Fetching CrowdStrike Next-Gen SIEM Alerts into SOAR

Hi everyone,

How can I fetch Next-Gen SIEM alerts from CrowdStrike into XSOAR? I have already set up my Falcon integration, and I can fetch categories like endpoint detection.

As seen in the image, there is a query section available to fetch differen

Extracting fields from Context/JSON in Playbook

Hello,

I want to use the "GetFailedTasks" built-in automation to take some actions on the failed tasks and playbooks. The challenge i'm facing is parsing off fields from the output of the "GetFailedTasks" in playbook, namely "Task ID" and "Task Name"

XSOAR Prod Is Not Installing Updates From Dev

I have two xsoar tenant one is dev and other is prod. on prod i have main tenant and tms tenant. i pushed content from dev to repo and from main on prod side get the content from git. i saw push is fine and commit is succesful when push from dev side

XSOAR 8 cloud incident retention policy query

Hi Team,

The standard XSOAR customer, wants to know how the incident retention policy works on V8 cloud instance.

Data retention policy:
1. Is the default retention period is 6 months (180 days)? 

Yes , the default retention period is 6 months (18

Rasterize URL returns an empty png

Hi guys,

Currently working on a Brand Abuse response playbook and when trying to take a screenshot for retrieving evidences it returns an empty, white png.

My config of the instance is as follows:

I tried, both Rasterize modes, Headless CLI and Web

Issues with openpyxl: "openpyxl does not support file format" when processing valid Excel files from War Room

Hi everyone,

I'm encountering an issue with an automation script in XSOAR that uses openpyxl to insert an image into an Excel file. Even though the Excel file I'm uploading is valid (I’ve tested it by downloading it and opening it in Excel—it opens

Playbook Showing Keep Running & Running

Dear All,

I am facing really annoying issue. I have setup integration(mapper,type) and playbook hit very well on incident but the problem is the playbook showing running and running for all incidents and not run. I try to pause and resume but it also

Is there a way to check all scheduled entries in XSOAR?

Is there a way to check all scheduled entries regardless of the incident you're in? I've been using ShowScheduledEntries in the playground to test an automation (let's call it X), but after a week, when using the ShowScheduledEntries command it retur

No communication method found for form

Hey

I'm getting this error when I try to use Data collection (Task Only)

No communication method found for form "". Task can be completed manually

Has anyone encountered this and can help? 

How to "empty" a field value in XSOAR, or remove the value?

Tried to remove a value of a field to "empty" 

For example "setIncident fieldname=None and !setIncident fieldname="" 

But that doesn't work, does anyone how how to remove the value? 

Missing button scripts from content packs

Is anyone else missing scripts when adding a button to layout? Not seeing any scripts from the installed content packs. They still work via CLI. 

Cortex XSOAR 

CSV Feed Same Indicators

Hi,

I am using CSV Feed integration and a delta triggered Job, that is triggering whenever there is a new item (IP indicator) in CSV feed. The playbook under job is adding only new and modified indicators which have "tag":"pending_ip".

Now, I underst

Engine in cloud - design concept

I have a cloud instance of XSOAR, with set of technologies in cloud and on prem as well, my initial thought is to have an engine for each group, that means two engines, and separate the technologies accordingly, any thought on that and what is challe

Running Playbooks on the Engine

Can I configure XSOAR Engine used to run playbooks, instead of the XSOAR instance itself, and if yes what is the configuration steps, sizing, ..etc

Cortex XSOAR