Adding an Error condition to a failed playbook run question

Hi All,

so I have some playbooks that when triggered, sends my incident/alert json payloads to an external webhook every time a new incident is triggered.

I have defined an error condition task that sends an email to an email addr when this fails (we

Possible to View the XQL Query of Widgets?

Hi All,

So XSIAM has a bunch of built in widgets and I want to amend some of these.. is there a way to determine the Query used within so that i can use this to adapt to my custom query?

thanks in adv

AI Created SOC SOP's Base on Detection/Playbook Title

Hi All,

I’ve developed a script that takes a list of SOC detections and/or playbook titles, analyses associated metadata, and automatically generates full Standard Operating Procedures — ready for upload into Confluence or as a simple text file for

USB Flash Drives

Hi, We are using Cortex XSIAM. Now, the challenge we are facing is that if anyone connects a USB flash drive that has been allowed to use a USB, their computer gets infected with malware.
 
What we want is for the user to connect to the USB, for a real

Severity in correlations

Hello.

Could you help me with the severity field of the correlation?

I need to customize the severity of the alert based on the user who triggers the query.
The query is already made. When I configure the correlation to get this severity, it ignores

XQL to query Indicators

Hi , 
I want to create a Dashboard widget that shows a pie graph for indicators. There is the built in widget "indicatorsByVerdict" but I want to create something a bit different. I couldn't find a way to figure that out.

Automate changes to Incident and Alerts to send to backend system

So looking at a way for when an analyst is working on an incident/case in XSIAM so that, if they add any notes, change the assignment, change severity, run commands in warroom etc - that these changes are sent automatically to a backend webhook via h

Broker-VM disconnet alert notification

Hi All,

anyi dea how i can generate an alert when a broker-vm gets disconnected?

Has anyone managed to create a correlation rule that will alert if a Broker-VM gets disconnected from XSIAM?

the xsiam documentation states that 'To help you monito

Sending alert data via http POST - http body is empty

Hi All,

so i am trying to send alerts via a playbook using either http or httpv2 script to send my alert data to a webhook url where the soc analysts will have a common workbench for all alerts (multi xsiam tenant options)

i can connect to the web

XSIAM Integration Web Server

Hi,
I want to create an Integration that start a simple web server with a single button for example that print "Hello World".
There is the out of the box integration "Generic Export Indicators Service" I want it to be based on that (With Long Running i

Azure Entra SSO for Cortex XSIAM/XDR

Hello LIVEcommunity,

Seeking help on Azure Entra SSO integration for XSIAM/XDR.

I've managed to setup the configuration according to the documentation. The SP-initiated login are working fine, but not the Idp-initiated login. Logged a case with Pal

Linking Issues to Cases with Command

Hello Livecomm, 

I am trying to link an issue to a case using CLI/automation or similar. Right-clicking on an issue allows me to assign it to a case, but I have not found an option to do this programmatically. I have tried using the link incident and