This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Pre Processing script for dropping multiple similar incidents

Hi Team, I need to find a way to drop similar events (by eventnames field) from QRadar when they are mirrored in in XSOAR by using a pre process rule I have checked for a native approach in Cortex Xsoar to do it but it seems that Pre-processing rules in XSOAR cannot natively count similar incidents based on a dynamic field like "eventname...

Automated Daily Report for XDR and XSOAR?

Hi all and happy Taco Tuesday!I'm part of a very small team of 3 that supports a retail company's domestic and international security & compliance operations, and I'm looking to automate some daily reporting that would ultimately be viewed in Confluence/Jira. Every morning our analyst goes over cyber security news feeds, XDR, and XSOAR to cr...

Propagation Label

Hi all,I imported a custom pack to XSOAR main account, but I don't want some tenants to use it so I want to use XSOAR propagation labels, but even if I set propagation labels, when I sync it distributes to tenants.Do you have any suggestion?

Integration not able to invoke fetch-incidents command at given interval

I am trying to create a custom integration and have read that xsoar will invoke fetch-incident command at the given incidentfetchinterval timeframe on its own. But when i run the integration to fetch incidents i dont see it adhering to the given interval it either invokes function randomly or every min. any leads are appreciated. Cortex XSOAR

Microsoft Teams Ask - Getting Unable to Reach App on Teams Side.

Hello LC, I have recently developed some advanced workflows with team integration. I use the MicrosoftTeamsAsk to send a message to a user, and when the user clicks on one of the buttons within Teams, they receive an error message, "Unable to reach app. Please try again." After a few clicks on the button, the response is received successfully. I...

image (3).png

sending subset of devices to Cisco ISE

Hi there, looking to see if we can send limited number (subset) of devices from Palo IOT XSOAR integration to Cisco ISE instead of the full set. ref > https://docs.paloaltonetworks.com/iot/integration/network-access-control/integrate-iot-security-with-cisco-ise/set-up-iot-security-and-xsoar-for-cisco-ise-integration

xsoar-jobs-export-ise

XSOAR File Management issue

Anyone using XSOAR File Management.? I am getting below error when trying to run any command Failed to execute test-module command. Error: Failed to parse json object from response: b'<!doctype html>\n<html lang="en">\n<head>\n <meta charset="utf-8">\n <title>Cortex Sign-In</title>\n <base href="./"&gt...

XSOAR Community Edition is not available?

What I hate about Palo Alto to not give any option for learning and home labs, and all their education programs are waste of money. XSOAR community was great and this is how people build lots of playbooks and integration on XSOAR free for Palo Alto.. I don't understand point to remove it.

Is there a way to obtain Cortex XSOAR community edition

Hello All,I wanted to obtain a copy of Cortex XSOAR community edition for my practice lab as I need to test and deploy playbooks at my work. After going through different discussions here I could not find a working method to obtain a copy of Cortex XSOAR community edition. I would really appreciate if someone could help me with this.Best,FM

fmbd25 by L0 Member
  • 1275 Views
  • 2 replies
  • 1 Likes

Editing custom content via XSOAR UI and local PC

Hello,in our team we have two groups of engineers - one are developers, who mostly edit code locally via VSCode with combination of demisto-sdk. Second group is creating playbooks, managing integrations, mappers and so on via XSOAR UI.We are at the beginning of implementing version control (private GitHub repo) of our custom content. But we have...

Restrict visibility of specific incident types based on user roles

Hello Everyone, We're currently focused on improving our access control model to limit the visibility of certain incident types based on user roles. Currently, this is done manually through the system command: ```/set_incident role = <role name>``` This command is executed at each incident level and isn't available for execution within pla...

Extracting fields from Context/JSON in Playbook

Hello, I want to use the "GetFailedTasks" built-in automation to take some actions on the failed tasks and playbooks. The challenge i'm facing is parsing off fields from the output of the "GetFailedTasks" in playbook, namely "Task ID" and "Task Name" fields. The output is JSON dict, below is sample output of three failed tasks: [{"Command Name...

MMohammad12_2-1741271992310.png
MMohammad12_1-1741271924391.png
MMohammad12_3-1741272140857.png
MMohammad12_4-1741272234443.png

Not able to export custom field in the report

Hello team, I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or ended). Subsequently, I also tried using the automation "ExportIncidentsToCSV" to include the cus...

SGupta by L1 Bithead
  • 2631 Views
  • 2 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks