This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Cortex XSOAR Fetch Incident In Exabeam Advanced Analytics

Hi Everyone, I'd like to fetch incidents on Exabeam Advanced Analystics, however, when trying to create an instance I get the following error each time I specify the value Exabeam incident in the Fetch type: Error in API call [400] - Bad Request {"message": "attempt to access uninitialized field", "stackTrace": [], "apiErrorCode": "INTERNAL_...

MS Graph Teams (Community Edition)

Has anybody used the O365 Teams (Using Graph API) (Community Contribution) integration to send chat messages and was able to successful @ a user?I'm looking at the https://learn.microsoft.com/en-us/graph/api/chatmessage-post?view=graph-rest-1.0&tabs=http docs for sending messages but I am not sure if the body arg in !msgraph-teams-send-messa...

Failed to add entries

Team, While pushing the ioc to arcsight active list using arcsight resource id is not found with status code 404.. And also as I checked the resourceID is similar with xsoar and arcsight...but still issue persits. #arcsight #xsoar #as-qdd-entries

To add the Description while push IOCs to XDR

Hello Team, We need to add the description comment to IOC's while pushing to XDR. Already description was added to Indicators it was visible in Indicators Page. while pushing the IOC's to XDR the description was not adding to it when seeing in XDR console the comment column was empty. (Find the attached screenshot for reference) Regards...

cV V by L2 Linker
  • 2180 Views
  • 5 replies
  • 0 Likes

Resolved! Method of Creating a Widget with Non-datetime Type Data on the Horizontal Axis

Hi, I am considering setting non-datetime type data on the horizontal axis of a Widget. However, it doesn't seem possible to create such a graph from the Widget creation screen. If it is possible to create a graph using methods such as script-based creation, I would appreciate it if you could tell me how. I have checked the page at the followi...

MEiunyo1 by L1 Bithead
  • 1874 Views
  • 2 replies
  • 0 Likes

Usecase for IP block

Hi Team, I am new to this Xsoar platform. Trying to create custom playbook, just want help on parsing an email from external source. Our customer will sent an email with IOC attachment in excel format to our SOC operation team to block the IOC in firewall , proxy , edr. I need to create a flow followed by playbook. Work flow how I think is...

XSOAR Exchange Integration Search Limit - It Does Not Return More Than 100 Result

Hello, I have EWS2 integration on my XSOAR. When I try to delete phishing mail, for try to determine itemIds of mail will be deleted, I use ews-search-mailboxes command with +500 mail addresses. Syntax is correct but it give me only 100 results. I changed limit value at playground and I changed integration source code (limit value for ews-search...

cef63964 by L0 Member
  • 886 Views
  • 1 replies
  • 0 Likes

Phishing PlayBook Issue

Hi everyone, I'm currently developing a phishing playbook that is already available in XSOAR. I'm curious why the IOCs are not being extracted from the email body, while it seems that IOC extraction only occurs from attachments in the .eml or .msg files. Cortex XSOAR #phishing

Syedhkt_0-1728275077529.png
Syedhkt by L2 Linker
  • 1050 Views
  • 1 replies
  • 0 Likes

Resolved! Using XSOAR API Stoplight

Anyone tried with Stoplight XSOAR 8 API. I am trying the APIs listed https://cortex-panw.stoplight.io/docs/cortex-xsoar-8/kjn2q21a7yrbm-get-started-with-cortex-xsoar-8-ap-is However, I am getting 401 Unauthorized on every call. I have tried generating new API keys with Instance Admin role as well but no luck. Tried with python, terminal and Po...

Bot XSOAR in Slack > bad performance

Hi everyone! I have a question about the XSOAR Bot in Slack. If you send anything to the bot, it responds with a message like this: I'm sorry, I did not understand. I can understand the following commands: - list incidents [page x] - list my incidents [page x] - list my tasks - list closed incidents - new incident [details] - mirror incid...

Resolved! Non-Finish Task

Is there any way to set a task within a playbook so that it does NOT execute if all the "arrows" pointing to it haven't completed their execution yet? For example, in the following image, I would like the "Close Investigation" task to execute only if both sub-playbooks have completed their execution. Is that possible? Thanks in advance!

Multiple XDR integrations in XSOAR

Hi team Where we have multiple XDR tenants integrated into XSOAR, how can a playbook determine which tenant they are working with? For e.g. by running "!xdr-update-incident", the incident identifier is the XDR incident ID ("incident_id") which the value can be the same across multiple tenants. Is there a way to tell a certain command that we a...

tmeksik by L2 Linker
  • 794 Views
  • 1 replies
  • 0 Likes

Running a Task on Multiple Instances of an Integration - Playbook Optimization

Hello,we are working on a playbook that needs to run a single task on 10 different instances of the same integration. Currently, the only way we know to handle this is by creating a separate sub-playbook for each instance, with the task configured to run on each of the 10 instances. As a result, the main playbook consists of 10 separate sub-play...

MF762 by L1 Bithead
  • 2804 Views
  • 3 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks