Cortex XSOAR Discussions

There is now a command: !setIncident tags="<tags to be added>", which by default adds the tags you specify. One can also add the option appendTags=Fal

There is now a command: !setIncident tags="<tags to be added>", which by default adds the tags you specify. One can also add the option appendTags=False so that the tags are overwritten.So, to remove a tag, we have to check the existing tags, remove them from the list, and then add them with appendTags=False.This is not an atomic operation...

Redirect URL for Cortex XSOAR integration with DocuSign

When configuring the DocuSign new App and Keys for the integration with Cortex, what Redirect URL should be used? The documentation states the below. Set Redirect URI# Navigate to Additional Settings. Set the Redirect URI to https://localhost. I do get the Allow Access But after clicking I get the error Site con not be reach localhost refu...

Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Hi everyone, How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection. As seen in the image, there is a query section available to fetch different detections. Additionally, in the fetch types section, there are detection options such as endpo...

Install Link

Hi! I have a license for XSOAR in my CSP account, but I am unable to download the package to reinstall it. (I had to rebuild my environment). Is there somewhere that I can get this link? Thanks! Cortex XSOAR

XSOAR community or Trial Version

Hi All, From posts/discussions year or so ago it looks like there was a XSOAR community edition or trial edition available for people who want to evaluate or learn the platform. However, I cannot find any where to download the version or any other way to build PoC environment. Is there anything out there that I can use for PoC purposes? Thanks

playbook completely stuck on a simple condition

Hi, Playbook stucks immediately after a simple 1=1 check condition. The issue is not a condition itself, which actually is matched fine, however the YES branch is never executed. The issue happens only if an inactive ELSE branch is quite heavy with further tasks, but why would it care, if the ELSE is never matched/executed? Happens only on 6.1...

HealthCheckServerConfiguration fails with TypeError on XSOAR Cloud v8.13.0

Hi Community, We are migrating from XSOAR OnPrem v6 to XSOAR Cloud (SaaS) and hit an issue with the System Diagnostics and Health Check content pack (v3.1.2, build 7827247) on Cloud v8.13.0. The problem: After creating a manual incident of type System Diagnostics and Health Check, the HealthCheck playbook starts but crashes at Task #30 — !Health...

Ideal for Integrate Line Message API from XSOAR

Hi Expert , I would like to know about I want to Integrate with Naver Line on before we use Line Notify but now is already terminated I'm not sure on Line Message API what way can integrate please advise me . Thanks

How to use a list as input argument in List options in automation?

Hi Everyone,I am creating a automation which shows a dynamic drop down list as input to user using List options of arguments but I am not able to find any way to do this. Anything I give in highlighted text box is static to user but I want to list dynamic options using list.

Cortex XSOAR - Forwarding Audit Log Execution Playbook to SIEM

Hello Palo Alto Team, Can you help me to send another information likely API about sending log from every execution playbook to SIEM if it's possible. Because I have case to monitoring execution playbook in SIEM if there is another error or problem we can execute again. BTW I have finished before to sending log from audit log XSOAR to SIEM, ...

Playbook for Disabling Azure User

I want to create a playbook that uses the Microsoft Graph integration to disable and revoke a users sessions. I have a problem with the alerts not containing the UPN but instead creates its own naming convention that follows the format domain\user. Looking at some of the built in playbooks that work with graph queries, the input field for UPN i...

XSOAR /var/tmp folder

Hi all. I'm reaching out to you as I require an assistance (maybe someone encountered this already) with the /var/tmp folder. Since two weeks ago it started to fill up with files called "container_images_docker-tar[NUMBERS]" without being automaticlly deleted (as expected from a tmp folder). I've tried contacting support and they told me to cr...

Need help on this XSOAR Weird behavior on preprocessing scripts

Hi All! I developed a preprocessing script and it's working fine in our dev xsoar environment but not working in prod for some reason. By looking at the log in detail, i found some nuances that i can't explain.Both prod and dev run the same code and i am sure the data is there in prod as wellHere is the comparison. this is the log from prod: ...

XSOAR | Automation Command | setMultiple(Builtin)

While using the Automation Command setMultiple in a playbook task, which expects Keys and Values with the Parent Context Key passed as arguments (Keys and Values as comma‑separated values): Example CLI command:!SetMultipleValues parent=test_parent keys=key1,key2,key3 values=val1,val2,val3 How can we apply Filters and Transformers on each of ...

How to use and/or change demisto user name for a XSOAR (SaaS) engine?

How to use and/or change the demisto user name (e.g. service_demisto, svc_demisto, etc.) for a XSOAR (SaaS) engine server that meets an enterprise organization's user naming requirement? If so, please provide url of online doc with "how to" instructions. If not, please provide url of online doc that explains the reason(s) that the demisto user n...

Discussions