Cortex XSOAR Discussions

Resolved! How to Copy Incident Files from Linked Incidents

Hello Live Community,

I am working on a use-case that requires me to copy incident files of any kind from within linked incidents and copy them to the main incident to be saved as evidence. I have tried the getentries command but an entryID does not

...

How to Automatically Send an Email When an Incident is Created in XSOAR?

Hello,

I want to automatically send an email whenever an incident is created in XSOAR. I’ve created a playbook and written a simple script that sends an email for a specific incident when executed within the playbook.

However, I’d like to automate th

...

Remove apps with Playbook XSOAR XDR

I would like to know about your experience. How do you handle uninstalling software on specific devices that are not allowed and need to be removed via Cortex XDR with Cortex XSOAR Playbooks without the user see the uninstall.

Web File Repository Integration error "Failed to execute wfr-status command"

Hi,

Anyone encountered the following error when executing "wfr-status"?

Command:

!wfr-status(Web File Repository)

Reason

Failed to execute wfr-status command. Error: Verify that the server URL parameter is correct and that you have ac

...

Resolved! About XSOAR Free Edition Licenses

Dear All,

I installed the free version of XSOAR.
However, when I installed XSOAR after the 30-day free license period, the license was not applied properly when I applied the license file.

Can I get the free license again by applying again from th

...

Resolved! Field Change Script To System Fields

Hey Community
Did anyone ever attach a field change trigger script to a system field?

I guess it can't be done directly but is there a work around?

Also, is there a way to run a script as soon as incident is created

Cortex XSOAR

Resolved! Can XSOAR disk space vary automatically?

Hi everyone! I hope you're doing well. I wanted to ask something: Is it possible for the disk usage on my XSOAR to sometimes be at 60% and other times drop below that number? I mean, without me taking any action, can the disk space percentage decreas

...

CSOAR Pre processing rule with scheduled jobs

How can we set the preprocess rule to drop any incidents created by schedule jobs?

For example: any incident category=job and some incident field like description contains "False". The playbook in schedule Job, will run some tasks and condition and

...

Securonix

Can someone help me? I have created an instance in the Securonix integration but I want to fetch incidents but I do not get the alerts from my SIEM SECURONIX. It should be noted that the user and everything is correct. But I would like to know if any

...

How to use dashboard filter query in Scripts

How to use, dashboard filter query in scripts?

Cortex XSOAR

Query on Filtering Closed Incidents by Time Frame in XSOAR dashboard

I'm in the process of creating a widget and need help retrieving details of incidents that were closed within a specific week or time frame, irrespective of their creation date. Additionally, I would like to know if there's a method to achieve this w

...

Resolved! MS Defender XSOAR Integration daily re-auth.

Hello, used this integration guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender) and the integration pulls incidents just fine. Currently using a self-deployed application and device code flow. Problem I am running into i

...

Set Incident values from Integration

Hello all,

I have customized a ticketing integration to our image. The last part I'm struggling with is returning values from the integration to incident fields.

My usecase is that, SOC analyst will create a ticket inside our ServiceDesk application

...

Alert when XSOAR doesn't fetch incidents for a certain integration.

Is there a way to receive an alert when no incidents are fetched in XSOAR for a certain integration for by example 24 hours. Not related to integration issues but if the integration works but nothing is fetched?

Would be beneficial to know if there i

...

Properly aligned and comprehensive report for XSOAR Incident

Hi all,

The current XSOAR incident report is unclear and poorly formatted. We need a properly aligned report to serve as the basis for our reporting.

Is there any way for this or any available template that we could use?

Thanks in advance.

Discussions

Resolved! How to Copy Incident Files from Linked Incidents

How to Automatically Send an Email When an Incident is Created in XSOAR?

Remove apps with Playbook XSOAR XDR

Web File Repository Integration error "Failed to execute wfr-status command"

Resolved! About XSOAR Free Edition Licenses

Resolved! Field Change Script To System Fields

Resolved! Can XSOAR disk space vary automatically?

CSOAR Pre processing rule with scheduled jobs

Securonix

How to use dashboard filter query in Scripts

Query on Filtering Closed Incidents by Time Frame in XSOAR dashboard

Resolved! MS Defender XSOAR Integration daily re-auth.

Set Incident values from Integration

Alert when XSOAR doesn't fetch incidents for a certain integration.

Properly aligned and comprehensive report for XSOAR Incident

XSOAR Dev to Prod - Builtin content repository

Still waiting on XSOAR Community Edition + Cortex XDR lab access

Result empty after using json2html script

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Re: Creating a custom command for XSOAR marketplace integration

Re: XSOAR Dev to Prod - Builtin content repository

Re: War Room Table to Layout view

Re: delay in a playbook

Unlock your full community experience!

Resolved! How to Copy Incident Files from Linked Incidents

Resolved! About XSOAR Free Edition Licenses

Resolved! Field Change Script To System Fields

Resolved! Can XSOAR disk space vary automatically?

Resolved! MS Defender XSOAR Integration daily re-auth.