Extracting Incident Files from the Server Side or Through API

I have a functionality question regarding Incident Files, for example, images. I have uploaded images as both "Files" and "Media" on the XSOAR incident through the war room. Can these files be accessed from the DB or Linux side? Take note that this i

Playbook to upload IOCs to Cortex XDR

Hello,

We are working in an integration between XSOAR and XDR.
We want to upload IOCs from a given file to XDR, we have seen that Cortex XDR - IOC integration allows a synchronization of IOCs but what we want is a manual push of new IOCs to XDR, not to

Creating a Playbook to Upload Indicators to Various XDR Tenants

Hello all, 

I am currently building a playbook that can pull indicators from an external MISP system and then publish them to various tenants of Cortex XDR. I have seen that there was a similar post in the past yet the solution suggested in 2022 does

How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR

Hi Team,

I have integrated the Instance Cortex XDR - IOC content pack: Cortex XDR by Palo Alto Networks

kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me.

Instance = Cortex XDR - IO

XSOAR 6.11 Content Bundle Update via API

Hello 

We have build a CICD Pipeline to manage Lists in a external Git-Repository. The reason for that is we want to have the option to let our analyst create message templates and config files in a versioned way. Also we don't want that our analyst h

Fetch Indicator Integration

Hello 

i plan to implement a custom integration which fetches IP Indicators. So far so good i was able to create the indicators with no issue. However i would like to update some fields eg. Hostname and also some custom fields like a Gridfield of V

Preprocessing rule "Link and Close" category Rule configured

Hi Team,

Preprocessing rule "Link and Close" category Rule configured : Link to oldest incident Created within the last 5 Minutes Issues on the preprocessing rule : 1. 2 incidents are created at the same time, both are closed . None of them has open

XSOAR Qradar Offense Ingestion Doubt

Hello all,

We've a situation that we would like to clarify if it's a misconfiguration or if it is an expected behaviour.

#Qradar integration is only fetching ofenses that includes specific rule ids but qradar how it works associates new events and

XSOAR Community Edition on Version 6 or 8?

Hi Good Day,

I have question regarding XSOAR Community Edition, I already request for Community Edition but while waiting for that, i have some question regarding version that community Edition use, is it version 6 or version 8?

GoQR.me QR Code Reader misbehaving

I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration.

It had been working nicely in the playbook for months, but has begun to misbehave.

In the playbook, images are extracted from a phishing email a

Automating SLA in XSOAR with Reminders and Reset on Updates

Hi team!

First of all, thank you very much in advance for your help.

I want to add an SLA to an incident in XSOAR so that if the SLA is breached, the incident is automatically closed. In theory, this is straightforward to implement by setting a t

How to join slack {{#demisto-developers }} channel

Hi,

I registered my account and received an email with following content:

Join the Slack workspace Cortex XSOAR DFIR Community now to start collaborating! by clicking here or the button below.

However, the link seems expired and I got following