From 4406202ba16f0611be80ad54b33893b573f3a95c Mon Sep 17 00:00:00 2001 From: Shmuel Kroizer <69422117+shmuel44@users.noreply.github.com> Date: Mon, 10 Jun 2024 21:38:06 +0300 Subject: [PATCH] [QRadar v3] Metrics (#34485) * init * finally * RN * dashboard and widget * fix * revert * pre-commit * Update Packs/QRadar/pack_metadata.json * rn and readme * Update Packs/QRadar/Integrations/QRadar_v3/README.md * Apply suggestions from code review Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --------- Co-authored-by: dorschw <81086590+dorschw@users.noreply.github.com> --- Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py | 8 +++++++- Packs/QRadar/Integrations/QRadar_v3/README.md | 8 ++++++++ Packs/QRadar/ReleaseNotes/2_5_0.md | 6 ++++++ Packs/QRadar/pack_metadata.json | 2 +- 4 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 Packs/QRadar/ReleaseNotes/2_5_0.md diff --git a/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py b/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py index 862dbf0fab71..443d853d93c5 100644 --- a/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py +++ b/Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py @@ -472,7 +472,8 @@ def http_request(self, method: str, url_suffix: str, params: Optional[dict] = No headers=headers, error_handler=self.qradar_error_handler, timeout=timeout or self.timeout, - resp_type=resp_type + resp_type=resp_type, + with_metrics=True ) except (DemistoException, requests.ReadTimeout) as error: demisto.error(f'Error {error} in time {_time}') @@ -5336,6 +5337,11 @@ def main() -> None: # pragma: no cover except Exception as e: print_debug_msg(f"The integration context_data is {get_integration_context()}") return_error(f'Failed to execute {demisto.command()} command.\nError:\n{traceback.format_exc()}\nException is: {str(e)}') + finally: + # CIAC-10628 + if command not in ("test-module", "fetch-incidents", "long-running-execution"): + client._return_execution_metrics_results() + client.execution_metrics.metrics = None ''' ENTRY POINT ''' diff --git a/Packs/QRadar/Integrations/QRadar_v3/README.md b/Packs/QRadar/Integrations/QRadar_v3/README.md index 6c6925bd8531..aecade7fc576 100644 --- a/Packs/QRadar/Integrations/QRadar_v3/README.md +++ b/Packs/QRadar/Integrations/QRadar_v3/README.md @@ -129,6 +129,14 @@ Alternatively, the [retrieve events command](#qradar-search-retrieve-events) can If the command takes too long to finish executing, try setting the `interval_in_seconds` to a lower value (down to a minimum of 10 seconds). +### API Call Metrics + +This feature collects metadata on QRadar API calls and their success status. + +API Call metrics are not available for long-running commands such as `fetch incidents`. + +API Metrics are shown in the built-in **API Execution Metrics** dashboard, and are available to use in custom widgets. + ## Commands You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. diff --git a/Packs/QRadar/ReleaseNotes/2_5_0.md b/Packs/QRadar/ReleaseNotes/2_5_0.md new file mode 100644 index 000000000000..84283bac1f01 --- /dev/null +++ b/Packs/QRadar/ReleaseNotes/2_5_0.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### IBM QRadar v3 + +Added support for API Execution Metric reporting for QRadar commands, excluding long-running commands such as fetch incidents. diff --git a/Packs/QRadar/pack_metadata.json b/Packs/QRadar/pack_metadata.json index 8612e8b46864..83b869a1143d 100644 --- a/Packs/QRadar/pack_metadata.json +++ b/Packs/QRadar/pack_metadata.json @@ -2,7 +2,7 @@ "name": "IBM QRadar", "description": "Fetch offenses as incidents and search QRadar", "support": "xsoar", - "currentVersion": "2.4.59", + "currentVersion": "2.5.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",