This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! How to upload CSV string containing \n to XSOAR?

Hello all, We're writing a custom playbook in Cortex XSOAR that queries Splunk and returns data. The data we receive back from Splunk (via a self-written XSOAR automation, in Python) gets returned as an XML field containing a string that represents a flat CSV file. The \n character sequence (newline) gets added by Splunk to delimit each new li...

Screenshot 2024-09-18 at 16.46.55.png

Cortex Community Edition

Hi i have signed up for the community edition multiple time and recieve the initial conformation email each time but have so far never recieved the download link. I see the licence under our accounts on the hub and I use my company email addrress. Please may I have the download link Regards John

How to get Task Duration

Hello. I am interested in obtaining the execution time of automated tasks run on the Playbook. I understand that it is possible to refer to the individual execution times on the GUI. However, I do not know how to get the total execution time or the individual execution times using commands or other methods. Is there a good way to do this?

MEiunyo1 by L1 Bithead
  • 1376 Views
  • 2 replies
  • 0 Likes

Resolved! SlackAskV2 returning answers but did not provide a field in Context Data

Hello,I am new to using XSOAR and wanted to develop a playbook that sends a confirmation whether the user clicked a phishing link or not. I tried to use SlackAskV2 which did its job by sending a message to either user or channel and returning the given answer back to XSOAR in War Room.The issue that I encounter is, I don't see any context data b...

EDzuhri by L1 Bithead
  • 5764 Views
  • 12 replies
  • 0 Likes

SlackAskV2 Invalid Block Format

Hi folks, i am new with XSOAR and i try to create an approval workflow with SlackAskV2. Of course i prefer the default resonse type with buttons. And here's my problem. It does not work in the playbook editor.I always get the following error, when i try to run the playbook with default settings: Reason The request to the Slack API fa...

NDNico by L0 Member
  • 2480 Views
  • 3 replies
  • 0 Likes

XSOAR to analyze PDF and Office files

Hi everyone,Does anyone use XSOAR to analyze PDF and Office files? My idea is for users to send emails to a specific account. Cortex XSOAR would then receive these emails, extract the files, and analyze them using tools like OLETools. If any suspicious activity is detected, it would notify the IT team. If no suspicious activity is found, it woul...

tlmarques by L4 Transporter
  • 1539 Views
  • 1 replies
  • 1 Likes

Resolved! The command does not exist or it is disabled

Hello Team, I am new to use Cortex Xsoar. While running script getting the below error. why it is? IPReputation=${incident.details} returned an error Hide reason Reason The command does not exist or it is disabled enrichIndicators=${incident.details} returned an error Hide reason Reason The command does not exist o...

Resolved! Discussion: Send email to user with #xsoar link for them to upload files?

Is there a way to allow users to upload files to #xsoar incident via outlook email integration? example. Malware incident triggered from user's endpoint. soar sends an email to user stating they have detected a malware on their device. please zip the file and upload the file to xsoar using the link. Regards, Farid

mfaridsh by L0 Member
  • 1667 Views
  • 1 replies
  • 1 Likes

Use CPU% = 50 in XSOAR DEV

hi! i expermiented a rare problem in my xsoar dev, in there i have 0 jobs, 0 integration active, 0 incidents creation, 0 everything. But every 15 minutes, the cpu% increases to 50 for about 5 minutes, then to 0. The last change i've made is to configure the syslog to a host, but for this task, i followed step by step the official XSOAR documenta...

SFernandez413037_0-1724701049204.png

Phishing ML Model Issue !DBotPredictOutOfTheBoxV2

Hi All, I'm using phishing playbook and in which there is ML part but it gives me error even package is installed on xsoar.Please check error description here Command: !DBotPredictOutOfTheBoxV2 emailSubject="We’re sorry, an email was sent by mistake" emailBody="any dummy content here..." Reason Error from Scripts is : Script fail...

Single Incident/Playbook is killing the whole platform

Hi, I built a playbook to pull some nested data (~8 MB in total) which then is used in a looped subplaybook for additional data extraction.The subplaybook is relatively simple, uses for each input loop, starts with deletecontext (all=yes) and returns couple of small parameters through Outputs. It supposed to have ~600 iterations in total. Subp...

Antanas by L2 Linker
  • 937 Views
  • 1 replies
  • 0 Likes

Unique Files From File Object

Dear All, I am currently optimizing the phishing playbook and have encountered some issues with the detonation and enrichment processes that handle file objects. I noticed that duplicate files are being passed to the sub-playbooks. I attempted to use a unique function to filter out these duplicates, but it didn't work as expected. I have two fil...

TSOARSupport_0-1724837317574.png
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks