Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

manage Null values

Hello,

I'm trying to create a dataframe from two lists from the context:

key1:

     0:value1

     1:null

     2:value3

 

key2:

     0:value1

     1:value2

     2:value3

 

When I call them using demisto.getContext(...), the null value is not passed, l

...

Josep by L4 Transporter
  • 2636 Views
  • 13 replies
  • 0 Likes

Free space in XSOAR

Hello,

We're feeding XSOAR with a lot of incidents. To avoid this, we created a job which deletes incidents each week. However, due to the amount of them, the command "SearchIncidentsV2" fails, it's no capable to search them. How can we free space by

...

Josep by L4 Transporter
  • 1056 Views
  • 3 replies
  • 0 Likes

Problem retrieving fields from XDR

Hello community,

 

I am having a problem retrieving fields in XSOAR from XDR. I get most of the fields, but there are some that do not reach XSOAR, such as, for example, the "action_evtlog_data_fields" (it is not that they do not appear in the conte

...

rafaelusano_0-1695313186329.png
rafaelusano_1-1695313371429.png

Not able to export custom field in the report

Hello team,


I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or

...

SGupta by L1 Bithead
  • 861 Views
  • 1 replies
  • 0 Likes

Resolved! Disable auto assign incidents

Currently, XSOAR is randomly assigning incidents to users.  This includes user accounts who will never work incidents.

As I understand this is the default built-in process.

 

I looked at the AssignAnalystToIncident script, but really don't know what

...

Send Automated Alert from Cortex Xsoar

HI All,

I have created a playbook in Cortex Xsoar to sent automate email when a particular incident came.

The issue is when i am getting email it was in the below format:-

 

Hello Team,

We have observed an alert , kindly find the alert details below 

...

Krati199 by L0 Member
  • 557 Views
  • 1 replies
  • 0 Likes

QR code read from an image locally

Hi!

 

I would like to be able to read QR codes locally. The marketplace offering does not suggest a local QR read option. What would it take to develop one, as I can generally see that Python related libraries do exist? Could I request a QR related d

...

Antanas by L2 Linker
  • 889 Views
  • 3 replies
  • 0 Likes

Resolved! XSOAR Incident Workflow implementation

hi,
is there a possibility in xsoar to prevent an incident from being closed if certain conditions are not met? I would like to implement in incident workflow where one part is executed automatically and the other by the analyst, then if certain field

...

Resolved! Use DT format inside an automation.

Hello,

We are working on an automation which calls many different lists of nested dicts. Example:

upField:

0:

field1:value1

field2: value2

1:

field1:value3

field2: value4

 

In a playbook it will be easy to call only field1 using this expression: ${up

...

Josep by L4 Transporter
  • 1050 Views
  • 2 replies
  • 0 Likes

Shorten returned values in query

I'm creating a widget so I can have a report run returning certain Managment Audit log information.  One of the fields, "Management_Auditing_type" has values that are quite long that I would like to truncate.  For example, have "MANAGEMENT_AUDIT_ACTI

...

  • 976 Posts
  • 31 Subscriptions
This widget could not be displayed.
Top Liked Authors