This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

401 Error When using Proofpoint Protection Server v2

Hello LiveComm, I am trying to establish the Proofpoint Protection Server v2 integration on my XSOAR to use the SmartSearch and other cool features. I am doing this for a supported pphosted (POD) version and have created API credentials for this and I get a 401 Unauthorized for Test and other commands. The instructions to do this are a bit ambig...

Issues with openpyxl: "openpyxl does not support file format" when processing valid Excel files from War Room

Hi everyone, I'm encountering an issue with an automation script in XSOAR that uses openpyxl to insert an image into an Excel file. Even though the Excel file I'm uploading is valid (I’ve tested it by downloading it and opening it in Excel—it opens without any problems), the script throws the following error when executed in XSOAR: Error oc...

AMuharramIshaq_0-1741062081151.png

Generic Polling > verify you have proper integration enabled to support it

Hello, There is a place where I need to use generic polling but I can't solve this error. My script is as follows. where could be the problem here? def check_runid(client: UC4Client, args: Dict[str, Any]): runid: str = args.get('run_id') url = f"{client.base_url}/{runid}" response = requests.get(url, auth=(client.api_user, client.api_pass...

XSOAR Prod Is Not Installing Updates From Dev

I have two xsoar tenant one is dev and other is prod. on prod i have main tenant and tms tenant. i pushed content from dev to repo and from main on prod side get the content from git. i saw push is fine and commit is succesful when push from dev side but when trying to install content on prod it showed nothing. any solution pls Cortex XSOAR ...

Syedhkt by L2 Linker
  • 695 Views
  • 1 replies
  • 0 Likes

Special characters are replaced by Unicode or completely wiped out of text field.

Creating tickets with summary that contains special characters into Archer (Dev & Prod) through XSOAR playbook & API calls is replacing special characters either by Unicode (\u003) or completely being wiped out of text field. A bug was identified by us and later Archer Tech resolved and released a later version which at their end resol...

rkasarla by L0 Member
  • 831 Views
  • 0 replies
  • 0 Likes

Rasterize URL returns an empty png

Hi guys, Currently working on a Brand Abuse response playbook and when trying to take a screenshot for retrieving evidences it returns an empty, white png.My config of the instance is as follows: I tried, both Rasterize modes, Headless CLI and Webdriver, but nothing changes. I'm using system proxy settings bc they are much need as it's the wa...

FOtero_0-1741085590994.png
FOtero_3-1741085774251.png
F.Otero by L1 Bithead
  • 616 Views
  • 1 replies
  • 0 Likes

XSOAR 8 cloud incident retention policy query

Hi Team, The standard XSOAR customer, wants to know how the incident retention policy works on V8 cloud instance. Data retention policy:1. Is the default retention period is 6 months (180 days)? Yes , the default retention period is 6 months (180 days) https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentatio...

Playbook Showing Keep Running & Running

Dear All, I am facing really annoying issue. I have setup integration(mapper,type) and playbook hit very well on incident but the problem is the playbook showing running and running for all incidents and not run. I try to pause and resume but it also not work. Can you suggest me any solution

Syedhkt by L2 Linker
  • 995 Views
  • 1 replies
  • 0 Likes

Is there a way to check all scheduled entries in XSOAR?

Is there a way to check all scheduled entries regardless of the incident you're in? I've been using ShowScheduledEntries in the playground to test an automation (let's call it X), but after a week, when using the ShowScheduledEntries command it returns me nothing, which is odd since the X automation should be scheduled. What surprises me is that...

CSV Feed Same Indicators

Hi, I am using CSV Feed integration and a delta triggered Job, that is triggering whenever there is a new item (IP indicator) in CSV feed. The playbook under job is adding only new and modified indicators which have "tag":"pending_ip". Now, I understand as per license I can get 100 indicators per fetch . The problem is the fetch is always fetchi...

MMagdic by L2 Linker
  • 558 Views
  • 0 replies
  • 0 Likes

Engine in cloud - design concept

I have a cloud instance of XSOAR, with set of technologies in cloud and on prem as well, my initial thought is to have an engine for each group, that means two engines, and separate the technologies accordingly, any thought on that and what is challenges, pros and cons? Cortex XSOAR

ahmad by L0 Member
  • 703 Views
  • 1 replies
  • 0 Likes

Resolved! Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

We've recently use the Extrahop integration to create tickets in XSOAR for our analysts to keep track of Extrahop tickets without having to go into Extrahop's console. However, we're trying to stop it from fetching "Hidden" or tuned detections I'm tuning out in Extrahop. I only fetch for 60+ Risk Scores and for "Open" or .none per the filtering,...

C.Perez by L1 Bithead
  • 2205 Views
  • 2 replies
  • 0 Likes

How to Delete War Room Entries or Clear War Room

Hello LiveComm, is there a way to remove an entry from an XSOAR incident ? This is needed for general entries and not just files as files can be deleted with Core API. An example of this can be a comment by an analyst or any textual entry. Perhaps the war room can be fully cleared ? I see that every entry has a URL but this does not work with th...

Service Limit Information for On-Premises Deployment Cortex XSOAR

Hi everyone, I have been searching for documentation related to the system’s performance limits, but most of the available information seems to focus on cloud deployments. I am specifically looking for service limit details for an on-premises deployment, including how they correlate with the system’s CPU and RAM resources. I have reviewed the in...

Duxgbk by L1 Bithead
  • 697 Views
  • 0 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks