Failed to add entries

Team,

While pushing the ioc to arcsight active list using arcsight resource id is not found with status code 404..

And also as I checked the resourceID is similar with xsoar and arcsight...but still issue persits. #arcsight #xsoar #as-qdd-entries

To add the Description while push IOCs to XDR

Hello Team,

We need to add the description comment to IOC's while pushing to XDR. Already description was added to Indicators it was visible in Indicators Page. 

while pushing the IOC's to XDR the description was not adding to it when seeing in X

Usecase for IP block

Hi Team,

I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source.

Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in

XSOAR Exchange Integration Search Limit - It Does Not Return More Than 100 Result

Hello,

I have EWS2 integration on my XSOAR. When I try to delete phishing mail, for try to determine itemIds of mail will be deleted, I use ews-search-mailboxes command with +500 mail addresses. Syntax is correct but it give me only 100 results. I ch

Phishing PlayBook Issue

Hi everyone,

I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg fi

Bot XSOAR in Slack > bad performance

Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this:

Multiple XDR integrations in XSOAR

Hi team

Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the

Filter away weekend cases from XSOAR Dashboard "Duration" / "Number" Widget

Would appreciate some guidance here, thank you in advance!

Running a Task on Multiple Instances of an Integration - Playbook Optimization

Hello,
we are working on a playbook that needs to run a single task on 10 different instances of the same integration. Currently, the only way we know to handle this is by creating a separate sub-playbook for each instance, with the task configured to

xsoar license

I currently have 5 SOAR licenses contracted. However, I have a question: Does the Admin user consume a license? It should be noted that this user has been assigned the administrator role.