This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

XSOAR community or Trial Version

Hi All, From posts/discussions year or so ago it looks like there was a XSOAR community edition or trial edition available for people who want to evaluate or learn the platform. However, I cannot find any where to download the version or any other way to build PoC environment. Is there anything out there that I can use for PoC purposes? Thanks

hamza_b by L0 Member
  • 118 Views
  • 0 replies
  • 0 Likes

playbook completely stuck on a simple condition

Hi, Playbook stucks immediately after a simple 1=1 check condition. The issue is not a condition itself, which actually is matched fine, however the YES branch is never executed. The issue happens only if an inactive ELSE branch is quite heavy with further tasks, but why would it care, if the ELSE is never matched/executed? Happens only on 6.1...

xsoar1.png
Antanas by L2 Linker
  • 138 Views
  • 0 replies
  • 0 Likes

HealthCheckServerConfiguration fails with TypeError on XSOAR Cloud v8.13.0

Hi Community, We are migrating from XSOAR OnPrem v6 to XSOAR Cloud (SaaS) and hit an issue with the System Diagnostics and Health Check content pack (v3.1.2, build 7827247) on Cloud v8.13.0. The problem: After creating a manual incident of type System Diagnostics and Health Check, the HealthCheck playbook starts but crashes at Task #30 — !Health...

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Hi everyone, How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection. As seen in the image, there is a query section available to fetch different detections. Additionally, in the fetch types section, there are detection options such as endpo...

O.Isik by L0 Member
  • 5334 Views
  • 7 replies
  • 2 Likes

Cortex XSOAR - Forwarding Audit Log Execution Playbook to SIEM

Hello Palo Alto Team, Can you help me to send another information likely API about sending log from every execution playbook to SIEM if it's possible. Because I have case to monitoring execution playbook in SIEM if there is another error or problem we can execute again. BTW I have finished before to sending log from audit log XSOAR to SIEM, ...

A.Faruq by L1 Bithead
  • 151 Views
  • 0 replies
  • 0 Likes

Playbook for Disabling Azure User

I want to create a playbook that uses the Microsoft Graph integration to disable and revoke a users sessions. I have a problem with the alerts not containing the UPN but instead creates its own naming convention that follows the format domain\user. Looking at some of the built in playbooks that work with graph queries, the input field for UPN i...

clairamore_0-1775144659139.png

XSOAR /var/tmp folder

Hi all. I'm reaching out to you as I require an assistance (maybe someone encountered this already) with the /var/tmp folder. Since two weeks ago it started to fill up with files called "container_images_docker-tar[NUMBERS]" without being automaticlly deleted (as expected from a tmp folder). I've tried contacting support and they told me to cr...

Need help on this XSOAR Weird behavior on preprocessing scripts

Hi All! I developed a preprocessing script and it's working fine in our dev xsoar environment but not working in prod for some reason. By looking at the log in detail, i found some nuances that i can't explain.Both prod and dev run the same code and i am sure the data is there in prod as wellHere is the comparison. this is the log from prod: ...

XSOAR | Automation Command | setMultiple(Builtin)

While using the Automation Command setMultiple in a playbook task, which expects Keys and Values with the Parent Context Key passed as arguments (Keys and Values as comma‑separated values): Example CLI command:!SetMultipleValues parent=test_parent keys=key1,key2,key3 values=val1,val2,val3 How can we apply Filters and Transformers on each of ...

How to use and/or change demisto user name for a XSOAR (SaaS) engine?

How to use and/or change the demisto user name (e.g. service_demisto, svc_demisto, etc.) for a XSOAR (SaaS) engine server that meets an enterprise organization's user naming requirement? If so, please provide url of online doc with "how to" instructions. If not, please provide url of online doc that explains the reason(s) that the demisto user n...

Sum number field

Can someone explain why this isn’t working? I created a number field called “niv”, added it to a dashboard with a SUM aggregation, but it shows 0 instead of the expected total (55).

NivNet by L1 Bithead
  • 546 Views
  • 0 replies
  • 0 Likes

Playbook stuck after upgrade

Hi! I have a playbook that gets stuck in a very weird way. I seek for community help as after my last session with product support, i do not seem to go anywhere as there were no obvious platform errors, they blame the playbook. 😞 Since the upgrade to the latest 6.14 build, one popular custom playbook is stuck on specific conditional task. It ...

support.png
Antanas by L2 Linker
  • 370 Views
  • 0 replies
  • 0 Likes

While True Condigtional

Hello Everyone,I want to ask about the while loop condition in XSOAR, is it possible to do that? for example i want to check condition the agent status to see whether it is connected or not, if it is not connected set 10minutes delay and then check the condition again Thank you!

G.Anshar by L1 Bithead
  • 3989 Views
  • 3 replies
  • 0 Likes
  • 1299 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks