Global Protect VPN logs from Panorama to Cortex XSOAR

Hello, was reviewing Globalprotect VPN Logs in Panorama and am currently stumped on how to even create an alert or find the logs in which to send to XSOAR. I reviewed the PAN-OS integration, and I can link it to Panorama, but it will collect logs bas

Close an incident when all the linked incidents are closed

Hi,

I want to be able to close an incident when all the linked incidents (child incidents) are closed. Is there a way to achieve this without having to run a post processing script for each linked incident? Post processing scripts introduce a race

Create a PDF File

Hi everyone

What is the best way to create a PDF within a Playboook? What are you all using?

Data format doesn't matter but some customisation about the pdf format would be nice.

BR

Michael

Creating Docker images

I would like to create a Docker image to make a Python Library, which is not pre-installed, available on XSOAR. Therefore, I executed the following command: 
/docker_image_create name=jpholiday base="demisto/python3-deb:3.8.2.6981" dependencies=jpholi

"<-demisto-hyper->" appears at the beginning and end of a markdown field, which makes it impossible to read the markdown during a jsontotable.

Hello,

"<-demisto-hyper->" appears at the beginning and end of a markdown field, which makes it impossible to read the markdown during a jsontotable.

Please assist.

6.12 on RH 7.9 - Web server won't start

Hello. We tried in many ways but web server wont start. I see the server working and doing outbound connection, but it's not listening on 443.

There is nothing strange in the log as I can see.

I don't know what I can look at to fix that.

Thanks

Non Enterprise Security Splunk users

Hi

Please share some info on how you are running your setup.

We are currently using the TA-Demisto splunk app to push the alerts to the XSOAR but having issues with excessive incidents in XSOAR being created when we use the |table in our searches a

Extracting Incident Files from the Server Side or Through API

I have a functionality question regarding Incident Files, for example, images. I have uploaded images as both "Files" and "Media" on the XSOAR incident through the war room. Can these files be accessed from the DB or Linux side? Take note that this i

Playbook to upload IOCs to Cortex XDR

Hello,

We are working in an integration between XSOAR and XDR.
We want to upload IOCs from a given file to XDR, we have seen that Cortex XDR - IOC integration allows a synchronization of IOCs but what we want is a manual push of new IOCs to XDR, not to

Creating a Playbook to Upload Indicators to Various XDR Tenants

Hello all, 

I am currently building a playbook that can pull indicators from an external MISP system and then publish them to various tenants of Cortex XDR. I have seen that there was a similar post in the past yet the solution suggested in 2022 does

How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR

Hi Team,

I have integrated the Instance Cortex XDR - IOC content pack: Cortex XDR by Palo Alto Networks

kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me.

Instance = Cortex XDR - IO