How to use dashboard filter query in Scripts
How to use, dashboard filter query in scripts? Cortex XSOAR
How to use, dashboard filter query in scripts? Cortex XSOAR
I'm in the process of creating a widget and need help retrieving details of incidents that were closed within a specific week or time frame, irrespective of their creation date. Additionally, I would like to know if there's a method to achieve this without using scripting. Could you please provide guidance on how to implement this functionality?...
Hello, used this integration guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender) and the integration pulls incidents just fine. Currently using a self-deployed application and device code flow. Problem I am running into is a daily re-auth for a user account using the device code flow. I suspect it might have to do wi...
Hello all, I have customized a ticketing integration to our image. The last part I'm struggling with is returning values from the integration to incident fields.My usecase is that, SOC analyst will create a ticket inside our ServiceDesk application via button in Incident Layout. When this button is pressed, the command from the SD integration ...
Is there a way to receive an alert when no incidents are fetched in XSOAR for a certain integration for by example 24 hours. Not related to integration issues but if the integration works but nothing is fetched? Would be beneficial to know if there is a issue with a log source.
Hi all, The current XSOAR incident report is unclear and poorly formatted. We need a properly aligned report to serve as the basis for our reporting. Is there any way for this or any available template that we could use? Thanks in advance.
Hi All, My XSOAR instance is a cloud hosted environment running on the latest version 8 build. I have a playbook that sends a notification email to a user in response to a change in their account settings to confirm if recognized. The user is requested to respond via the webform link that the data collection task generates in the email that ...
Hi Guys, After assigning an analyst to an incident we receive one email per task change from DBOT, that is very noisy and I don't see any reference on the documentation to customize the same. Highly appreciate if anyone can tell me how to get around this. The email is as below DBot has updated an incident 400681 Use-case Name .View it on https:/...
Problem Description:The date filtering functionality for start and end dates in the Elasticsearch search command on XSOAR does not seem to be working correctly. The command used is as follows:!es-search index="index-runtime-evts" query="queryTest" timestamp_range_start="-2y" timestamp_range_end="now"I also tried entering a specific timestamp, su...
Hello Live, I have a simple yet trivial question regarding displaying a graph showing each month's incident count consecutively. I can see it groups the count in a non-specified month order. Please see the graph below and take note of the seemingly random order of dates. Is there a way to display this correctly? I'm looking for September, Octob...
Hi All,I am attempting to push content from dev XSOAR to prod XSOAR, but I’m encountering a strange and frustrating error that lacks detailed information. I got following error when pushing content on dev "Failed committing changes. Error: Unexpected non-whitespace character after JSON at position 183 (line 2 column 1)"
I am trying to create "sample" alert/incidents in our XSIAM TEST environment for playbook testing based old previously worked alerts. Using the !ExportAlertContextToJSONFile command within an alert successfully creates a JSON file. After copying the "raw" JSON results the export command into the JSON Sample Incident Generator integration insta...
In the new Incident Creation Form in Cortex XSOAR. Is it possible to change the default value of the "Owner" field ? Ideally to NA (No Owner Assigned)?
I'm looking to establish a hierarchical relationship for linking incidents in XSOAR, specifically a parent-child structure. Currently, the platform allows for linking incidents without hierarchy and creating child incidents under a parent ticket. However, it does not permit linking existing incidents as children. Is there a way to add existing...
Hi, We create two different queries by changing the date range in the reports. These two queries show a different number of incidents for the same day (Jun 24). We tried various queries in the query field. The result did not change both with and without the query. Is there anyone experiencing this issue and finding a solution?

