Cortex XSOAR Discussions

While True Condigtional

Hello Everyone,I want to ask about the while loop condition in XSOAR, is it possible to do that? for example i want to check condition the agent status to see whether it is connected or not, if it is not connected set 10minutes delay and then check the condition again Thank you!

Cortex XSOAR Installation In personal laptop

Hi folks, can anyone help me with how to install the community edition of SOAR on my personal laptop? Also, will the database server be installed automatically, or do we need to install it separately along with SOAR?

XSOAR Community Download

Where do I go to download the community edition of XSOAR?

all incidents are missing

Hi everyone All incidents from our cortex xsoar instance are missing or are not shown, but we don't have any filter. The info is still on the server because we can see all the .db files, we tried to re-index the database but this didn't solve the issue. any ideas what might be happening? thanks

Playbook Task - Filters and Transformers help needed

Hi All, i have a playbook task that runs a XQL query against a dataset to take info from the alert context data, do a search against a specific dataset, then take the output of the '_broker_device_name' field and then this is written to my parentincidentcontext data.. this works. however, i am struggling with a simple task, and this is for a ...

xsoar Custom script widget

Hi all, im new to xsoar dashboarding can anyone guide me how to create a widget to get playbook execution count with playbook name and playbook tag

specific playbooks

Hello, Are there specific playbooks or automation features that have significantly improved SOC workflows?

Defining a Known User Object List for Automated Playbook Logic in XSOAR

I need to define a known user list as an Object List so that the playbook can automatically check it. If the username involved in the incident is found in this known list, the condition should pass and the incident should move forward toward automatic resolution. How do we properly define a list inside the playbook and configure the logic so t...

Resolved! Result empty after using json2html script

I found the issue after using script json2html table to convert json array to HTML table. it's return to empty vaule. Do you have any idea?

Creating a custom command for XSOAR marketplace integration

Hello Everyone, I wanted to create a custom command in additional to the existing commands present for one of the integrations we have configured in XSOAR from the marketplace. How can I achieve this? I checked the documentation, but it refers to script creation. Thanks in advance.

map incident data

Hello, How can Cortex XSOAR be leveraged to map incident data, playbook actions, and adversary techniques to the MITRE ATT&CK Framework?

Enriching context data with info from datasets

Hi, Is anyone able to guide me on how to achieve this perhaps? I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appreciated. thanks in adv

XSOAR IP Forwarding requirement

For Cortex XSOAR 6.X On-premises deployment, in server deployment / system requirements describes that IPv4 IP forwarding is required (System Requirements • Cortex XSOAR Administrator Guide • Palo Alto Networks documentation portal ). Security team is questioning if there is other possibility to deploy XSOAR by not enabling IPv4 IP Forwarding or...

Any.run Cloud Sandbox Integration - Instructions not Clear

Hello LiveComm, I am attempting to establish the Any.run integration on my XSOAR. I am using the latest version and have an issue with the instance properties. Firstly, there is no "Use system proxy settings" and the instance requires URL, User, Password API Key, API Key ID. Every value here is obligatory and it is not clear how to make this wor...

Playbook trigger on all new alerts

I am trying to create a playbook that uses the ms-teams-message to send it to my teams webhook. I want the playbook to trigger and run for all new alerts. I have the trigger set now to resolution status=new, but this is not triggering for all new alerts even the ones with that status. Any ideas how to trigger on all new alerts or a better way to...

Discussions

While True Condigtional

Cortex XSOAR Installation In personal laptop

XSOAR Community Download

all incidents are missing

Playbook Task - Filters and Transformers help needed

xsoar Custom script widget

specific playbooks

Defining a Known User Object List for Automated Playbook Logic in XSOAR

Resolved! Result empty after using json2html script

Creating a custom command for XSOAR marketplace integration

map incident data

Enriching context data with info from datasets

XSOAR IP Forwarding requirement

Any.run Cloud Sandbox Integration - Instructions not Clear

Playbook trigger on all new alerts

XSOAR Dev to Prod - Builtin content repository

Still waiting on XSOAR Community Edition + Cortex XDR lab access

Result empty after using json2html script

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Mass Closure of XSIAM Incidents

Re: Incident Parent-Child Relationship

Unlock your full community experience!

Resolved! Result empty after using json2html script