Qradar reference sets list issue (#32779)

* fix qradar-reference-sets-list to able use ref_name with filter and range * Bump pack from version QRadar to 2.4.49. * filter description * Update QRadar_v3.py * RN * RN --------- Co-authored-by: Content Bot <[email protected]>
demisto · Feb 28, 2024 · 538189c · 538189c
1 parent 2d4f56a
commit 538189c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 4 deletions.
diff --git a/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py b/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py
@@ -587,8 +587,8 @@ def search_results_get(self, search_id: str, range_: Optional[str] = None):
     def reference_sets_list(self, range_: Optional[str] = None, ref_name: Optional[str] = None,
                             filter_: Optional[str] = None, fields: Optional[str] = None):
         name_suffix = f'/{parse.quote(ref_name, safe="")}' if ref_name else ''
-        params = assign_params(fields=fields) if ref_name else assign_params(filter=filter_, fields=fields)
-        additional_headers = {'Range': range_} if not ref_name else None
+        params = assign_params(filter=filter_, fields=fields)
+        additional_headers = {'Range': range_}
         return self.http_request(
             method='GET',
             url_suffix=f'/reference_data/sets{name_suffix}',

diff --git a/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.yml b/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.yml
@@ -927,7 +927,9 @@ script:
       description: 'Range of results to return (e.g.: 0-20, 3-5, 3-3).'
       defaultValue: 0-49
     - name: filter
-      description: 'Query by which to filter reference sets, e.g., "timeout_type=FIRST_SEEN". For reference, see: https://www.ibm.com/support/knowledgecenter/SS42VS_SHR/com.ibm.qradarapi.doc/c_rest_api_filtering.html'
+      description: |-
+        Query by which to filter reference sets, e.g., "timeout_type=FIRST_SEEN". For reference, see: https://www.ibm.com/support/knowledgecenter/SS42VS_SHR/com.ibm.qradarapi.doc/c_rest_api_filtering.html.
+        when using both ref_name and filter arguments, the filter should be from the data values of the specified reference set, e.g. "value='1.1.1.1'".
     - name: fields
       description: 'Comma-separated list of fields to retrieve in the response. Fields that are not explicitly named are excluded. E.g., "name,timeout_type". Specify subfields in brackets and multiple fields in the same object separated by commas. For a full list of available fields, see:  https://ibmsecuritydocs.github.io/qradar_api_14.0/14.0--reference_data-sets-GET.html.'
       isArray: true

diff --git a/Packs/QRadar/ReleaseNotes/2_4_50.md b/Packs/QRadar/ReleaseNotes/2_4_50.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### IBM QRadar v3
+
+- Fixed an issue in **qradar-reference-sets-list** when using the ref_name argument with filter or range arguments didn't effect on the results as expected.
+- Updated the Docker image to: *demisto/python3:3.10.13.87159*.
diff --git a/Packs/QRadar/pack_metadata.json b/Packs/QRadar/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "IBM QRadar",
     "description": "Fetch offenses as incidents and search QRadar",
     "support": "xsoar",
-    "currentVersion": "2.4.49",
+    "currentVersion": "2.4.50",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",