Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Script failed to run Error

While integrating the QRADAR Instance am getting below mentioned error. Script failed to run: Error: [Traceback (most recent call last): File "<string>", line 352, in <module> File "/usr/local/lib/python3.10/base64.py", line 11, in <module> import binascii ImportError: Error loading shared library libz.so.1: Exec format error...

cV V by L2 Linker
  • 1784 Views
  • 2 replies
  • 0 Likes

Resolved! How to upload CSV string containing \n to XSOAR?

Hello all, We're writing a custom playbook in Cortex XSOAR that queries Splunk and returns data. The data we receive back from Splunk (via a self-written XSOAR automation, in Python) gets returned as an XML field containing a string that represents a flat CSV file. The \n character sequence (newline) gets added by Splunk to delimit each new li...

Screenshot 2024-09-18 at 16.46.55.png

Cortex Community Edition

Hi i have signed up for the community edition multiple time and recieve the initial conformation email each time but have so far never recieved the download link. I see the licence under our accounts on the hub and I use my company email addrress. Please may I have the download link Regards John

How to get Task Duration

Hello. I am interested in obtaining the execution time of automated tasks run on the Playbook. I understand that it is possible to refer to the individual execution times on the GUI. However, I do not know how to get the total execution time or the individual execution times using commands or other methods. Is there a good way to do this?

MEiunyo1 by L1 Bithead
  • 1416 Views
  • 2 replies
  • 0 Likes

Resolved! SlackAskV2 returning answers but did not provide a field in Context Data

Hello,I am new to using XSOAR and wanted to develop a playbook that sends a confirmation whether the user clicked a phishing link or not. I tried to use SlackAskV2 which did its job by sending a message to either user or channel and returning the given answer back to XSOAR in War Room.The issue that I encounter is, I don't see any context data b...

EDzuhri by L1 Bithead
  • 5818 Views
  • 12 replies
  • 0 Likes

SlackAskV2 Invalid Block Format

Hi folks, i am new with XSOAR and i try to create an approval workflow with SlackAskV2. Of course i prefer the default resonse type with buttons. And here's my problem. It does not work in the playbook editor.I always get the following error, when i try to run the playbook with default settings: Reason The request to the Slack API fa...

NDNico by L0 Member
  • 2536 Views
  • 3 replies
  • 0 Likes

XSOAR to analyze PDF and Office files

Hi everyone,Does anyone use XSOAR to analyze PDF and Office files? My idea is for users to send emails to a specific account. Cortex XSOAR would then receive these emails, extract the files, and analyze them using tools like OLETools. If any suspicious activity is detected, it would notify the IT team. If no suspicious activity is found, it woul...

tlmarques by L4 Transporter
  • 1569 Views
  • 1 replies
  • 1 Likes

Resolved! The command does not exist or it is disabled

Hello Team, I am new to use Cortex Xsoar. While running script getting the below error. why it is? IPReputation=${incident.details} returned an error Hide reason Reason The command does not exist or it is disabled enrichIndicators=${incident.details} returned an error Hide reason Reason The command does not exist o...

Resolved! Discussion: Send email to user with #xsoar link for them to upload files?

Is there a way to allow users to upload files to #xsoar incident via outlook email integration? example. Malware incident triggered from user's endpoint. soar sends an email to user stating they have detected a malware on their device. please zip the file and upload the file to xsoar using the link. Regards, Farid

mfaridsh by L0 Member
  • 1699 Views
  • 1 replies
  • 1 Likes

Use CPU% = 50 in XSOAR DEV

hi! i expermiented a rare problem in my xsoar dev, in there i have 0 jobs, 0 integration active, 0 incidents creation, 0 everything. But every 15 minutes, the cpu% increases to 50 for about 5 minutes, then to 0. The last change i've made is to configure the syslog to a host, but for this task, i followed step by step the official XSOAR documenta...

SFernandez413037_0-1724701049204.png

Phishing ML Model Issue !DBotPredictOutOfTheBoxV2

Hi All, I'm using phishing playbook and in which there is ML part but it gives me error even package is installed on xsoar.Please check error description here Command: !DBotPredictOutOfTheBoxV2 emailSubject="We’re sorry, an email was sent by mistake" emailBody="any dummy content here..." Reason Error from Scripts is : Script fail...

  • 1304 Posts
  • 45 Subscriptions