XSOAR Mark war room entries as note

Hi everyone,

I have button in the incident layout and the script it triggers creates a new incident and posts all of the war room entries to the new incident. In the incident, we have some notes that should also be seen as notes in the new incident

Is possible to implement Failover Handling Integration (BYOI)

Is possible to implement own BYOI Integration with failover handling between multiple engine without load-balancing group because we concerned about the sequence of "Run on" engines must be run on primary engine first and secondary after primary is f

Xsoar-web-server to setup a web form submission

I am currently using a setup where a google form is hosted and a google apps script send the data over to XSOAR upon submission on google form.
How about the integrated "Xsoar-web-server" 

Is there a way we could use this to eliminate google form and

Retrieve screenshots from Notes section

Hi!

We are trying to give more importance to XSOAR within our SOC processes. As part of the changes we are introducing, we want all alert documentation to be done from now on in the 'Notes' section of each XSOAR incident.

The issue we are facing

WHOIS Integration - Connection Refused Errors

Hi All,

I am using hois integration to use "domain" command. I sometimes have array of strings for domains and sometimes single string and in most of cases whois return results to me but i got sometimes "Connection Refused" Issue. I already adjusted

How to Handle High-Volume Email Events in XSOAR Without Overloading the System

Hello guys,

I am currently working on Use Case for my organization to handle email threats that bypass our Trend Micro Email Security (TMS) gateway.

Context

• My organization uses Trend Micro Email Security as the email gateway.

• Some phishing, spam,

DT Query, special characters in key:value pair

I'm trying to create a "dt" filter for use with the GenericPolling playbook. (https://xsoar.pan.dev/docs/playbooks/generic-polling)

The key I need to check for the existence of is

MsGraph.Alert.Evidence.[1].@odata\.type

(XSOAR automatically adds the "

setPlaybook + Post-Processing

Hi everyone,

I have a Post-Processing script that uses the setPlaybook command to switch the incident to a playbook called test1.

The problem is that when I close the incident, the script doesn’t run just once - it keeps setting the same playbook

How do we join the Slack DFIR community?

Hi Everyone!

I’m hoping you can aim me in the right direction.

I’m trying to join the PAN DFIR slack community via this url:https://start.paloaltonetworks.com/join-our-slack-community

But the register button doesn’t seem to work for me, despite m

an issue with Forcepoint web Security with Cortex XSOAR Integration

Hello Dears,

I have an issue with Forcepoint web Security with Cortex XSOAR Integration.

kindly find the logs:
2024-03-26 10:36:37.6939 error Unable to do Http req to url : https://                 :15873/api/web/v1/categories/start [error 'Post "h

XSOAR EWS 2022 Integration

As you know, the current EWS integration is limited to Exchange 2019. Could you please confirm if there are any plans to extend support for Exchange 2022? Additionally, are there any recommended workaround solutions for implementing inbox monitoring

Conditional saying Any conditon is true

Is there a xsoar conditional that can say if any condition is true, continue on the path for that true condition?

[Cortex XSOAR] Integration TIM to SIEM Elastic

Hello Team,

I have a case that must integrate indicator from TIM Cortex XSOAR to SIEM 3rd Party like Elastic. Is there any documentation about how to integrate indicator from TIM for Elastic? Because when I search in documentation from Cortex XSOAR