From 3308b1eb063da0d66aed7c20158ca8fb7d7c6e60 Mon Sep 17 00:00:00 2001
From: Andrew Shamah <42912128+amshamah419@users.noreply.github.com>
Date: Wed, 28 Jun 2023 12:20:40 +0300
Subject: [PATCH] MISP feed - Update Query documentation (#27713)

---
 .../Integrations/FeedMISP/FeedMISP.py         |  3 +++
 .../FeedMISP/Integrations/FeedMISP/README.md  | 19 +++++++++++++++++++
 Packs/FeedMISP/ReleaseNotes/1_0_24.md         |  5 +++++
 Packs/FeedMISP/pack_metadata.json             |  2 +-
 4 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 Packs/FeedMISP/ReleaseNotes/1_0_24.md

diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py
index f07e9569bbf6..f1a6f951ac69 100644
--- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py
+++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py
@@ -350,6 +350,9 @@ def fetch_indicators(client: Client,
                      is_fetch: bool = True) -> List[Dict]:
     params_dict = clean_user_query(query) if query else build_params_dict(tags, attribute_type)
 
+    if limit and limit not in params_dict:
+        params_dict['limit'] = limit
+
     response = client.search_query(params_dict)
     indicators_iterator = build_indicators_iterator(response, url)
     added_indicators_iterator = update_indicators_iterator(indicators_iterator, params_dict, is_fetch)
diff --git a/Packs/FeedMISP/Integrations/FeedMISP/README.md b/Packs/FeedMISP/Integrations/FeedMISP/README.md
index 0ca259e49673..9e0bb30d11fa 100644
--- a/Packs/FeedMISP/Integrations/FeedMISP/README.md
+++ b/Packs/FeedMISP/Integrations/FeedMISP/README.md
@@ -117,3 +117,22 @@ Gets indicators from the feed.
 
 #### Human Readable Output
 Retrieved 7 indicators.
+
+## Additional Information
+If you experience a timeout error while fetching indicators, the following query configuration may be helpful for you.
+
+You can configure the feed to return results from the last 24 hours as shown below:
+```json
+{
+    "returnFormat": "json",
+    "type": {
+        "OR": []
+    },
+    "tags": {
+        "OR": []
+    },
+    "last":"24h"
+}
+```
+
+Both of the above queries can be modified however you would like depending on your specific use case. Additional information can be found here https://www.misp-project.org/openapi/#tag/Attributes/operation/restSearchAttributes
\ No newline at end of file
diff --git a/Packs/FeedMISP/ReleaseNotes/1_0_24.md b/Packs/FeedMISP/ReleaseNotes/1_0_24.md
new file mode 100644
index 000000000000..411e5cf94252
--- /dev/null
+++ b/Packs/FeedMISP/ReleaseNotes/1_0_24.md
@@ -0,0 +1,5 @@
+
+#### Integrations
+
+##### MISP Feed
+- Documentation and metadata improvements.
diff --git a/Packs/FeedMISP/pack_metadata.json b/Packs/FeedMISP/pack_metadata.json
index 057ded7adcdd..364d7458c630 100644
--- a/Packs/FeedMISP/pack_metadata.json
+++ b/Packs/FeedMISP/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "MISP Feed",
     "description": "Indicators feed from MISP",
     "support": "xsoar",
-    "currentVersion": "1.0.23",
+    "currentVersion": "1.0.24",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",