XSOAR IP Forwarding requirement

For Cortex XSOAR 6.X On-premises deployment, in server deployment / system requirements describes that IPv4 IP forwarding is required (System Requirements • Cortex XSOAR Administrator Guide • Palo Alto Networks documentation portal ). Security team i

Any.run Cloud Sandbox Integration - Instructions not Clear

Hello LiveComm,

I am attempting to establish the Any.run integration on my XSOAR. I am using the latest version and have an issue with the instance properties. Firstly, there is no "Use system proxy settings" and the instance requires URL, User, Pass

Playbook trigger on all new alerts

I am trying to create a playbook that uses the ms-teams-message to send it to my teams webhook. I want the playbook to trigger and run for all new alerts. I have the trigger set now to resolution status=new, but this is not triggering for all new ale

Export Incidents List >50 items

I need to export a list of (filtered) Incidents on the XSOAR Incidents page/list. If I click the "Select All Rows" checkbox at the top-left of the list, and then use the Export button, I get an xlsx file, but it only has 50 rows (which is apparently

Firewall cortex and Windows 11

Hello, I have a question regarding the Cortex Firewall.

Does the Cortex Firewall component take control of the Windows Firewall? In other words, if the Windows Firewall is active on an endpoint, will Windows Defender show that it's being managed by

Need better approach to solve wrong commits on Content Pack

Scenario:  Two developer working on same playbook on Dev environment. For ex

Playbook Name: XXX_playbook

Developer A & Developer B working on XXX_playbook and both make changes independently. 'A' makes first commit on develop branch. Then, 'B' makes

Show hidden fields by default to non-admin users on Incidents (or have a way to configure it)

Hello,

We see that the option to show hidden fields by default on XSOAR is clicked only a few times for non-admin users.

We would like to see always, by default, the hidden fields for all incident tickets.

Thanks!

sandbox environment

Hello,

How can my Security Operations team access a dedicated, hands-on lab or sandbox environment to practice building playbooks and automations in Cortex XSOAR?

Cannot add Links between Tasks - messed up in browser.

Hi All,

Weird one.. so recently this started and I tried chrome, firefox and edge.. all does the same.. even in private windows.

i can edit a playbook, add tasks etc.. but when i try to add the 'link' between tasks, the link either disappears or sh

there any official training environments

I'm dedicated to self-learning the platform but understand the standalone Community Edition may have been discontinued.

Since I am not currently a Palo Alto Networks Partner or a paying customer, what are the recommended ways for an individual to get

Active Directory Query - Wrong info when null provided

I still consider myself fairly new to XSOAR and haven't written a lot of playbooks so maybe I'm doing this wrong, but here's my issue.
When using the Active Directory Query pack's commands (the ad-get-user most recently but I believe ad-disable-accoun

Help regarding accessing trail version for learning

Hi All,
Anyone please help me how to use trail version where I can learn and practice cortex xsoar.

Thanks in advance.

Deduping in Playbooks

I'm confused as to how to use the DedupBy command/script in my Playbook. I have a set command that grabs all the UPNs from a list of alerts in the data. This results in the Context data of:
Defender:{
UPNs:[
0:"user1@domain.com"
1:"user2@domain.com"
2:"us

O365 Teams (Using Graph API) (Community Contribution) configuration With XSOAR

Has anybody used the O365 Teams (Using Graph API) (Community Contribution) integration to send chat messages and was able to configure the integration successfully? 

while trying to test integration after configuring it, it is showing the following