Resolved! XSOAR 8 Engine Upgrade Failure
Did anyone recently observed that the engines are failing to connect with a reason saying "update required"? It should be get updated automatically since those are shell based. Cortex XSOAR
Did anyone recently observed that the engines are failing to connect with a reason saying "update required"? It should be get updated automatically since those are shell based. Cortex XSOAR
Hi All, Yesterday I dont know why slackaskv2 suddenly gave me error because of block key format. I fixed it but slack send message to channel using button and when user click on button no response come back. Idk whats wrong with this annoying stuff. Any useful suggestion pls Cortex XSOAR
Hi Everyone, I'd like to fetch incidents on Exabeam Advanced Analystics, however, when trying to create an instance I get the following error each time I specify the value Exabeam incident in the Fetch type: Error in API call [400] - Bad Request {"message": "attempt to access uninitialized field", "stackTrace": [], "apiErrorCode": "INTERNAL_...
Has anybody used the O365 Teams (Using Graph API) (Community Contribution) integration to send chat messages and was able to successful @ a user?I'm looking at the https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http docs for sending messages but I am not sure if the body arg in !msgraph-teams-send-messa...
Team, While pushing the ioc to arcsight active list using arcsight resource id is not found with status code 404.. And also as I checked the resourceID is similar with xsoar and arcsight...but still issue persits. #arcsight #xsoar #as-qdd-entries
Hello Team, We need to add the description comment to IOC's while pushing to XDR. Already description was added to Indicators it was visible in Indicators Page. while pushing the IOC's to XDR the description was not adding to it when seeing in XDR console the comment column was empty. (Find the attached screenshot for reference) Regards...
Hi, I am considering setting non-datetime type data on the horizontal axis of a Widget. However, it doesn't seem possible to create such a graph from the Widget creation screen. If it is possible to create a graph using methods such as script-based creation, I would appreciate it if you could tell me how. I have checked the page at the followi...
Hi Team, I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source. Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in firewall , proxy , edr. I need to create a flow followed by playbook. Work flow how I think is...
Hello, I have EWS2 integration on my XSOAR. When I try to delete phishing mail, for try to determine itemIds of mail will be deleted, I use ews-search-mailboxes command with +500 mail addresses. Syntax is correct but it give me only 100 results. I changed limit value at playground and I changed integration source code (limit value for ews-search...
Hi everyone, I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg files. Cortex XSOAR #phishing
Anyone tried with Stoplight XSOAR 8 API. I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is However, I am getting 401 Unauthorized on every call. I have tried generating new API keys with Instance Admin role as well but no luck. Tried with python, terminal and Po...
Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this: I'm sorry, I did not understand. I can understand the following commands: - list incidents [page x] - list my incidents [page x] - list my tasks - list closed incidents - new incident [details] - mirror incid...
Hi community, I'd like to enquire whether Cortex XSOAR can create BIOC rules from our xdr integration. Cortex XDR Cortex XSOAR
Is there any way to set a task within a playbook so that it does NOT execute if all the "arrows" pointing to it haven't completed their execution yet? For example, in the following image, I would like the "Close Investigation" task to execute only if both sub-playbooks have completed their execution. Is that possible? Thanks in advance!
Hi team Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the value can be the same across multiple tenants. Is there a way to tell a certain command that we a...

