Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Bot XSOAR in Slack > bad performance

 

Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this:

 

 

I'm sorry, I did not understand. I can understand the following commands: - list incidents [page x] - list my...

Resolved! Non-Finish Task

Is there any way to set a task within a playbook so that it does NOT execute if all the "arrows" pointing to it haven't completed their execution yet? For example, in the following image, I would like the "Close Investigation" task to execute only if

...

Multiple XDR integrations in XSOAR

Hi team

 

Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the

...

tmeksik by L2 Linker
  • 400 Views
  • 1 replies
  • 0 Likes

Resolved! ML Content Pack Issue - Phishing Email

I'm currently developing a phishing email playbook that includes the ML module DBotPredictOutOfTheBoxV2, which is causing issues. Upon investigation, I found that the Machine Learning content pack is installed, but the Demisto image demisto/ml is not

...

Syedhkt_0-1727335022455.png
Syedhkt by L2 Linker
  • 859 Views
  • 2 replies
  • 0 Likes

xsoar license

I currently have 5 SOAR licenses contracted. However, I have a question: Does the Admin user consume a license? It should be noted that this user has been assigned the administrator role.

jcajam by L0 Member
  • 604 Views
  • 1 replies
  • 0 Likes

Cortex XSOAR Hosts File

Hello,

 

Since we use XSOAR 8.6.0 OVA and the SSH user (Viewer) does not have authority to use sudo to alter the hosts file on the OVA, I need to add local domains to the Cortex XSOAR hosts file. Is there another SSH user with the highest privileges

...

mnassar by L0 Member
  • 472 Views
  • 1 replies
  • 0 Likes

XSOAR MISP - sync

Hi,
Does anyone have a #Cortex XSOAR sync with a MISP server (bidirectional sync)?

I have two objectives:

  1. I have several indicators on my XSOAR, and my goal is to upload these indicators to MISP (including adding the "XSOAR" tag).
  2. XSOAR should query MI
...

tlmarques by L4 Transporter
  • 1156 Views
  • 1 replies
  • 0 Likes

XSOAR Engine Integration issue

Hi, 

 

I installed engine using Shell following instructions on https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/8/Cortex-XSOAR-Administrator-Guide/Install-an-Engine. Then when trying to configure Syslog v2 integration I got multiple errors. F

...

anmark by L0 Member
  • 512 Views
  • 1 replies
  • 0 Likes

XSOAR incident in Qradar

Hi Team,

 

We are encountering a connection timeout issue when attempting to create incidents in Cortex XSOAR using a custom QRadar integration. Based on our observations, we suspect this issue is due to low IOPS on XSOAR, as low as 100, despite the

...

  • 1210 Posts
  • 42 Subscriptions
Top Solution Authors