added EVENTS_SEARCH_TRIES to advanced_params (demisto#41515)

Author: DeanArbel

Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.py

@@ -53,8 +53,8 @@
 ADVANCED_PARAMETER_INT_NAMES = [
     "EVENTS_INTERVAL_SECS",
     "MAX_SEARCHES_QUEUE",
-    "EVENTS_SEARCH_RETRIES",
-    "EVENTS_POLLING_RETRIES",
+    "EVENTS_SEARCH_TRIES",
+    "EVENTS_POLLING_TRIES",
     "EVENTS_SEARCH_RETRY_SECONDS",
     "FAILURE_SLEEP",
     "FETCH_SLEEP",

Packs/QRadar/Integrations/QRadar_v3/QRadar_v3.yml

@@ -97,7 +97,7 @@ configuration:
   name: limit_assets
   type: 0
   section: Collect
-- additionalinfo: 'The parameter uses the AQL SELECT syntax. For more information, see: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.4/com.ibm.qradar.doc/c_aql_intro.html'
+- additionalinfo: 'The parameter uses the AQL SELECT syntax. For more information, see: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.4/com.ibm.qradar.doc/c_aql_intro.html. Selecting over 100 fields can result in long waiting times for queries.'
   defaultvalue: 'QIDNAME(qid), LOGSOURCENAME(logsourceid), CATEGORYNAME(highlevelcategory), CATEGORYNAME(category), PROTOCOLNAME(protocolid), sourceip, sourceport, destinationip, destinationport, QIDDESCRIPTION(qid), username, PROTOCOLNAME(protocolid), RULENAME("creEventList"), sourcegeographiclocation, sourceMAC, sourcev6, destinationgeographiclocation, destinationv6, LOGSOURCETYPENAME(devicetype), credibility, severity, magnitude, eventcount, eventDirection, postNatDestinationIP, postNatDestinationPort, postNatSourceIP, postNatSourcePort, preNatDestinationPort, preNatSourceIP, preNatSourcePort, UTF8(payload), starttime, devicetime'
   display: 'Event fields to return from the events query (WARNING: This parameter is correlated to the incoming mapper and changing the values may adversely affect mapping).'
   name: events_columns

Packs/QRadar/Integrations/QRadar_v3/README.md

@@ -19,7 +19,7 @@ This is the default integration for this content pack when configured by the Dat
 | Number of offenses to pull per API call (max 50) | In case of mirroring with events, this value will be used for mirroring API calls as well, and it is advised to have a small value. | False |
 | Query to fetch offenses. | Define a query to determine which offenses to fetch. E.g., "severity >= 4 AND id > 5". | False |
 | Incidents Enrichment | IPs enrichment transforms IDs of the IPs of the offense to IP values. Asset enrichment adds correlated assets to the fetched offenses. | True |
-| Event fields to return from the events query (WARNING: This parameter is correlated to the incoming mapper and changing the values may adversely affect mapping). | The parameter uses the AQL SELECT syntax. For more information, see: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.4/com.ibm.qradar.doc/c_aql_intro.html | False |
+| Event fields to return from the events query (WARNING: This parameter is correlated to the incoming mapper and changing the values may adversely affect mapping). | The parameter uses the AQL SELECT syntax. For more information, see: https://www.ibm.com/support/knowledgecenter/en/SS42VS_7.4/com.ibm.qradar.doc/c_aql_intro.html. Selecting over 100 fields can result in long waiting times for queries. | False |
 | Mirroring Options | How mirroring from QRadar to Cortex XSOAR should be done, available from QRadar 7.3.3 Fix Pack 3. For further explanation on how to check your QRadar version, see the integration documentation at https://xsoar.pan.dev. | False |
 | Close Mirrored XSOAR Incident | When selected, closing the QRadar offense is mirrored in Cortex XSOAR. | False |
 | The number of incoming incidents to mirror each time | Maximum number of incoming incidents to mirror each time. | False |

Packs/QRadar/ReleaseNotes/2_5_28.md

@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### IBM QRadar v3
+
+- Updated the QRadar v3 integration to support *EVENTS_POLLING_TRIES* and *EVENTS_SEARCH_TRIES* in **Advanced Parameters**.

Packs/QRadar/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "IBM QRadar",
     "description": "Fetch offenses as incidents and search QRadar",
     "support": "xsoar",
-    "currentVersion": "2.5.27",
+    "currentVersion": "2.5.28",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",