Automating SLA in XSOAR with Reminders and Reset on Updates

Hi team!

First of all, thank you very much in advance for your help.

I want to add an SLA to an incident in XSOAR so that if the SLA is breached, the incident is automatically closed. In theory, this is straightforward to implement by setting a t

XSOAR 8 + Export Data to On-premise for Retention Compliance

Hello all, 

I have an XSOAR 8.+ tenant and need to store my incidents from up to two years ago. I understand that by default XSOAR retention policy retains incidents based on license etc. Is there a way to export the data that is half a year old to a

Customize System Emails

I see there is documentation on customizing system emails: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Customize-System-Emails

I'm seeing placeholders such as {{ .username}} and  {{ .invName}}. Where i

Automating the regression testing of the Playbook

Hi.

I am considering automating the regression testing of the Playbook.

For instance, it would be ideal if we could confirm whether the existing paths can still transition smoothly when a user adds one more branch to the ConditionalTask in the Playb

Azure Active Directory users - Incorrect padding

I am trying to connect an Azure AD (EntraID) to Cortex XSOAR  so that I can use the user-disable playbooks. However, each time I try to authenticate i get the below error

Error in Microsoft authorization: Incorrect padding Please check authentication

Query on the usage of 2 XSOAR's integrations

Hi Team,

The customer wants to implement 2 integrations, so they are requesting the TAC support on the usage of 2 integrations.

Note: No CS team available.

Below are those 2 integrations.

1. NCIIPC Threat Intel Feeds via normal API key.
2. HPSM (

Pre Processing script for dropping multiple similar incidents

Hi Team,

I need to find a way to drop similar events (by eventnames field)  from QRadar when they are mirrored in in XSOAR  by using a pre process rule

I have checked for a native approach in Cortex Xsoar to do it but it seems that
Pre-processin

Automated Daily Report for XDR and XSOAR?

Hi all and happy Taco Tuesday!

I'm part of a very small team of 3 that supports a retail company's domestic and international security & compliance operations, and I'm looking to automate some daily reporting that would ultimately be viewed in Conflue

XSOAR 8 SearchIncidentsv2 script

When I use the XSOAR 8 SearchIncidentsv2 script with reason argument it return no results for example reason:False Positive returns nothing. Why is that? Is there some specific formatting to use?

Obtaining Whois Information for a List of IPs

I'm trying to perform whois queries on an array that contains the list of IPs.

My understanding is that I can pass the array to the Inputs of the "ip (whois)" script.

However, since there are over 1000 IPs, submitting them all at once results in an e

Propagation Label

Hi all,
I imported a custom pack to XSOAR main account, but I don't want some tenants to use it so I want to use XSOAR propagation labels, but even if I set propagation labels, when I sync it distributes to tenants.
Do you have any suggestion?

Empty report

when generating report from cortex xsoar in PDF its empty report nothing is on it.

Integration not able to invoke fetch-incidents command at given interval

I am trying to create a custom integration and have read that xsoar will invoke fetch-incident command at the given incidentfetchinterval timeframe on its own. But when i run the integration to fetch incidents i dont see it adhering to the given inte

DR to DC failover completed; DR acts as back up server as expected but in DR "Make this the production server option is not grey out"

Hi Team,

The customer has did the DR to DC failover but DR backup server has " Make this the production server" tab enabled blue.

The client pointing that the option show be disabled. If it is enabled, any person can make backup server as production

Microsoft Teams Ask - Getting Unable to Reach App on Teams Side.

Hello LC,

I have recently developed some advanced workflows with team integration. I use the MicrosoftTeamsAsk to send a message to a user, and when the user clicks on one of the buttons within Teams, they receive an error message, "Unable to reach a