[EDL] warn of updating with empty query (#28144)

* warn when updating with empty query * bold warning * autopep8 * Update Packs/EDL/Integrations/EDL/EDL.py Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com> * bump docker image --------- Co-authored-by: yuvalbenshalom <ybenshalom@paloaltonetworks.com>
demisto · Jul 16, 2023 · b2e6588 · b2e6588
1 parent 045570d
commit b2e6588
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 5 deletions.
diff --git a/Packs/EDL/Integrations/EDL/EDL.py b/Packs/EDL/Integrations/EDL/EDL.py
@@ -1124,7 +1124,17 @@ def update_edl_command(args: Dict, params: Dict):
     ctx = request_args.to_context_json()
     ctx[EDL_ON_DEMAND_KEY] = True
     set_integration_context(ctx)
-    hr = 'EDL will be updated the next time you access it'
+    hr = 'EDL will be updated the next time you access it.'
+
+    if not query:
+        warning = "\n**Warning**: Updating EDL, while not specifying a query, may load unwanted indicators."
+
+        if (param_query := params.get("query")):
+            warning += f" Hint: use {param_query} to update indicators using the configured integration instance parameter."
+
+        hr += warning
+        demisto.info(warning)
+
     return hr, {}, {}
 
 

diff --git a/Packs/EDL/Integrations/EDL/EDL.yml b/Packs/EDL/Integrations/EDL/EDL.yml
@@ -12,7 +12,7 @@ configuration:
   type: 8
   section: Connect
   advanced: true
-- additionalinfo: The query to run to update the indicators list. To view expected results, run the following command from the Cortex XSOAR CLI `!findIndicators query=<your query>`
+- additionalinfo: The query to run to update the indicators list. To view expected results, run the following command from the Cortex XSOAR CLI `!findIndicators query=<your query>`. An empty value may load unwanted indicators.
   display: Indicator Query
   name: indicators_query
   type: 0
@@ -306,7 +306,7 @@ script:
     description: Updates values stored in the EDL (only available On-Demand).
   - name: export-indicators-list-update
     arguments:
-    - description: The query to run to update the indicators list. To view expected results, run the following command from the Cortex XSOAR CLI `!findIndicators query=<your query>`
+    - description: The query to run to update the indicators list. To view expected results, run the following command from the Cortex XSOAR CLI `!findIndicators query=<your query>`. An empty value may load unwanted indicators.
       name: query
     - auto: PREDEFINED
       defaultValue: PAN-OS (text)
@@ -386,7 +386,7 @@ script:
       - 'False'
       - 'True'
     description: Updates values stored in the List (only available On-Demand).
-  dockerimage: demisto/flask-nginx:1.0.0.63817
+  dockerimage: demisto/flask-nginx:1.0.0.65013
   longRunning: true
   longRunningPort: true
   script: '-'

diff --git a/Packs/EDL/ReleaseNotes/3_2_3.md b/Packs/EDL/ReleaseNotes/3_2_3.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### Generic Export Indicators Service
+
+- Added a warning message when calling the `export-indicators-list-update` command without the `query` argument, as it may result in unwanted indicators added.
+- Updated the Docker image to: *demisto/flask-nginx:1.0.0.65013*.
diff --git a/Packs/EDL/pack_metadata.json b/Packs/EDL/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "Generic Export Indicators Service",
     "description": "Use this pack to generate a list based on your Threat Intel Library, and export it to ANY other product in your network, such as your firewall, agent or SIEM. This pack is built for ongoing distribution of indicators from XSOAR to other products in the network, by creating an endpoint with a list of indicators that can be pulled by external vendors.",
     "support": "xsoar",
-    "currentVersion": "3.2.2",
+    "currentVersion": "3.2.3",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",