Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

XSOAR Community Edition is not available?

What I hate about Palo Alto to not give any option for learning and home labs, and all their education programs are waste of money. XSOAR community was great and this is how people build lots of playbooks and integration on XSOAR free for Palo Alto.. I don't understand point to remove it.

Is there a way to obtain Cortex XSOAR community edition

Hello All,I wanted to obtain a copy of Cortex XSOAR community edition for my practice lab as I need to test and deploy playbooks at my work. After going through different discussions here I could not find a working method to obtain a copy of Cortex XSOAR community edition. I would really appreciate if someone could help me with this.Best,FM

fmbd25 by L0 Member
  • 1436 Views
  • 2 replies
  • 1 Likes

Editing custom content via XSOAR UI and local PC

Hello,in our team we have two groups of engineers - one are developers, who mostly edit code locally via VSCode with combination of demisto-sdk. Second group is creating playbooks, managing integrations, mappers and so on via XSOAR UI.We are at the beginning of implementing version control (private GitHub repo) of our custom content. But we have...

Restrict visibility of specific incident types based on user roles

Hello Everyone, We're currently focused on improving our access control model to limit the visibility of certain incident types based on user roles. Currently, this is done manually through the system command: ```/set_incident role = <role name>``` This command is executed at each incident level and isn't available for execution within pla...

Extracting fields from Context/JSON in Playbook

Hello, I want to use the "GetFailedTasks" built-in automation to take some actions on the failed tasks and playbooks. The challenge i'm facing is parsing off fields from the output of the "GetFailedTasks" in playbook, namely "Task ID" and "Task Name" fields. The output is JSON dict, below is sample output of three failed tasks: [{"Command Name...

MMohammad12_2-1741271992310.png
MMohammad12_1-1741271924391.png
MMohammad12_3-1741272140857.png
MMohammad12_4-1741272234443.png

Not able to export custom field in the report

Hello team, I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or ended). Subsequently, I also tried using the automation "ExportIncidentsToCSV" to include the cus...

SGupta by L1 Bithead
  • 2832 Views
  • 2 replies
  • 0 Likes

401 Error When using Proofpoint Protection Server v2

Hello LiveComm, I am trying to establish the Proofpoint Protection Server v2 integration on my XSOAR to use the SmartSearch and other cool features. I am doing this for a supported pphosted (POD) version and have created API credentials for this and I get a 401 Unauthorized for Test and other commands. The instructions to do this are a bit ambig...

Issues with openpyxl: "openpyxl does not support file format" when processing valid Excel files from War Room

Hi everyone, I'm encountering an issue with an automation script in XSOAR that uses openpyxl to insert an image into an Excel file. Even though the Excel file I'm uploading is valid (I’ve tested it by downloading it and opening it in Excel—it opens without any problems), the script throws the following error when executed in XSOAR: Error oc...

AMuharramIshaq_0-1741062081151.png

Generic Polling > verify you have proper integration enabled to support it

Hello, There is a place where I need to use generic polling but I can't solve this error. My script is as follows. where could be the problem here? def check_runid(client: UC4Client, args: Dict[str, Any]): runid: str = args.get('run_id') url = f"{client.base_url}/{runid}" response = requests.get(url, auth=(client.api_user, client.api_pass...

XSOAR Prod Is Not Installing Updates From Dev

I have two xsoar tenant one is dev and other is prod. on prod i have main tenant and tms tenant. i pushed content from dev to repo and from main on prod side get the content from git. i saw push is fine and commit is succesful when push from dev side but when trying to install content on prod it showed nothing. any solution pls Cortex XSOAR ...

Syedhkt by L2 Linker
  • 754 Views
  • 1 replies
  • 0 Likes

Special characters are replaced by Unicode or completely wiped out of text field.

Creating tickets with summary that contains special characters into Archer (Dev & Prod) through XSOAR playbook & API calls is replacing special characters either by Unicode (\u003) or completely being wiped out of text field. A bug was identified by us and later Archer Tech resolved and released a later version which at their end resol...

rkasarla by L0 Member
  • 889 Views
  • 0 replies
  • 0 Likes

Rasterize URL returns an empty png

Hi guys, Currently working on a Brand Abuse response playbook and when trying to take a screenshot for retrieving evidences it returns an empty, white png.My config of the instance is as follows: I tried, both Rasterize modes, Headless CLI and Webdriver, but nothing changes. I'm using system proxy settings bc they are much need as it's the wa...

FOtero_0-1741085590994.png
FOtero_3-1741085774251.png
F.Otero by L1 Bithead
  • 675 Views
  • 1 replies
  • 0 Likes

XSOAR 8 cloud incident retention policy query

Hi Team, The standard XSOAR customer, wants to know how the incident retention policy works on V8 cloud instance. Data retention policy:1. Is the default retention period is 6 months (180 days)? Yes , the default retention period is 6 months (180 days) https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentatio...

  • 1305 Posts
  • 45 Subscriptions