Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Getting Started

Greetings--

I'm a data analyst who is adept at using tools like Tableau, R, MS Access, MySQL, and PowerBI to analyze both large and small datasets to find patterns, tell stories, visualize data, etc.  A cousin who first got me on the path for administ

...

Demo Data / Incidents

For purposes of demo'ing / mocking data for testing; how do you handle that....

 

Curious is there any import function to mock up incident data within XSOAR?

jboyd98 by L2 Linker
  • 929 Views
  • 2 replies
  • 0 Likes

Resolved! XSOAR Qradar Integration Set Range Limit

Hi,

I succeeded XSOAR integration with Qradar. But I keep getting timeout warnings. I solved this problem by entering parameter "--env=REQUEST_TIME OUT=1500". But I caught that the real problem is in the query. To give an example of this, I enter the

...

[error 'open /proc/stat: too many open files']

Recently had some performance problems reported from my xsoar users.

Found a tenant crashing.  Upon investigating I found the following error in the logs:

App03 host:

error Couldn't calc cores number [error 'open /proc/stat: too many open files']error C

...

jboyd98_0-1646333459707.png
jboyd98_1-1646333459832.png
jboyd98_2-1646333459708.png
jboyd98 by L2 Linker
  • 931 Views
  • 2 replies
  • 0 Likes

Resolved! Field Trigger Script / Broswer Caching Issue?

I have a field trigger script on dbot status changing; essentially updating a custom field to nothing if the an incident is re-opened.

 

if field=="dbotStatus" and old=="Closed" and new=="Active" and incidentType=="Azure Sentinel":
demisto.executeComman

...

jboyd98_0-1646165018375.png
jboyd98_1-1646165158523.png
jboyd98_2-1646165399027.png
jboyd98 by L2 Linker
  • 813 Views
  • 1 replies
  • 0 Likes