This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

ServiceNow Developer looking for ideas

Hello all, I am a ServiceNow developer that is assisting a user that is using the XSOAR integration. The user is using the XSOAR application to run queries on my SN instance, but is not getting any results. I have checked his API account and it works fine in Postman. I shared the Postman information with my customer and it worked fine ...

Child Incident Evidence In Parent

Hello! I need to mark some child incident entries as notes and evidence in the parent incident. I have found ways in which you can pass the entries to the parent and then mark them as note/evidence in the parent. However, I would like to have an automation in the child incident playbook which would automatically mark the entries as note/evidence...

nickvus0 by L0 Member
  • 957 Views
  • 1 replies
  • 0 Likes

Resolved! How to Copy Incident Files from Linked Incidents

Hello Live Community, I am working on a use-case that requires me to copy incident files of any kind from within linked incidents and copy them to the main incident to be saved as evidence. I have tried the getentries command but an entryID does not suffice as the physical file is not copied t my incident. Does anyone have an idea on how to do t...

How to Automatically Send an Email When an Incident is Created in XSOAR?

Hello, I want to automatically send an email whenever an incident is created in XSOAR. I’ve created a playbook and written a simple script that sends an email for a specific incident when executed within the playbook. However, I’d like to automate this process so that an email is sent automatically for every incident without manually triggering ...

O.Isik by L0 Member
  • 1566 Views
  • 1 replies
  • 0 Likes

Remove apps with Playbook XSOAR XDR

I would like to know about your experience. How do you handle uninstalling software on specific devices that are not allowed and need to be removed via Cortex XDR with Cortex XSOAR Playbooks without the user see the uninstall.

tlmarques by L4 Transporter
  • 933 Views
  • 1 replies
  • 0 Likes

Web File Repository Integration error "Failed to execute wfr-status command"

Hi, Anyone encountered the following error when executing "wfr-status"? Command: !wfr-status(Web File Repository) Reason Failed to execute wfr-status command. Error: Verify that the server URL parameter is correct and that you have access to the server from your host. Error Type: <requests.exceptions.ConnectionError> HTTPCo...

SerKuan by L0 Member
  • 1268 Views
  • 2 replies
  • 0 Likes

Resolved! About XSOAR Free Edition Licenses

Dear All, I installed the free version of XSOAR.However, when I installed XSOAR after the 30-day free license period, the license was not applied properly when I applied the license file. Can I get the free license again by applying again from the following site? https://start.paloaltonetworks.com/sign-up-for-community-edition.html?hsCtaTrac...

Resolved! Field Change Script To System Fields

Hey CommunityDid anyone ever attach a field change trigger script to a system field? I guess it can't be done directly but is there a work around? Also, is there a way to run a script as soon as incident is created Cortex XSOAR

Resolved! Can XSOAR disk space vary automatically?

Hi everyone! I hope you're doing well. I wanted to ask something: Is it possible for the disk usage on my XSOAR to sometimes be at 60% and other times drop below that number? I mean, without me taking any action, can the disk space percentage decrease on its own? Thanks in advance!

CSOAR Pre processing rule with scheduled jobs

How can we set the preprocess rule to drop any incidents created by schedule jobs? For example: any incident category=job and some incident field like description contains "False". The playbook in schedule Job, will run some tasks and condition and will mark the incident description with "False" if that incident is False and need to be dropped...

Securonix

Can someone help me? I have created an instance in the Securonix integration but I want to fetch incidents but I do not get the alerts from my SIEM SECURONIX. It should be noted that the user and everything is correct. But I would like to know if anyone in the community has had the same problem and how they solved it.

mgamarra by L0 Member
  • 802 Views
  • 0 replies
  • 0 Likes

Query on Filtering Closed Incidents by Time Frame in XSOAR dashboard

I'm in the process of creating a widget and need help retrieving details of incidents that were closed within a specific week or time frame, irrespective of their creation date. Additionally, I would like to know if there's a method to achieve this without using scripting. Could you please provide guidance on how to implement this functionality?...

ansusabu by L1 Bithead
  • 2868 Views
  • 5 replies
  • 0 Likes

Resolved! MS Defender XSOAR Integration daily re-auth.

Hello, used this integration guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender) and the integration pulls incidents just fine. Currently using a self-deployed application and device code flow. Problem I am running into is a daily re-auth for a user account using the device code flow. I suspect it might have to do wi...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks