Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! Integration Office 365: Get mail reported by user

Hi,

 

one question about O365 integration. Maybe it's a O365 question, not a XSOAR one, but I'd like to know if I can do it with XSOAR.

I have an alert "Email reported by user as malware or phish" from Microsoft Graph Identity and Access integration.

...

MTubia by L1 Bithead
  • 2841 Views
  • 5 replies
  • 0 Likes

Resolved! Can I test Playbooks with CLI?

Hi everyone,

I'd like to know if it's possible to test Playbooks via the command line interface or something similar. Currently, I always use the GUI for testing purposes, loading an incident from the debugger panel and just clicking to run. However,

...

Nested variables in XSOAR ? Interpolation?

I would like to use a Context key Value as a variable in a task, is this possible, or how are people accomplishing this in XSOAR?  Do i need to create a custom script? I saw someone else mention they were able to do something similar with Lists, but

...

kbratt by L1 Bithead
  • 852 Views
  • 2 replies
  • 0 Likes

Resolved! MS Defender XSOAR Integration daily re-auth.

Hello, used this integration guide (https://xsoar.pan.dev/docs/reference/integrations/microsoft-365-defender) and the integration pulls incidents just fine. Currently using a self-deployed application and device code flow. Problem I am running into i

...

XSOAR Playbook SQL Query

hello everyone !

 

I'm new to XSOAR, I hope you'll be patient with me. I have created a small job in which I execute a SELECT type SQL query, the result is a series of records. Here I have some doubts:
- How can I map the result of each record in each

...

XSOAR Execute query SQL

Hello !!

I have created an automation to execute a SQL query (SELECT), however additional fields appear in the result ("module name", "brand", etc). How can I remove these fields? My intention is to email the result of the SELECT query only the field

...

Problem to whitelist internal domains and IP's

Need help, as in Cortex XSOAR , I'm having issues adding my domains and internal networks to a whitelist
In the settings, I have two options for this, but I can't edit them.
Anyone else experiencing the same issue? My objective was to insert and exclu

...

tlmarques_0-1706787040765.png
tlmarques by L3 Networker
  • 1648 Views
  • 8 replies
  • 0 Likes

Mutli-Tenant - Playbook Sync

Hello,

 

Do I have to select everything individually when syncing content from main tenant to child tenants?
For example,
I will sync the playbook, I cannot see the indicent fields used in the playbook. I have to select them one by one.
How can I make i

...

  • 1101 Posts
  • 34 Subscriptions