Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Free Cortex XSOAR training!

Hello to all on the youtube channel for the live community there is a 6 hour free training. You can also test the free community edition for the Cortex XSOAR and schedule a workshop if want to play with the tool a little more:

 

https://www.youtube.c

...

How to remove Integration "cache" completely

Hi,

 

We are facing an issue where the integration ran into an error trying to pull an investigation from Secureworks, where an asset was not found, and the integration kept giving the same error continuously and would not pull the next investigation

...

Resolved! SLA Total Duration field in incident table

I can query successfully tickets that have an SLA > than X seconds.

 

What I'm having trouble with is displaying a field in the incident table. 

For example:  If i pull back tickets that have an SLA.TotalDuration > 2 days, I want to see the tickets an

...

JoshBoyd_0-1672172248049.png
JoshBoyd_1-1672172316199.png
JoshBoyd by L2 Linker
  • 542 Views
  • 1 replies
  • 0 Likes

Resolved! Replying to an Email using a Playbook

Hi All,

 

I need to automate customer follow ups using XSOAR. My requirements are as below.

 

  • Listen to emails and create incidents for each sent email - EWS V2 is being used for this
  • Once the initial mail is sent XSOAR will follow up with the custome
...

Podman - Docker - new Integration

Why does every time I install a new Integration like (Splunk) I get a warning ( unavailable docker image 'demisto/python3XXXXXX' ) Used by Integration (name of the integration)?

although I have opened the access and if I go to the console i can pull t

...

Cortex XDR Incident

Hello everyone, we started dealing with Cortex XDR and after getting the furst Incident, I am kinda lost. I am not even sure whats the issue, there is a lot of "information" on the management console. For example, the Incident, under "Key Assets & Ar

...

klerini by L0 Member
  • 428 Views
  • 1 replies
  • 0 Likes

How to count the playbook

We have a question for how to count the playbook?

 

We have a function with 3 product and 3 version.
How to count/quantify the playbook? Is 3 product X 3 vesrions =9 playbook?

For the playbook should different versions/bands be in the different playboo

...

Resolved! Subplaybook execution count

Hi!

 

Is there a way to count how many times was the specific subplaybook executed across mutliple/all incidents? How to ensure the number includes loops in subplaybooks?

The reason I need this number is to better understand ROI of the platform.

 

Th

...

Antanas by L2 Linker
  • 454 Views
  • 1 replies
  • 0 Likes

Transformer to delete line breaks in a string

Hello,

Some data is introduced in XSOAR with line breaks. Example:

 

data1,

data2,

data3,

data4

 

This data is joined with "," to be introduced in a task. However, data is not parsed correctly and the line breaks are introduced, causing an incorrect

...

Josep by L4 Transporter
  • 588 Views
  • 2 replies
  • 0 Likes
Top Liked Authors