Hello, I'm trying to build a transformer that given a IP gives back the reverse dns. However, it seems that using commands in transformers is not allowed. Am I wrong?
Hello Live Community, I am working on a use-case that requires me to copy incident files of any kind from within linked incidents and copy them to the main incident to be saved as evidence. I have tried the getentries command but an entryID does not suffice as the physical file is not copied t my incident. Does anyone have an idea on how to do t...
Hello, I want to automatically send an email whenever an incident is created in XSOAR. I’ve created a playbook and written a simple script that sends an email for a specific incident when executed within the playbook. However, I’d like to automate this process so that an email is sent automatically for every incident without manually triggering ...
I would like to know about your experience. How do you handle uninstalling software on specific devices that are not allowed and need to be removed via Cortex XDR with Cortex XSOAR Playbooks without the user see the uninstall.
Hi, Anyone encountered the following error when executing "wfr-status"? Command: !wfr-status(Web File Repository) Reason Failed to execute wfr-status command. Error: Verify that the server URL parameter is correct and that you have access to the server from your host. Error Type: <requests.exceptions.ConnectionError> HTTPCo...
Dear All, I installed the free version of XSOAR.However, when I installed XSOAR after the 30-day free license period, the license was not applied properly when I applied the license file. Can I get the free license again by applying again from the following site? https://start.paloaltonetworks.com/sign-up-for-community-edition.html?hsCtaTrac...
Hey CommunityDid anyone ever attach a field change trigger script to a system field? I guess it can't be done directly but is there a work around? Also, is there a way to run a script as soon as incident is created Cortex XSOAR
Hi everyone! I hope you're doing well. I wanted to ask something: Is it possible for the disk usage on my XSOAR to sometimes be at 60% and other times drop below that number? I mean, without me taking any action, can the disk space percentage decrease on its own? Thanks in advance!
How can we set the preprocess rule to drop any incidents created by schedule jobs? For example: any incident category=job and some incident field like description contains "False". The playbook in schedule Job, will run some tasks and condition and will mark the incident description with "False" if that incident is False and need to be dropped...
Can someone help me? I have created an instance in the Securonix integration but I want to fetch incidents but I do not get the alerts from my SIEM SECURONIX. It should be noted that the user and everything is correct. But I would like to know if anyone in the community has had the same problem and how they solved it.
How to use, dashboard filter query in scripts? Cortex XSOAR
I'm in the process of creating a widget and need help retrieving details of incidents that were closed within a specific week or time frame, irrespective of their creation date. Additionally, I would like to know if there's a method to achieve this without using scripting. Could you please provide guidance on how to implement this functionality?...
Hello, used this integration guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender) and the integration pulls incidents just fine. Currently using a self-deployed application and device code flow. Problem I am running into is a daily re-auth for a user account using the device code flow. I suspect it might have to do wi...
Hello all, I have customized a ticketing integration to our image. The last part I'm struggling with is returning values from the integration to incident fields.My usecase is that, SOC analyst will create a ticket inside our ServiceDesk application via button in Incident Layout. When this button is pressed, the command from the SD integration ...
Is there a way to receive an alert when no incidents are fetched in XSOAR for a certain integration for by example 24 hours. Not related to integration issues but if the integration works but nothing is fetched? Would be beneficial to know if there is a issue with a log source.
