Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Automating SLA in XSOAR with Reminders and Reset on Updates

Hi team! First of all, thank you very much in advance for your help. I want to add an SLA to an incident in XSOAR so that if the SLA is breached, the incident is automatically closed. In theory, this is straightforward to implement by setting a timer, a task with a tag, and an automation to close the incident, as specified in the videos and ...

F.Otero by L1 Bithead
  • 3768 Views
  • 2 replies
  • 1 Likes

Resolved! XSOAR 8 + Export Data to On-premise for Retention Compliance

Hello all, I have an XSOAR 8.+ tenant and need to store my incidents from up to two years ago. I understand that by default XSOAR retention policy retains incidents based on license etc. Is there a way to export the data that is half a year old to a cold storage on-premise archive and what are the expected egress costs of such an action? Many ...

Customize System Emails

I see there is documentation on customizing system emails: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Customize-System-Emails I'm seeing placeholders such as {{ .username}} and {{ .invName}}. Where is the documentation on available placeholders that can be used?

Automating the regression testing of the Playbook

Hi. I am considering automating the regression testing of the Playbook. For instance, it would be ideal if we could confirm whether the existing paths can still transition smoothly when a user adds one more branch to the ConditionalTask in the Playbook. If anyone has a good idea, I would appreciate it if you could share it. Also, I would like...

MEiunyo1 by L1 Bithead
  • 1048 Views
  • 1 replies
  • 0 Likes

Query on the usage of 2 XSOAR's integrations

Hi Team, The customer wants to implement 2 integrations, so they are requesting the TAC support on the usage of 2 integrations. Note: No CS team available. Below are those 2 integrations.1. NCIIPC Threat Intel Feeds via normal API key.2. HPSM (Micro Focus) ticketing tools, while entering the prerequisites information it server URL part it ...

Pre Processing script for dropping multiple similar incidents

Hi Team, I need to find a way to drop similar events (by eventnames field) from QRadar when they are mirrored in in XSOAR by using a pre process rule I have checked for a native approach in Cortex Xsoar to do it but it seems that Pre-processing rules in XSOAR cannot natively count similar incidents based on a dynamic field like "eventname...

Automated Daily Report for XDR and XSOAR?

Hi all and happy Taco Tuesday!I'm part of a very small team of 3 that supports a retail company's domestic and international security & compliance operations, and I'm looking to automate some daily reporting that would ultimately be viewed in Confluence/Jira. Every morning our analyst goes over cyber security news feeds, XDR, and XSOAR to cr...

Propagation Label

Hi all,I imported a custom pack to XSOAR main account, but I don't want some tenants to use it so I want to use XSOAR propagation labels, but even if I set propagation labels, when I sync it distributes to tenants.Do you have any suggestion?

Integration not able to invoke fetch-incidents command at given interval

I am trying to create a custom integration and have read that xsoar will invoke fetch-incident command at the given incidentfetchinterval timeframe on its own. But when i run the integration to fetch incidents i dont see it adhering to the given interval it either invokes function randomly or every min. any leads are appreciated. Cortex XSOAR

Microsoft Teams Ask - Getting Unable to Reach App on Teams Side.

Hello LC, I have recently developed some advanced workflows with team integration. I use the MicrosoftTeamsAsk to send a message to a user, and when the user clicks on one of the buttons within Teams, they receive an error message, "Unable to reach app. Please try again." After a few clicks on the button, the response is received successfully. I...

image (3).png

sending subset of devices to Cisco ISE

Hi there, looking to see if we can send limited number (subset) of devices from Palo IOT XSOAR integration to Cisco ISE instead of the full set. ref > https://docs.paloaltonetworks.com/iot/integration/network-access-control/integrate-iot-security-with-cisco-ise/set-up-iot-security-and-xsoar-for-cisco-ise-integration

xsoar-jobs-export-ise

XSOAR File Management issue

Anyone using XSOAR File Management.? I am getting below error when trying to run any command Failed to execute test-module command. Error: Failed to parse json object from response: b'<!doctype html>\n<html lang="en">\n<head>\n <meta charset="utf-8">\n <title>Cortex Sign-In</title>\n <base href="./"&gt...

XSOAR Community Edition is not available?

What I hate about Palo Alto to not give any option for learning and home labs, and all their education programs are waste of money. XSOAR community was great and this is how people build lots of playbooks and integration on XSOAR free for Palo Alto.. I don't understand point to remove it.

  • 1304 Posts
  • 45 Subscriptions