This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Set Incident values from Integration

Hello all, I have customized a ticketing integration to our image. The last part I'm struggling with is returning values from the integration to incident fields.My usecase is that, SOC analyst will create a ticket inside our ServiceDesk application via button in Incident Layout. When this button is pressed, the command from the SD integration ...

XSOAR keeps firing the same incident

Hi All, My XSOAR instance is a cloud hosted environment running on the latest version 8 build. I have a playbook that sends a notification email to a user in response to a change in their account settings to confirm if recognized. The user is requested to respond via the webform link that the data collection task generates in the email that ...

PWJ2020 by L0 Member
  • 1423 Views
  • 2 replies
  • 0 Likes

Resolved! Stopping unnecessary "Message from Cortex XSOAR Security Operations Server" emails from DBOT

Hi Guys, After assigning an analyst to an incident we receive one email per task change from DBOT, that is very noisy and I don't see any reference on the documentation to customize the same. Highly appreciate if anyone can tell me how to get around this. The email is as below DBot has updated an incident 400681 Use-case Name .View it on https:/...

Issue with timestamp_range_start and timestamp_range_end Dates in XSOAR Elasticsearch Integration Command

Problem Description:The date filtering functionality for start and end dates in the Elasticsearch search command on XSOAR does not seem to be working correctly. The command used is as follows:!es-search index="index-runtime-evts" query="queryTest" timestamp_range_start="-2y" timestamp_range_end="now"I also tried entering a specific timestamp, su...

MF762 by L1 Bithead
  • 999 Views
  • 1 replies
  • 0 Likes

Dashboard Graph Display Incident Count Per Month

Hello Live, I have a simple yet trivial question regarding displaying a graph showing each month's incident count consecutively. I can see it groups the count in a non-specified month order. Please see the graph below and take note of the seemingly random order of dates. Is there a way to display this correctly? I'm looking for September, Octob...

image.jpg

Resolved! unable to push the content from dev to prod

Hi All,I am attempting to push content from dev XSOAR to prod XSOAR, but I’m encountering a strange and frustrating error that lacks detailed information. I got following error when pushing content on dev "Failed committing changes. Error: Unexpected non-whitespace character after JSON at position 183 (line 2 column 1)"

Resolved! JSON Sample Incident Generator

I am trying to create "sample" alert/incidents in our XSIAM TEST environment for playbook testing based old previously worked alerts. Using the !ExportAlertContextToJSONFile command within an alert successfully creates a JSON file. After copying the "raw" JSON results the export command into the JSON Sample Incident Generator integration insta...

DBruce by L0 Member
  • 2093 Views
  • 1 replies
  • 0 Likes

Incident Parent-Child Relationship

I'm looking to establish a hierarchical relationship for linking incidents in XSOAR, specifically a parent-child structure. Currently, the platform allows for linking incidents without hierarchy and creating child incidents under a parent ticket. However, it does not permit linking existing incidents as children. Is there a way to add existing...

XSOAR Reports and Count Problems

Hi, We create two different queries by changing the date range in the reports. These two queries show a different number of incidents for the same day (Jun 24). We tried various queries in the query field. The result did not change both with and without the query. Is there anyone experiencing this issue and finding a solution?

Widget error when Report is scheduled

Hello, I created a simple widget using Python. The code fetches a list from XSOAR, extracts a number, and the widget displays that number. Nothing more. The widget works perfectly when viewed in the report interface or when executed in the playground. However, when the report is scheduled, it shows a "JavaScript" error. Could you help me unders...

SanDev_0-1724574278104.png
SanDev by L2 Linker
  • 990 Views
  • 1 replies
  • 0 Likes

Install Docker Images In XSOAR

Hi Everyone, I need to run phishing model and for that I need demisto/ml docker image. I intsalled machine learning content pack but still not get or see this docker image thats why I'm unable to run that model. I also ready info from here but still confused https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.11/Cortex-XSOAR-Administrator-...

XSOAR hosting docker container problem (exit status 125)

Hey, I have a xsoar instance hosted by PA (saas access) and today none of my containers seems to work. Any script run gives the following message Error from Scripts is : Script failed to run: "docker images demisto/python3:3.10.13.86272" with error "exit status 125" and output "Error: cannot re-exec process to join the existing user namespace H...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks