/currentPageSize" value="${count(/sensors/response/body/data)}" />
-                    
-                    <!-- Process collected sensor events, add tenant prefix and metadata -->
-                    <ForEach item="/currentEvent" items="/sensors/response/body/data">
-                        <Set path="/currentEvent/event_id" value="sensor" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                    
-                    <!-- Check if there are more pages to process -->
-                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
-                        <Set path="/currentPage" value="${/currentPage + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} Sensors collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/sensors/response/status_code} = 419 or ${/sensors/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/sensors/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/sensors/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/sensors/response/status_code}, Body - ${/sensors/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/sensors/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Sensors" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Sensors][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/sensorsEndpoint" value="/api/sensors" />
+        <Initialize path="/pageSize" value="1000" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="sensors" />
+
+        <Set path="/currentPage" value="1" />
+        <Set path="/totalPages" value="1" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Sensors collection started." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+            
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successfull authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch sensors data with pagination support and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/sensorsEndpoint} - Page ${/currentPage}, pageSize ${/pageSize}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call sensors API with OAuth authentication and pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/sensorsEndpoint}" method="GET" savePath="/sensors/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="page" value="${/currentPage}" />
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/sensors/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/sensors/response/status_code = 200">
+
+                    <!-- Extract pagination information -->
+                    <Set path="/totalPages" value="${/sensors/response/body/paging/totalPages}" />
+                    <Set path="/currentPageSize" value="${count(/sensors/response/body/data)}" />
+                    
+                    <!-- Process collected sensor events, add tenant prefix and metadata -->
+                    <ForEach item="/currentEvent" items="/sensors/response/body/data">
+                        <Set path="/currentEvent/event_id" value="sensor" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - Page ${/currentPage}: ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                    
+                    <!-- Check if there are more pages to process -->
+                    <If condition="${/currentPage + 0} &lt; ${/totalPages + 0}">
+                        <Set path="/currentPage" value="${/currentPage + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - Moving to next page: ${/currentPage} of ${/totalPages}." />
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} Sensors collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/sensors/response/status_code} = 419 or ${/sensors/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/sensors/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/sensors/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/sensors/response/status_code}, Body - ${/sensors/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/sensors/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/XMCyber-Vulnerabilities-Workflow.xml b/Community Developed/XM Cyber/XMCyber-Vulnerabilities-Workflow.xml
index 4b7fc1a..9fbb3ad 100644
--- a/Community Developed/XM Cyber/XMCyber-Vulnerabilities-Workflow.xml	
+++ b/Community Developed/XM Cyber/XMCyber-Vulnerabilities-Workflow.xml	
@@ -1,338 +1,338 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<Workflow name="XM Cyber Vulnerabilities" version="1.0"
-    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
-
-    <!-- Collect configurations from workflow parameter file -->
-    <Parameters>
-        <Parameter name="tenantName" label="Tenant Name" required="true"/>
-        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
-        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
-        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
-        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
-        <Parameter name="timeId" label="Time ID" required="false"/>
-    </Parameters>
-
-    <Actions>
-
-        <!-- Clear status of log source -->
-        <ClearStatus />
-
-        <!-- Defining variables for running workflow -->
-        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
-        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Vulnerabilities][${/xmCyberUrl}]" />
-        <Initialize path="/errorCount" value="0" />
-        <Initialize path="/maxRetry" value="3" />
-        <Initialize path="/authEndpoint" value="/api/auth" />
-        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
-        <Initialize path="/vulnerabilitiesEndpoint" value="/api/v2/vavm/public/vulnerabilities" />
-        <Initialize path="/pageSize" value="100" />
-        <Initialize path="/refreshToken" value="" />
-        <Initialize path="/accessToken" value="" />
-        <Initialize path="/defaultSleepTime" value="60" />
-        <Initialize path="/appVersion" value="2.0.0" />
-        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
-        <Initialize path="/collectionType" value="vulnerabilities" />
-
-        <Set path="/cursor" value="" />
-
-        <!-- Get current timestamp -->
-        <Set path="/currentTimestamp" value="${time()}" />
-
-        <!-- Extract tenant prefix from tenantName -->
-        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
-        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
-
-        <!-- Print log in the /var/log/qradar.log file with info log level -->
-        <Log type="INFO" message="${/logPrefix} - Vulnerabilities collection started." />
-
-        <Set path="/errorCount" value="0" />
-
-        <!-- Perform data collection continuously in case of no error -->
-        <While condition="${/errorCount != ${/maxRetry}}">
-
-            <!-- Create Refresh Token if it is not created -->
-            <If condition="${empty(/refreshToken)} = 'true'">
-
-                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
-                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-                        <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/refreshTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Refresh token and Access token from API response -->
-                <If condition="${/refreshTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- Handle 401 Unauthorized -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
-                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for http status code other than 200 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
-                </Else>
-
-            </If>
-            <Else>
-                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
-                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
-
-                        <!-- Request header -->
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                        <RequestHeader name="Content-Type" value="application/json" />
-
-                        <!-- Request body with refresh token -->
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "refreshToken": "${/refreshToken}"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                    <If condition="${/accessTokenResponse/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Storing Access token from API response -->
-                <If condition="${/accessTokenResponse/status_code} = 200">
-                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
-                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
-                </If>
-
-                <!-- In case of expired Refresh token -->
-                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
-
-                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
-                    <Set path="/rateLimitErrorCount" value="0" />
-                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-
-                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
-                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
-
-                            <!-- Request header -->
-                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-                            <RequestHeader name="Content-Type" value="application/json" />
-                            <RequestHeader name="x-api-key" value="${/apiKey}" />
-
-                        </CallEndpoint>
-
-                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
-                        <If condition="${/refreshTokenResponse/status_code} = 429">
-                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
-                            </If>
-                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                            <Sleep duration="${/defaultSleepTime * 1000}" />
-                        </If>
-                        <Else>
-                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                        </Else>
-                    </While>
-
-                    <!-- Storing Refresh token and Access token from API response -->
-                    <If condition="${/refreshTokenResponse/status_code} = 200">
-                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
-                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
-                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
-                    </If>
-
-                    <!-- Aborting execution of workflow for failed API call -->
-                    <Else>
-                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
-                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
-                    </Else>
-                </ElseIf>
-
-                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
-                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
-                </Else>
-            </Else>
-
-            <!-- Reset errorCount after successful authentication -->
-            <Set path="/errorCount" value="0" />
-            <Set path="/loopBreaker" value="false" />
-
-            <!-- Fetch vulnerabilities data with cursor-based pagination and retry mechanism -->
-            <While condition="${/loopBreaker} = false">
-
-                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/vulnerabilitiesEndpoint} - pageSize ${/pageSize}, cursor: ${/cursor}." />
-
-                <Set path="/rateLimitErrorCount" value="0" />
-                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
-                    
-                    <!-- Call vulnerabilities API with OAuth authentication and cursor-based pagination -->
-                    <CallEndpoint url="${/xmCyberUrl}${/vulnerabilitiesEndpoint}" method="GET" savePath="/vulnerabilities/response">
-                        <BearerAuthentication token="${/accessToken}" />
-
-                        <QueryParameter name="pageSize" value="${/pageSize}" />
-                        <QueryParameter name="cursor" value="${/cursor}" omitIfEmpty="true" />
-
-                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
-
-                        <RequestBody type="application/json" encoding="UTF-8">
-                        {
-                            "Accept": "application/json",
-                            "content-type": "application/x-www-form-urlencoded"
-                        }
-                        </RequestBody>
-                    </CallEndpoint>
-
-                    <!-- Handle rate limit (429) -->
-                    <If condition="${/vulnerabilities/response/status_code} = 429">
-                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
-                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
-                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
-                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
-                        </If>
-
-                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
-                        <Sleep duration="${/defaultSleepTime * 1000}" />
-                    </If>
-                    <Else>
-                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
-                    </Else>
-                </While>
-
-                <!-- Handle successful response (200) -->
-                <If condition="/vulnerabilities/response/status_code = 200">
-
-                    <!-- Extract cursor information for next page -->
-                    <Set path="/nextCursor" value="${/vulnerabilities/response/body/meta/next}" />
-                    <Set path="/currentPageSize" value="${count(/vulnerabilities/response/body/data)}" />
-
-                    <!-- Add completion timestamp to the last event if this is the last page -->
-                    <If condition="${/nextCursor = '' or /nextCursor = 'null' or /nextCursor = 'undefined'}">
-                        <If condition="${/currentPageSize} > 0">
-                            <Set path="/vulnerabilities/response/body/data[${/currentPageSize - 1}]/collectionStartTime" value="${/currentTimestamp}" />
-                        </If>
-                    </If>
-
-                    <!-- Process collected vulnerability events, add tenant prefix and metadata -->
-                    <ForEach item="/currentEvent" items="/vulnerabilities/response/body/data">
-                        <Set path="/currentEvent/event_id" value="vulnerability" />
-                        <Set path="/currentEvent/event_category" value="XM Cyber" />
-                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
-                        <PostEvent path="/currentEvent"/>
-                    </ForEach>
-
-                    <!-- Log ingested event count for current page -->
-                    <Log type="INFO" message="${/logPrefix} - ${/currentPageSize} ${/collectionType} ingested in QRadar." />
-                    
-                    <!-- Check if there are more pages to process based on cursor -->
-                    <If condition="${/nextCursor != '' and /nextCursor != 'null' and /nextCursor != 'undefined'}">
-                        <Split value="${/nextCursor}" delimiter="cursor=" savePath="/cursorParts" />
-                        <Set path="/cursor" value="${/cursorParts[1]}" />
-
-                        <If condition="${/cursor != '' and /cursor != 'null' and /cursor != 'undefined'}">
-                            <Log type="INFO" message="${/logPrefix} - Moving to next page with cursor: ${/cursor}." />
-                        </If>
-                        <Else>
-                            <!-- All pages processed, complete the collection -->
-                            <Set path="/loopBreaker" value="true"/>
-                            <Set path="/errorCount" value="${/maxRetry}"/>
-                            <Log type="INFO" message="${/logPrefix} Vulnerabilities collection completed successfully." />
-                        </Else>
-                    </If>
-                    <Else>
-                        <!-- All pages processed, complete the collection -->
-                        <Set path="/loopBreaker" value="true"/>
-                        <Set path="/errorCount" value="${/maxRetry}"/>
-                        <Log type="INFO" message="${/logPrefix} Vulnerabilities collection completed successfully." />
-                    </Else>
-
-                </If>
-                
-                <!-- Handle token expired (419 or 401) -->
-                <ElseIf condition="${/vulnerabilities/response/status_code} = 419 or ${/vulnerabilities/response/status_code} = 401">
-                    <!-- To retry for token expiration -->
-                    <Set path="/loopBreaker" value="true"/>
-                    <Set path="/errorCount" value="${/errorCount + 1}" />
-                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/vulnerabilities/response/status_code}." />
-                    <Set path="/accessToken" value="" />
-                </ElseIf>
-
-                <!-- Handle 403 Forbidden -->
-                <ElseIf condition="/vulnerabilities/response/status_code = 403">
-                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
-                </ElseIf>
-
-                <!-- Handle other error status codes -->
-                <Else>
-                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/vulnerabilities/response/status_code}, Body - ${/vulnerabilities/response/body}" />
-                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/vulnerabilities/response/status_code}." />
-                </Else>
-            </While>
-        </While>
-    </Actions>
-
-    <!-- Performing some connectivity tests -->
-    <Tests>
-        <DNSResolutionTest host="${/tenantName}" />
-        <TCPConnectionTest host="${/tenantName}" />
-        <SSLHandshakeTest host="${/tenantName}" />
-        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
-    </Tests>
-
-</Workflow>
+<?xml version="1.0" encoding="UTF-8" ?>
+<Workflow name="XM Cyber Vulnerabilities" version="1.0"
+    xmlns="http://qradar.ibm.com/UniversalCloudRESTAPI/Workflow/V2_1">
+
+    <!-- Collect configurations from workflow parameter file -->
+    <Parameters>
+        <Parameter name="tenantName" label="Tenant Name" required="true"/>
+        <Parameter name="apiKey" label="API Key" secret="true" required="true" />
+        <Parameter name="ingestChokepointStats" label="Ingest Chokepoint Stats" required="false"/>
+        <Parameter name="auditTrailsStartTime" label="Audit Trails Start Time" required="false"/>
+        <Parameter name="ingestScenarios" label="Ingest Scenarios" required="false"/>
+        <Parameter name="timeId" label="Time ID" required="false"/>
+    </Parameters>
+
+    <Actions>
+
+        <!-- Clear status of log source -->
+        <ClearStatus />
+
+        <!-- Defining variables for running workflow -->
+        <Set path="/xmCyberUrl" value="https://${/tenantName}"/>
+        <Set path="/logPrefix" value="[XM_Cyber_App_for_QRadar][Vulnerabilities][${/xmCyberUrl}]" />
+        <Initialize path="/errorCount" value="0" />
+        <Initialize path="/maxRetry" value="3" />
+        <Initialize path="/authEndpoint" value="/api/auth" />
+        <Initialize path="/refreshEndpoint" value="/api/refresh-token" />
+        <Initialize path="/vulnerabilitiesEndpoint" value="/api/v2/vavm/public/vulnerabilities" />
+        <Initialize path="/pageSize" value="100" />
+        <Initialize path="/refreshToken" value="" />
+        <Initialize path="/accessToken" value="" />
+        <Initialize path="/defaultSleepTime" value="60" />
+        <Initialize path="/appVersion" value="2.1.0" />
+        <Initialize path="/userAgentHeader" value="QRadar-v${/appVersion}" />
+        <Initialize path="/collectionType" value="vulnerabilities" />
+
+        <Set path="/cursor" value="" />
+
+        <!-- Get current timestamp -->
+        <Set path="/currentTimestamp" value="${time()}" />
+
+        <!-- Extract tenant prefix from tenantName -->
+        <Split value="${/tenantName}" delimiter="\." savePath="/tenantParts" />
+        <Set path="/tenantPrefix" value="${/tenantParts[0]}" />
+
+        <!-- Print log in the /var/log/qradar.log file with info log level -->
+        <Log type="INFO" message="${/logPrefix} - Vulnerabilities collection started." />
+
+        <Set path="/errorCount" value="0" />
+
+        <!-- Perform data collection continuously in case of no error -->
+        <While condition="${/errorCount != ${/maxRetry}}">
+
+            <!-- Create Refresh Token if it is not created -->
+            <If condition="${empty(/refreshToken)} = 'true'">
+
+                <Log type="INFO" message="${/logPrefix} - Refresh token not found. Creating new Access and Refresh token using provided API key." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse -->
+                    <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+                        <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/refreshTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Refresh token and Access token from API response -->
+                <If condition="${/refreshTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                    <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                    <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- Handle 401 Unauthorized -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 401">
+                    <Log type="INFO" message="${/logPrefix} Abort - Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                    <Abort reason="Invalid API token provided while collecting ${/collectionType} data. Status code = 401." />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="${/refreshTokenResponse/status_code} = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for http status code other than 200 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access and Refresh token with status code - ${/refreshTokenResponse/status_code}." />
+                </Else>
+
+            </If>
+            <Else>
+                <Log type="INFO" message="${/logPrefix} - Refresh token found. Creating new Access token using stored Refresh token." />
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                    <!-- Create an Access Token using Refresh token and save response at Jpath /accessTokenResponse-->
+                    <CallEndpoint url="${/xmCyberUrl}${/refreshEndpoint}" method="POST" savePath="/accessTokenResponse">
+
+                        <!-- Request header -->
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                        <RequestHeader name="Content-Type" value="application/json" />
+
+                        <!-- Request body with refresh token -->
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "refreshToken": "${/refreshToken}"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                    <If condition="${/accessTokenResponse/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating access token using saved refresh token." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Storing Access token from API response -->
+                <If condition="${/accessTokenResponse/status_code} = 200">
+                    <Log type="INFO" message="${/logPrefix} - Access token created successfully." />
+                    <Set path="/accessToken" value="${/accessTokenResponse/body/accessToken}" />
+                </If>
+
+                <!-- In case of expired Refresh token -->
+                <ElseIf condition="${/accessTokenResponse/status_code} = 401 or ${/accessTokenResponse/status_code} = 400">
+
+                    <Log type="INFO" message="${/logPrefix} - Refresh token is expired. Recreating an Access token and Refresh token using provided API key." />
+                    <Set path="/rateLimitErrorCount" value="0" />
+                    <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+
+                        <!-- Create a Refresh token and Access Token using API key and save response at Jpath /refreshTokenResponse-->
+                        <CallEndpoint url="${/xmCyberUrl}${/authEndpoint}" method="POST" savePath="/refreshTokenResponse">
+
+                            <!-- Request header -->
+                            <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+                            <RequestHeader name="Content-Type" value="application/json" />
+                            <RequestHeader name="x-api-key" value="${/apiKey}" />
+
+                        </CallEndpoint>
+
+                        <!-- Retry 3 times if the status code is 429. i.e API Rate limit exceeded. -->
+                        <If condition="${/refreshTokenResponse/status_code} = 429">
+                            <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                            <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                            <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                                <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                                <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while creating Access and Refresh token." />
+                            </If>
+                            <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                            <Sleep duration="${/defaultSleepTime * 1000}" />
+                        </If>
+                        <Else>
+                            <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                        </Else>
+                    </While>
+
+                    <!-- Storing Refresh token and Access token from API response -->
+                    <If condition="${/refreshTokenResponse/status_code} = 200">
+                        <Log type="INFO" message="${/logPrefix} - Refresh token and Access token created successfully." />
+                        <Set path="/refreshToken" value="${/refreshTokenResponse/body/refreshToken}" />
+                        <Set path="/accessToken" value="${/refreshTokenResponse/body/accessToken}" />
+                    </If>
+
+                    <!-- Aborting execution of workflow for failed API call -->
+                    <Else>
+                        <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}, Body - ${/refreshTokenResponse/body}" />
+                        <Abort reason="API call failed while creating Refresh and Access token with status code - ${/refreshTokenResponse/status_code}." />
+                    </Else>
+                </ElseIf>
+
+                <!-- Aborting execution of workflow for failed API call with status code other than 200 and 401 -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} Abort - API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}, Body - ${/accessTokenResponse/body}" />
+                    <Abort reason="API call failed while creating Access token with status code - ${/accessTokenResponse/status_code}." />
+                </Else>
+            </Else>
+
+            <!-- Reset errorCount after successful authentication -->
+            <Set path="/errorCount" value="0" />
+            <Set path="/loopBreaker" value="false" />
+
+            <!-- Fetch vulnerabilities data with cursor-based pagination and retry mechanism -->
+            <While condition="${/loopBreaker} = false">
+
+                <Log type="INFO" message="${/logPrefix} Collecting ${/collectionType} data from ${/vulnerabilitiesEndpoint} - pageSize ${/pageSize}, cursor: ${/cursor}." />
+
+                <Set path="/rateLimitErrorCount" value="0" />
+                <While condition="${/rateLimitErrorCount != ${/maxRetry}}">
+                    
+                    <!-- Call vulnerabilities API with OAuth authentication and cursor-based pagination -->
+                    <CallEndpoint url="${/xmCyberUrl}${/vulnerabilitiesEndpoint}" method="GET" savePath="/vulnerabilities/response">
+                        <BearerAuthentication token="${/accessToken}" />
+
+                        <QueryParameter name="pageSize" value="${/pageSize}" />
+                        <QueryParameter name="cursor" value="${/cursor}" omitIfEmpty="true" />
+
+                        <RequestHeader name="X-XMCYBER-CONNECTOR-NAME-VERSION" value="${/userAgentHeader}" />
+
+                        <RequestBody type="application/json" encoding="UTF-8">
+                        {
+                            "Accept": "application/json",
+                            "content-type": "application/x-www-form-urlencoded"
+                        }
+                        </RequestBody>
+                    </CallEndpoint>
+
+                    <!-- Handle rate limit (429) -->
+                    <If condition="${/vulnerabilities/response/status_code} = 429">
+                        <Set path="/rateLimitErrorCount" value="${/rateLimitErrorCount + 1}" />
+                        <Log type="INFO" message="${/logPrefix} - API Rate limit exceeded. Status Code: 429." />
+                        <If condition="${/rateLimitErrorCount = ${/maxRetry}}">
+                            <Log type="INFO" message="${/logPrefix} Abort - The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                            <Abort reason="The number of retry attempts (3) exceeded for status code = 429 while collecting ${/collectionType} data." />
+                        </If>
+
+                        <Log type="INFO" message="${/logPrefix} - Sleeping for ${/defaultSleepTime} seconds." />
+                        <Sleep duration="${/defaultSleepTime * 1000}" />
+                    </If>
+                    <Else>
+                        <Set path="/rateLimitErrorCount" value="${/maxRetry}" />
+                    </Else>
+                </While>
+
+                <!-- Handle successful response (200) -->
+                <If condition="/vulnerabilities/response/status_code = 200">
+
+                    <!-- Extract cursor information for next page -->
+                    <Set path="/nextCursor" value="${/vulnerabilities/response/body/meta/next}" />
+                    <Set path="/currentPageSize" value="${count(/vulnerabilities/response/body/data)}" />
+
+                    <!-- Add completion timestamp to the last event if this is the last page -->
+                    <If condition="${/nextCursor = '' or /nextCursor = 'null' or /nextCursor = 'undefined'}">
+                        <If condition="${/currentPageSize} > 0">
+                            <Set path="/vulnerabilities/response/body/data[${/currentPageSize - 1}]/collectionStartTime" value="${/currentTimestamp}" />
+                        </If>
+                    </If>
+
+                    <!-- Process collected vulnerability events, add tenant prefix and metadata -->
+                    <ForEach item="/currentEvent" items="/vulnerabilities/response/body/data">
+                        <Set path="/currentEvent/event_id" value="vulnerability" />
+                        <Set path="/currentEvent/event_category" value="XM Cyber" />
+                        <Set path="/currentEvent/tenant" value="${/tenantPrefix}" />
+                        <PostEvent path="/currentEvent"/>
+                    </ForEach>
+
+                    <!-- Log ingested event count for current page -->
+                    <Log type="INFO" message="${/logPrefix} - ${/currentPageSize} ${/collectionType} ingested in QRadar." />
+                    
+                    <!-- Check if there are more pages to process based on cursor -->
+                    <If condition="${/nextCursor != '' and /nextCursor != 'null' and /nextCursor != 'undefined'}">
+                        <Split value="${/nextCursor}" delimiter="cursor=" savePath="/cursorParts" />
+                        <Set path="/cursor" value="${/cursorParts[1]}" />
+
+                        <If condition="${/cursor != '' and /cursor != 'null' and /cursor != 'undefined'}">
+                            <Log type="INFO" message="${/logPrefix} - Moving to next page with cursor: ${/cursor}." />
+                        </If>
+                        <Else>
+                            <!-- All pages processed, complete the collection -->
+                            <Set path="/loopBreaker" value="true"/>
+                            <Set path="/errorCount" value="${/maxRetry}"/>
+                            <Log type="INFO" message="${/logPrefix} Vulnerabilities collection completed successfully." />
+                        </Else>
+                    </If>
+                    <Else>
+                        <!-- All pages processed, complete the collection -->
+                        <Set path="/loopBreaker" value="true"/>
+                        <Set path="/errorCount" value="${/maxRetry}"/>
+                        <Log type="INFO" message="${/logPrefix} Vulnerabilities collection completed successfully." />
+                    </Else>
+
+                </If>
+                
+                <!-- Handle token expired (419 or 401) -->
+                <ElseIf condition="${/vulnerabilities/response/status_code} = 419 or ${/vulnerabilities/response/status_code} = 401">
+                    <!-- To retry for token expiration -->
+                    <Set path="/loopBreaker" value="true"/>
+                    <Set path="/errorCount" value="${/errorCount + 1}" />
+                    <Log type="INFO" message="${/logPrefix} - Access token is expired with status code - ${/vulnerabilities/response/status_code}." />
+                    <Set path="/accessToken" value="" />
+                </ElseIf>
+
+                <!-- Handle 403 Forbidden -->
+                <ElseIf condition="/vulnerabilities/response/status_code = 403">
+                    <Log type="INFO" message="${/logPrefix} Abort - Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                    <Abort reason="Insufficient permissions while collecting ${/collectionType} data. Status code = 403." />
+                </ElseIf>
+
+                <!-- Handle other error status codes -->
+                <Else>
+                    <Log type="INFO" message="${/logPrefix} - API call failed for collecting ${/collectionType} data with status code - ${/vulnerabilities/response/status_code}, Body - ${/vulnerabilities/response/body}" />
+                    <Abort reason="API call failed for collecting ${/collectionType} data with status code - ${/vulnerabilities/response/status_code}." />
+                </Else>
+            </While>
+        </While>
+    </Actions>
+
+    <!-- Performing some connectivity tests -->
+    <Tests>
+        <DNSResolutionTest host="${/tenantName}" />
+        <TCPConnectionTest host="${/tenantName}" />
+        <SSLHandshakeTest host="${/tenantName}" />
+        <HTTPConnectionThroughProxyTest url="https://${/tenantName}" />
+    </Tests>
+
+</Workflow>
diff --git a/Community Developed/XM Cyber/readMe.md b/Community Developed/XM Cyber/readMe.md
index ec3377e..ab00354 100644
--- a/Community Developed/XM Cyber/readMe.md	
+++ b/Community Developed/XM Cyber/readMe.md	
@@ -1,91 +1,91 @@
-# Collect authentication info from XM Cyber #
-
-To integrate with QRadar, you need to add a XM Cyber log source with QRadar's Universal REST protocol. To do so, you'll need to first collect the following authentication information from XM Cyber:
-
-- XM Cyber Hostname
-- XM Cyber API Key
-
-# XM Cyber Hostname #
-
-To find your XM Cyber Hostname:
-
-1. Log in to XM Cyber, then take the hostname from the URL.
-2. If XM Cyber URL is https://your-tenant.clients.xmcyber.com/login, enter hostname as **your-tenant.clients.xmcyber.com**
-
-# API Key #
-
-To create an API Key, follow the below steps:
-1. Log in to XM Cyber.
-2. Go to System Config > Integrations > XM API.
-3. Click View/generate API keys. The API keys table appears.
-4. Click + Create API key
-5. Complete the following fields:
-   1. Application name: Enter the name of the key, which is how it will appear in the API keys table.
-   2. Description: Describe the purpose or usage of the API key.
-   3. Expiration: Select the number of months until the key expires.
-6. Click Assign Roles.
-7. For each API scope, assign the roles Read.
-8. Click Create. The Copy & Save tab appears with your key.
-9. Copy and save your key now. Important: Once you close the window, you will not be able to recover the key for security
-
-
-# QRadar Log Source Configuration #
-
-If you want to ingest data from an endpoint using Universal Rest API Protocol, configure a log source on the QRadar® Console using the Workflow field so that the defined endpoint can communicate with QRadar by using the Universal Rest API protocol.
-
-1. Log in to QRadar.
-2. Click the *Admin* tab.
-3. To open the app, click the *QRadar Log Source Management* app icon.
-4. Click *New Log Source* > Single Log Source.
-
-
-## 1. Select Log Source Type ##
-1. Select *XM Cyber* log source type. 
-2. Click *Select Protocol Type* to go to the next section.
-
-## 2. Select Protocol Type ##
-1. Select *Universal Cloud Rest API* protocol type. 
-2. Click *Configure Log Source Parameters* to go to the next section.
-3. If option "Universal Cloud Rest API" is not available in protocol type, then uninstall the XM Cyber app from extensions management, install the Universal Cloud Rest API Protocol and then install the XM Cyber app.
-
-## 3. Configure Log Source Parameters ##
-1. Name is the name of the Log Source and it can be kept anything based on the user's choice.
-2. Select "XMCyberCustom_ext" Extension. It is used for post processing of events.
-3. Disable *Coalescing Events* to avoid grouping of the events on the basis of Source and Destination IP. 
-4. Except for the above fields everything can be kept as their default values or if needed can be changed by the QRadar admin.
-5. Click *Configure Protocol Parameters* to go to the next section. 
-
-## 4. Configure Protocol Parameters ##
-1.  Add "Log Source Identifier" of user's choice.
-2.  Copy the content of the any workflow file in "Workflow". List of the workflow files can be found [here](#supported-events-types).
-3.  Modify the content as per user specification in the file XM-Cyber-Workflow-Parameter-Values.xml and add in "Workflow Parameter Values".
-4.  Create new log sources and repeat **QRadar Log Source Configuration** steps to collect other data and use the files as Workflow listed [here](#supported-events-types).
-5.  Recurrence is the time interval between each execution of the workflow. Input the value as 1D, default value would be 10 minutes.
-6.  Except for the above fields everything can be kept as their default values or if needed can be changed by the QRadar admin.
-7.  Click *Test Protocol Parameters* to test the entered workflow files.
-
-## 5. Test Protocol Parameters ##
-1.  Click *Start Test* to start the testing of the entered workflows, once it is finished click *Finish*.
-2.  Deploy the configuration from admin panel.
-
-# Workflow Parameter Description #
-1. tenantName: The API Endpoint Hostname to fetch the events from XM Cyber. If your URL is https://your-tenant.clients.xmcyber.com/login then enter **your-tenant.clients.xmcyber.com**
-2. apiKey: The API Key obtained from XM Cyber portal.
-3. auditTrailsStartTime: Required for Audit Trails collection. Defines the start time for collecting Audit Trails data. Provide the Audit Trails start time in the format YYYY-MM-DDTHH:MM:SS.SSSZ 
-4. ingestChokepointStats: Required for Entities collection. If set to True, entities chokepoint statistics will also be ingested into QRadar as an event after entity data collection. 
-5. ingestScenarios: Required for Security Score collection. If set to True, scenarios data collected during Security Score data collection will also be ingested into QRadar.
-6. timeId: Required for Security Score collection. Defines the start time for collecting Security Score data. Must be from [timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_365].
-
-# Supported Events Types #
-
-| Workflow Name | Events will be collected | API Endpoint |
-| --- | --- | --- |
-| XMCyber-AuditTrails-Workflow.xml | Audit Trail | /api/audit-trail/auditRecords |
-| XMCyber-Entities-Workflow.xml | Compromised Entity, Entity, Entity Chokepoint | /api/v2/reports/data/scenariosCriticalAssetsReport/entities, /api/entityInventory/entities, /api/v2/reports/data/scenariosChokePointsReport/chokePointsEntities |
-| XMCyber-Devices-Workflow.xml | Device | /api/v2/vavm/devices |
-| XMCyber-FindingsExposures-Workflow.xml | Finding and Exposure | /api/v2/reports/data/scenariosExposureReport/exposures |
-| XMCyber-Products-Workflow.xml | Products | /api/v2/vavm/public/products |
-| XMCyber-Scenarios-Workflow.xml | Scenario | /api/scenariosInfo/scenarios |
-| XMCyber-SecurityScore-Workflow.xml | Security Score, Security Score Scenario | /api/systemReport/riskScoreV2 |
-| XMCyber-Sensors-Workflow.xml | Sensor | /api/sensors |
+# Collect authentication info from XM Cyber #
+
+To integrate with QRadar, you need to add a XM Cyber log source with QRadar's Universal REST protocol. To do so, you'll need to first collect the following authentication information from XM Cyber:
+
+- XM Cyber Hostname
+- XM Cyber API Key
+
+# XM Cyber Hostname #
+
+To find your XM Cyber Hostname:
+
+1. Log in to XM Cyber, then take the hostname from the URL.
+2. If XM Cyber URL is https://your-tenant.clients.xmcyber.com/login, enter hostname as **your-tenant.clients.xmcyber.com**
+
+# API Key #
+
+To create an API Key, follow the below steps:
+1. Log in to XM Cyber.
+2. Go to System Config > Integrations > XM API.
+3. Click View/generate API keys. The API keys table appears.
+4. Click + Create API key
+5. Complete the following fields:
+   1. Application name: Enter the name of the key, which is how it will appear in the API keys table.
+   2. Description: Describe the purpose or usage of the API key.
+   3. Expiration: Select the number of months until the key expires.
+6. Click Assign Roles.
+7. For each API scope, assign the roles Read.
+8. Click Create. The Copy & Save tab appears with your key.
+9. Copy and save your key now. Important: Once you close the window, you will not be able to recover the key for security
+
+
+# QRadar Log Source Configuration #
+
+If you want to ingest data from an endpoint using Universal Rest API Protocol, configure a log source on the QRadar® Console using the Workflow field so that the defined endpoint can communicate with QRadar by using the Universal Rest API protocol.
+
+1. Log in to QRadar.
+2. Click the *Admin* tab.
+3. To open the app, click the *QRadar Log Source Management* app icon.
+4. Click *New Log Source* > Single Log Source.
+
+
+## 1. Select Log Source Type ##
+1. Select *XM Cyber* log source type. 
+2. Click *Select Protocol Type* to go to the next section.
+
+## 2. Select Protocol Type ##
+1. Select *Universal Cloud Rest API* protocol type. 
+2. Click *Configure Log Source Parameters* to go to the next section.
+3. If option "Universal Cloud Rest API" is not available in protocol type, then uninstall the XM Cyber app from extensions management, install the Universal Cloud Rest API Protocol and then install the XM Cyber app.
+
+## 3. Configure Log Source Parameters ##
+1. Name is the name of the Log Source and it can be kept anything based on the user's choice.
+2. Select "XMCyberCustom_ext" Extension. It is used for post processing of events.
+3. Disable *Coalescing Events* to avoid grouping of the events on the basis of Source and Destination IP. 
+4. Except for the above fields everything can be kept as their default values or if needed can be changed by the QRadar admin.
+5. Click *Configure Protocol Parameters* to go to the next section. 
+
+## 4. Configure Protocol Parameters ##
+1.  Add "Log Source Identifier" of user's choice.
+2.  Copy the content of the any workflow file in "Workflow". List of the workflow files can be found [here](#supported-events-types).
+3.  Modify the content as per user specification in the file XM-Cyber-Workflow-Parameter-Values.xml and add in "Workflow Parameter Values".
+4.  Create new log sources and repeat **QRadar Log Source Configuration** steps to collect other data and use the files as Workflow listed [here](#supported-events-types).
+5.  Recurrence is the time interval between each execution of the workflow. Input the value as 1D, default value would be 10 minutes.
+6.  Except for the above fields everything can be kept as their default values or if needed can be changed by the QRadar admin.
+7.  Click *Test Protocol Parameters* to test the entered workflow files.
+
+## 5. Test Protocol Parameters ##
+1.  Click *Start Test* to start the testing of the entered workflows, once it is finished click *Finish*.
+2.  Deploy the configuration from admin panel.
+
+# Workflow Parameter Description #
+1. tenantName: The API Endpoint Hostname to fetch the events from XM Cyber. If your URL is https://your-tenant.clients.xmcyber.com/login then enter **your-tenant.clients.xmcyber.com**
+2. apiKey: The API Key obtained from XM Cyber portal.
+3. auditTrailsStartTime: Required for Audit Trails collection. Defines the start time for collecting Audit Trails data. Provide the Audit Trails start time in the format YYYY-MM-DDTHH:MM:SS.SSSZ 
+4. ingestChokepointStats: Required for Entities collection. If set to True, entities chokepoint statistics will also be ingested into QRadar as an event after entity data collection. 
+5. ingestScenarios: Required for Security Score collection. If set to True, scenarios data collected during Security Score data collection will also be ingested into QRadar.
+6. timeId: Required for Security Score collection. Defines the start time for collecting Security Score data. Must be from [timeAgo_days_7, timeAgo_days_14, timeAgo_days_30, timeAgo_days_180].
+
+# Supported Events Types #
+
+| Workflow Name | Events will be collected | API Endpoint |
+| --- | --- | --- |
+| XMCyber-AuditTrails-Workflow.xml | Audit Trail | /api/audit-trail/auditRecords |
+| XMCyber-Entities-Workflow.xml | Compromised Entity, Entity, Entity Chokepoint | /api/v2/reports/data/scenariosCriticalAssetsReport/entities, /api/entityInventory/entities, /api/v2/reports/data/scenariosChokePointsReport/chokePointsEntities |
+| XMCyber-Devices-Workflow.xml | Device | /api/v2/vavm/devices |
+| XMCyber-FindingsExposures-Workflow.xml | Finding and Exposure | /api/v2/reports/data/scenariosExposureReport/exposures |
+| XMCyber-Products-Workflow.xml | Products | /api/v2/vavm/public/products |
+| XMCyber-Scenarios-Workflow.xml | Scenario | /api/scenarios/v2/scenarios |
+| XMCyber-SecurityScore-Workflow.xml | Security Score, Security Score Scenario | /api/scenarios/v2/scenarios/riskScore |
+| XMCyber-Sensors-Workflow.xml | Sensor | /api/sensors |
 | XMCyber-Vulnerabilities-Workflow.xml | Vulnerability | /api/v2/vavm/public/vulnerabilities |
\ No newline at end of file