This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Method of Creating a Widget with Non-datetime Type Data on the Horizontal Axis

Hi, I am considering setting non-datetime type data on the horizontal axis of a Widget. However, it doesn't seem possible to create such a graph from the Widget creation screen. If it is possible to create a graph using methods such as script-based creation, I would appreciate it if you could tell me how. I have checked the page at the followi...

MEiunyo1 by L1 Bithead
  • 1768 Views
  • 2 replies
  • 0 Likes

Usecase for IP block

Hi Team, I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source. Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in firewall , proxy , edr. I need to create a flow followed by playbook. Work flow how I think is...

XSOAR Exchange Integration Search Limit - It Does Not Return More Than 100 Result

Hello, I have EWS2 integration on my XSOAR. When I try to delete phishing mail, for try to determine itemIds of mail will be deleted, I use ews-search-mailboxes command with +500 mail addresses. Syntax is correct but it give me only 100 results. I changed limit value at playground and I changed integration source code (limit value for ews-search...

cef63964 by L0 Member
  • 842 Views
  • 1 replies
  • 0 Likes

Phishing PlayBook Issue

Hi everyone, I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg files. Cortex XSOAR #phishing

Syedhkt_0-1728275077529.png
Syedhkt by L2 Linker
  • 961 Views
  • 1 replies
  • 0 Likes

Resolved! Using XSOAR API Stoplight

Anyone tried with Stoplight XSOAR 8 API. I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is However, I am getting 401 Unauthorized on every call. I have tried generating new API keys with Instance Admin role as well but no luck. Tried with python, terminal and Po...

Bot XSOAR in Slack > bad performance

Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this: I'm sorry, I did not understand. I can understand the following commands: - list incidents [page x] - list my incidents [page x] - list my tasks - list closed incidents - new incident [details] - mirror incid...

Resolved! Non-Finish Task

Is there any way to set a task within a playbook so that it does NOT execute if all the "arrows" pointing to it haven't completed their execution yet? For example, in the following image, I would like the "Close Investigation" task to execute only if both sub-playbooks have completed their execution. Is that possible? Thanks in advance!

Multiple XDR integrations in XSOAR

Hi team Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the value can be the same across multiple tenants. Is there a way to tell a certain command that we a...

tmeksik by L2 Linker
  • 743 Views
  • 1 replies
  • 0 Likes

Running a Task on Multiple Instances of an Integration - Playbook Optimization

Hello,we are working on a playbook that needs to run a single task on 10 different instances of the same integration. Currently, the only way we know to handle this is by creating a separate sub-playbook for each instance, with the task configured to run on each of the 10 instances. As a result, the main playbook consists of 10 separate sub-play...

MF762 by L1 Bithead
  • 2659 Views
  • 3 replies
  • 0 Likes

Resolved! ML Content Pack Issue - Phishing Email

I'm currently developing a phishing email playbook that includes the ML module DBotPredictOutOfTheBoxV2, which is causing issues. Upon investigation, I found that the Machine Learning content pack is installed, but the Demisto image demisto/ml is not available. If you have any insights or solutions, I would greatly appreciate your help. I got th...

Syedhkt_0-1727335022455.png
Syedhkt by L2 Linker
  • 1636 Views
  • 2 replies
  • 0 Likes

xsoar license

I currently have 5 SOAR licenses contracted. However, I have a question: Does the Admin user consume a license? It should be noted that this user has been assigned the administrator role.

jcajam by L0 Member
  • 905 Views
  • 1 replies
  • 0 Likes

XSOAR hosting docker container problem (exit status 125)

Hey, I have a xsoar instance hosted by PA (saas access) and today none of my containers seems to work. Any script run gives the following message Error from Scripts is : Script failed to run: "docker images demisto/python3:3.10.13.86272" with error "exit status 125" and output "Error: cannot re-exec process to join the existing user namespace H...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks