Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Need help on this XSOAR Weird behavior on preprocessing scripts

Hi All! I developed a preprocessing script and it's working fine in our dev xsoar environment but not working in prod for some reason. By looking at the log in detail, i found some nuances that i can't explain.Both prod and dev run the same code and i am sure the data is there in prod as wellHere is the comparison. this is the log from prod: ...

XSOAR | Automation Command | setMultiple(Builtin)

While using the Automation Command setMultiple in a playbook task, which expects Keys and Values with the Parent Context Key passed as arguments (Keys and Values as comma‑separated values): Example CLI command:!SetMultipleValues parent=test_parent keys=key1,key2,key3 values=val1,val2,val3 How can we apply Filters and Transformers on each of ...

How to use and/or change demisto user name for a XSOAR (SaaS) engine?

How to use and/or change the demisto user name (e.g. service_demisto, svc_demisto, etc.) for a XSOAR (SaaS) engine server that meets an enterprise organization's user naming requirement? If so, please provide url of online doc with "how to" instructions. If not, please provide url of online doc that explains the reason(s) that the demisto user n...

Trek333 by L0 Member
  • 402 Views
  • 0 replies
  • 0 Likes

Sum number field

Can someone explain why this isn’t working? I created a number field called “niv”, added it to a dashboard with a SUM aggregation, but it shows 0 instead of the expected total (55).

NivNet by L1 Bithead
  • 636 Views
  • 0 replies
  • 0 Likes

While True Condigtional

Hello Everyone,I want to ask about the while loop condition in XSOAR, is it possible to do that? for example i want to check condition the agent status to see whether it is connected or not, if it is not connected set 10minutes delay and then check the condition again Thank you!

G.Anshar by L1 Bithead
  • 4093 Views
  • 3 replies
  • 0 Likes

all incidents are missing

Hi everyone All incidents from our cortex xsoar instance are missing or are not shown, but we don't have any filter. The info is still on the server because we can see all the .db files, we tried to re-index the database but this didn't solve the issue. any ideas what might be happening? thanks

Playbook Task - Filters and Transformers help needed

Hi All, i have a playbook task that runs a XQL query against a dataset to take info from the alert context data, do a search against a specific dataset, then take the output of the '_broker_device_name' field and then this is written to my parentincidentcontext data.. this works. however, i am struggling with a simple task, and this is for a ...

PA_nts by L4 Transporter
  • 3669 Views
  • 1 replies
  • 0 Likes

Defining a Known User Object List for Automated Playbook Logic in XSOAR

I need to define a known user list as an Object List so that the playbook can automatically check it. If the username involved in the incident is found in this known list, the condition should pass and the incident should move forward toward automatic resolution. How do we properly define a list inside the playbook and configure the logic so t...

Chamindu by L1 Bithead
  • 3915 Views
  • 1 replies
  • 0 Likes
  • 1304 Posts
  • 45 Subscriptions