https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/create-script-to-close-xdr-alerts-from-xsoar/m-p/516147#M1240 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/226640">@Josep</a>,</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The current XDR integration does not have a command to update alerts. I would suggest raising a Feature Request at <A href="https://xsoar.ideas.aha.io/ideas" target="_blank">https://xsoar.ideas.aha.io/ideas</A>. You can also write the additional API call yourself if required, refer&nbsp;<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-management/update-an-alert" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-management/update-an-alert</A>&nbsp;</P> <P>&nbsp;</P> <P>Once you have the API call and the command added to the integration, you can configure a post-processing script to run when the XSOAR incident is closed. This script can be configured to close all related XDR alerts.&nbsp;</P> <P>&nbsp;</P> Wed, 28 Sep 2022 01:18:24 GMT jfernandes1 2022-09-28T01:18:24Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/create-script-to-close-xdr-alerts-from-xsoar/m-p/516095#M1237 <P>Hello,</P> <P>XSOAR and XDR are used with mirroring, when an incident is closed from XSOAR it's closed in XDR too. However, the alerts in XDR are not. So an script is needed in XSOAR to close those XDR alerts. How is this is script done? where should be set? How to sync all up?<BR />Thanks</P> Tue, 27 Sep 2022 16:23:51 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/create-script-to-close-xdr-alerts-from-xsoar/m-p/516095#M1237 Josep 2022-09-27T16:23:51Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/create-script-to-close-xdr-alerts-from-xsoar/m-p/516147#M1240 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/226640">@Josep</a>,</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The current XDR integration does not have a command to update alerts. I would suggest raising a Feature Request at <A href="https://xsoar.ideas.aha.io/ideas" target="_blank">https://xsoar.ideas.aha.io/ideas</A>. You can also write the additional API call yourself if required, refer&nbsp;<A href="https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-management/update-an-alert" target="_blank">https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/incident-management/update-an-alert</A>&nbsp;</P> <P>&nbsp;</P> <P>Once you have the API call and the command added to the integration, you can configure a post-processing script to run when the XSOAR incident is closed. This script can be configured to close all related XDR alerts.&nbsp;</P> <P>&nbsp;</P> Wed, 28 Sep 2022 01:18:24 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/create-script-to-close-xdr-alerts-from-xsoar/m-p/516147#M1240 jfernandes1 2022-09-28T01:18:24Z