https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/614119#M3723 <P>Hi All,</P> <P>&nbsp;</P> <P>My XSOAR instance is a cloud hosted environment running on the latest version 8 build.</P> <P>&nbsp;</P> <P>I have a playbook that sends a notification email to a user in response to a change in their account settings to confirm if recognized. The user is requested to respond via the webform link that the data collection task generates in the email that gets sent. The webform expires after an hour if the user fails to respond.</P> <P>&nbsp;</P> <P>If a user does not respond within the hour, the playbook flow stops there and updates the XSOAR case with a custom message I defined. This has always been the case for the past few months since this playbook was created.&nbsp;</P> <P>&nbsp;</P> <P>However, since the beginning of this week (21-Oct-2024), XSOAR keeps creating cases on the same detection until a user responds to the email. This has resulted in hundreds of notification emails being sent to each user.</P> <P>&nbsp;</P> <P>I have created a TAC case for investigation and have had to stop the auto-run of the playbook to stop the email spam until this gets resolved.&nbsp;</P> <P>&nbsp;</P> <P>Has anyone else in the community come across the same issue in their environment recently ?</P> Thu, 24 Oct 2024 01:09:16 GMT PWJ2020 2024-10-24T01:09:16Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/614119#M3723 <P>Hi All,</P> <P>&nbsp;</P> <P>My XSOAR instance is a cloud hosted environment running on the latest version 8 build.</P> <P>&nbsp;</P> <P>I have a playbook that sends a notification email to a user in response to a change in their account settings to confirm if recognized. The user is requested to respond via the webform link that the data collection task generates in the email that gets sent. The webform expires after an hour if the user fails to respond.</P> <P>&nbsp;</P> <P>If a user does not respond within the hour, the playbook flow stops there and updates the XSOAR case with a custom message I defined. This has always been the case for the past few months since this playbook was created.&nbsp;</P> <P>&nbsp;</P> <P>However, since the beginning of this week (21-Oct-2024), XSOAR keeps creating cases on the same detection until a user responds to the email. This has resulted in hundreds of notification emails being sent to each user.</P> <P>&nbsp;</P> <P>I have created a TAC case for investigation and have had to stop the auto-run of the playbook to stop the email spam until this gets resolved.&nbsp;</P> <P>&nbsp;</P> <P>Has anyone else in the community come across the same issue in their environment recently ?</P> Thu, 24 Oct 2024 01:09:16 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/614119#M3723 PWJ2020 2024-10-24T01:09:16Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/615884#M3748 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/245785">@PWJ2020</a>,&nbsp;Can you please share the TAC case number that you created so that I can track it internally?&nbsp;</P> <P>Also, would it be possible for you to share a screenshot of the section in your playbook that implements this functionality?&nbsp;</P> <P>&nbsp;</P> <P>Thank you.</P> Thu, 31 Oct 2024 17:52:53 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/615884#M3748 AbelSantamarina 2024-10-31T17:52:53Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/616390#M3762 <P>Hi Abel,</P> <P>&nbsp;</P> <P>Deepti is updating you on Slack right now as of this message <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 08 Nov 2024 04:12:03 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/xsoar-keeps-firing-the-same-incident/m-p/616390#M3762 PWJ2020 2024-11-08T04:12:03Z