Phishing PlayBook Issue

Hi everyone,

I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg fi

Bot XSOAR in Slack > bad performance

Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this:

Multiple XDR integrations in XSOAR

Hi team

Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the

Filter away weekend cases from XSOAR Dashboard "Duration" / "Number" Widget

Would appreciate some guidance here, thank you in advance!

Running a Task on Multiple Instances of an Integration - Playbook Optimization

Hello,
we are working on a playbook that needs to run a single task on 10 different instances of the same integration. Currently, the only way we know to handle this is by creating a separate sub-playbook for each instance, with the task configured to

xsoar license

I currently have 5 SOAR licenses contracted. However, I have a question: Does the Admin user consume a license? It should be noted that this user has been assigned the administrator role.

Block multiple IP's using panorama

Hi,
I have been looking for a solution to block multiple IP's at the same time using pan-os integration. Is there any way where multiple IP's are given as input to block from firewall.

XSOAR hosting docker container problem (exit status 125)

Hey,

I have a xsoar instance hosted by PA (saas access) and today none of my containers seems to work. Any script run gives the following message

Cortex XSOAR Hosts File

Hello,

Since we use XSOAR 8.6.0 OVA and the SSH user (Viewer) does not have authority to use sudo to alter the hosts file on the OVA, I need to add local domains to the Cortex XSOAR hosts file. Is there another SSH user with the highest privileges

How to stop a playbook task until ALL previous tasks are done?

Hi all,

I'm developing a playbook for Cortex XSOAR that sends a number of queries to our SIEM in parallel and uploads the results as files to an incident. I want to introduce subsequent steps that all depend on the files existing, however I cannot

XSOAR MISP - sync

Hi,
Does anyone have a #Cortex XSOAR sync with a MISP server (bidirectional sync)?

I have two objectives:

1. I have several indicators on my XSOAR, and my goal is to upload these indicators to MISP (including adding the "XSOAR" tag).
2. XSOAR should query MI