Qradar upload indicators command bug (demisto#36552)

* added the quiet mode arg for upload indicators command * added rn * added unittest * pre-commit fix * revert * Update Packs/QRadar/ReleaseNotes/2_5_5.md Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com> --------- Co-authored-by: JudithB <132264628+jbabazadeh@users.noreply.github.com>
PaloAltoNetworks · Sep 30, 2024 · 712d3e6 · 712d3e6
1 parent ad2f54b
commit 712d3e6
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 1 deletion.
diff --git a/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.yml b/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.yml
@@ -1199,6 +1199,13 @@ script:
       isArray: true
     - name: task_id
       description: The ID of the task that is created to add or update the element in the reference set. The task ID can be used to poll the status of the task by using the 'qradar-tasks-get' command.
+    - name: quiet_mode
+      defaultValue: 'false'
+      auto: PREDEFINED
+      predefined:
+      - 'true'
+      - 'false'
+      description: If true, does not output the updated reference set data. This argument helps avoid large outputs when the reference set is large.
     polling: true
   - name: qradar-geolocations-for-ip
     description: Retrieves the MaxMind GeoIP data for the specified IP address.

diff --git a/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3_test.py b/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3_test.py
@@ -1949,3 +1949,31 @@ def test_qradar_reference_set_value_upsert_command_quiet_mode(mocker, quiet_mode
     assert all("Name" in i for i in result.outputs)
     assert all("Data" not in i for i in result.outputs) or not quiet_mode
     assert "data" in result.raw_response
+
+
+@pytest.mark.parametrize('quiet_mode', [False, True])
+def test_qradar_indicators_upload_command_quiet_mode(mocker, quiet_mode):
+    """
+    Given:
+        - A reference set with data
+    When:
+        - Running qradar-indicators-upload with quiet_mode, once set to true and once to false
+        - The polling status is "completed" (i.e. the results should be returned in the current interval)
+    Then:
+        - Ensure the command does not output the reference set data iff quiet_mode=true
+        - Ensure the data is always in the raw response
+    """
+    args = {"ref_name": "test_ref", "quiet_mode": quiet_mode, "task_id": "test"}
+
+    mocker.patch.object(QRadar_v3.ScheduledCommand, "raise_error_if_not_supported")
+    mocker.patch.object(client, "get_reference_data_bulk_task_status", return_value={"status": "COMPLETED"})
+    mocker.patch.object(IndicatorsSearcher, "search_indicators_by_version",
+                        return_value={"iocs": [{"value": "test", "indicator_type": "ip"}]})
+    mock_response = command_test_data["reference_set_bulk_load"]['response'] | {"data": ["some_data"]}
+    mocker.patch.object(client, "reference_sets_list", return_value=mock_response)
+
+    result = qradar_indicators_upload_command(args, client=client, params={"api_version": "17.0"})
+
+    assert all("Name" in i for i in result.outputs)
+    assert all("Data" not in i for i in result.outputs) or not quiet_mode
+    assert "data" in result.raw_response
diff --git a/Packs/QRadar/Integrations/QRadar_v3/README.md b/Packs/QRadar/Integrations/QRadar_v3/README.md
@@ -1877,6 +1877,7 @@ Uploads indicators to QRadar.
 | limit | The maximum number of indicators to fetch from Cortex XSOAR. Default is 50. | Optional | 
 | page | The page from which to get the indicators. | Optional | 
 | fields | Comma-separated list of fields to retrieve in the response. Fields that are not explicitly named are excluded. E.g., "name,timeout_type". Specify subfields in brackets and multiple fields in the same object separated by commas. For a full list of available fields, see: https://ibmsecuritydocs.github.io/qradar_api_14.0/14.0--reference_data-maps-bulk_load-namespace-name-domain_id-POST.html. | Optional | 
+| quiet_mode | If true, does not output the updated reference set data. This argument helps avoid large outputs when the reference set is large. Possible values are: true, false. | Optional | 
 
 #### Context Output
 

diff --git a/Packs/QRadar/ReleaseNotes/2_5_5.md b/Packs/QRadar/ReleaseNotes/2_5_5.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### IBM QRadar v3
+
+- Added the *quiet_mode* argument to the ***qradar-indicators-upload*** command to avoid large outputs
diff --git a/Packs/QRadar/pack_metadata.json b/Packs/QRadar/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "IBM QRadar",
     "description": "Fetch offenses as incidents and search QRadar",
     "support": "xsoar",
-    "currentVersion": "2.5.4",
+    "currentVersion": "2.5.5",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",