Playbook condition data input

Hi Team ,
we've created a playbook condition in which if the risk is greater than zero, the IP should be added to the list created below, otherwise ., it should be added to another list . The input are in an array . How can i make them into single ele

playbook user investigation - generic

hello everyone,

I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented.

Thank y

Prompt user for confirmation before running script.

Looking for a way to prompt user to confirm before script execution. Is there a way to prompt user to confirm (i.e, in War Room)?

Trigger action each time an answer is received on data collection task

Hi everyone,

I am trying to achieve the following scenario:

Send a form with data collection task, the form is closed after 4 weeks. The form asks for a hostname to contain within CrowdStrike

Every time someone answers the form, I want to contain t

How to delete incidents with API(core-api-post /incident/batchDelete)

Hello,

I am sending a command like below on the API.

!core-api-post uri="/incident/batchDelete" body="{\"filter\":{\"id\":[\"260906\"]}}"

But it does not delete the incidents I want. It does not give an error.
How to use this correctly? I want to

Nested variables in XSOAR ? Interpolation?

I would like to use a Context key Value as a variable in a task, is this possible, or how are people accomplishing this in XSOAR?  Do i need to create a custom script? I saw someone else mention they were able to do something similar with Lists, but

XSOAR Playbook SQL Query

hello everyone !

I'm new to XSOAR, I hope you'll be patient with me. I have created a small job in which I execute a SELECT type SQL query, the result is a series of records. Here I have some doubts:
- How can I map the result of each record in each

XSOAR Execute query SQL

Hello !!

I have created an automation to execute a SQL query (SELECT), however additional fields appear in the result ("module name", "brand", etc). How can I remove these fields? My intention is to email the result of the SELECT query only the field

Problem to whitelist internal domains and IP's

Need help, as in Cortex XSOAR , I'm having issues adding my domains and internal networks to a whitelist
In the settings, I have two options for this, but I can't edit them.
Anyone else experiencing the same issue? My objective was to insert and exclu

How can I get the scores of the indicators I extract with commands?

Greetings to everyone,

With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the

Unable to spin up XSOAR community edition

Trying to install community edition on ubuntu ec2 instance via wget but getting 401 unauthorized error.

Any assistance on this ?

Mutli-Tenant - Playbook Sync

Hello,

Do I have to select everything individually when syncing content from main tenant to child tenants?
For example,
I will sync the playbook, I cannot see the indicent fields used in the playbook. I have to select them one by one.
How can I make i