Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

XSOAR Integration with Cortex XDR

Hello,

we're trying to integrate Cortex XDR to our XSOAR, we already have the "Palo Alto Networks Cortex XDR - Investigation and Response" instance and we set the Starred incidents fetch window and the First fetch timestamp to 30 days (we even try to

...

Resolved! Extract IP's from context data

Hi Team,
we want to extract and check the IP reputation of IP's from a context data value which consists of 70k IP's  from EDL and i just need 1000 IP's from that context value. Could you please assist us ..?  please find the attachment 
Cortex XSOAR 

Resolved! XSOAR - Using a script to run playbook

I want to be able to click on an Indicator (i.e. a domain) in the Incidents page, run a script to kick off an approval process, once approved, continue to block.

 

I've come to the conclusion that script execution in XSOAR is not synchronous; the scr

...

Using RPA from Cortex XSOAR

Hello LC,

I working on a unique deployment that requires the use of RPA to do a few actions that are not supported by API on the target systems. Has anyone successfully created an integration or similar for Crayon or other RPA systems? I can see that

...

Resolved! Where is the id_set.json file utilized?

The purpose of id_set.json is defined here https://xsoar.pan.dev/docs/documentation/pack-docs#how-do-you-find-pack-dependencies. So it's kind of like package-lock.json in NodeJS. However, where do we need to use it? I can only see it's being used in

...

TPhan by L0 Member
  • 742 Views
  • 1 replies
  • 0 Likes

Playbook condition data input

Hi Team ,
we've created a playbook condition in which if the risk is greater than zero, the IP should be added to the list created below, otherwise ., it should be added to another list . The input are in an array . How can i make them into single ele

...

playbook user investigation - generic

hello everyone,

I was reviewing the user investigation - generic playbook for a bit, I would like to have your support by explaining to me what types of uses this playbook could be applied to and if anyone of you already has it implemented.

 

Thank y

...

Resolved! Integration Office 365: Get mail reported by user

Hi,

 

one question about O365 integration. Maybe it's a O365 question, not a XSOAR one, but I'd like to know if I can do it with XSOAR.

I have an alert "Email reported by user as malware or phish" from Microsoft Graph Identity and Access integration.

...

MTubia by L1 Bithead
  • 2931 Views
  • 5 replies
  • 0 Likes

Resolved! Can I test Playbooks with CLI?

Hi everyone,

I'd like to know if it's possible to test Playbooks via the command line interface or something similar. Currently, I always use the GUI for testing purposes, loading an incident from the debugger panel and just clicking to run. However,

...

  • 1111 Posts
  • 34 Subscriptions
Top Solution Authors