Hello,
How can Cortex XSOAR be leveraged to map incident data, playbook actions, and adversary techniques to the MITRE ATT&CK Framework?
Hi,
Is anyone able to guide me on how to achieve this perhaps?
I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appr
...
For Cortex XSOAR 6.X On-premises deployment, in server deployment / system requirements describes that IPv4 IP forwarding is required (System Requirements • Cortex XSOAR Administrator Guide • Palo Alto Networks documentation portal ). Security team i
...
Hello LiveComm,
I am attempting to establish the Any.run integration on my XSOAR. I am using the latest version and have an issue with the instance properties. Firstly, there is no "Use system proxy settings" and the instance requires URL, User, Pass
...
I am trying to create a playbook that uses the ms-teams-message to send it to my teams webhook. I want the playbook to trigger and run for all new alerts. I have the trigger set now to resolution status=new, but this is not triggering for all new ale
...
I need to export a list of (filtered) Incidents on the XSOAR Incidents page/list. If I click the "Select All Rows" checkbox at the top-left of the list, and then use the Export button, I get an xlsx file, but it only has 50 rows (which is apparently
...
Hello, I have a question regarding the Cortex Firewall.
Does the Cortex Firewall component take control of the Windows Firewall? In other words, if the Windows Firewall is active on an endpoint, will Windows Defender show that it's being managed by
...
Scenario: Two developer working on same playbook on Dev environment. For ex
Playbook Name: XXX_playbook
Developer A & Developer B working on XXX_playbook and both make changes independently. 'A' makes first commit on develop branch. Then, 'B' makes
...
Hello,
We see that the option to show hidden fields by default on XSOAR is clicked only a few times for non-admin users.
We would like to see always, by default, the hidden fields for all incident tickets.
Thanks!
Hello,
How can my Security Operations team access a dedicated, hands-on lab or sandbox environment to practice building playbooks and automations in Cortex XSOAR?
Hi All,
Weird one.. so recently this started and I tried chrome, firefox and edge.. all does the same.. even in private windows.
i can edit a playbook, add tasks etc.. but when i try to add the 'link' between tasks, the link either disappears or sh
...
I'm dedicated to self-learning the platform but understand the standalone Community Edition may have been discontinued.
Since I am not currently a Palo Alto Networks Partner or a paying customer, what are the recommended ways for an individual to get
...
I still consider myself fairly new to XSOAR and haven't written a lot of playbooks so maybe I'm doing this wrong, but here's my issue.
When using the Active Directory Query pack's commands (the ad-get-user most recently but I believe ad-disable-accoun
Hi All,
Anyone please help me how to use trail version where I can learn and practice cortex xsoar.
Thanks in advance.
I'm confused as to how to use the DedupBy command/script in my Playbook. I have a set command that grabs all the UPNs from a list of alerts in the data. This results in the Context data of:
Defender:{
UPNs:[
0:"user1@domain.com"
1:"user2@domain.com"
2:"us
