This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! SlackAskV2 returning answers but did not provide a field in Context Data

Hello,I am new to using XSOAR and wanted to develop a playbook that sends a confirmation whether the user clicked a phishing link or not. I tried to use SlackAskV2 which did its job by sending a message to either user or channel and returning the given answer back to XSOAR in War Room.The issue that I encounter is, I don't see any context data b...

EDzuhri by L1 Bithead
  • 5509 Views
  • 12 replies
  • 0 Likes

SlackAskV2 Invalid Block Format

Hi folks, i am new with XSOAR and i try to create an approval workflow with SlackAskV2. Of course i prefer the default resonse type with buttons. And here's my problem. It does not work in the playbook editor.I always get the following error, when i try to run the playbook with default settings: Reason The request to the Slack API fa...

NDNico by L0 Member
  • 2369 Views
  • 3 replies
  • 0 Likes

XSOAR to analyze PDF and Office files

Hi everyone,Does anyone use XSOAR to analyze PDF and Office files? My idea is for users to send emails to a specific account. Cortex XSOAR would then receive these emails, extract the files, and analyze them using tools like OLETools. If any suspicious activity is detected, it would notify the IT team. If no suspicious activity is found, it woul...

tlmarques by L4 Transporter
  • 1445 Views
  • 1 replies
  • 1 Likes

Resolved! The command does not exist or it is disabled

Hello Team, I am new to use Cortex Xsoar. While running script getting the below error. why it is? IPReputation=${incident.details} returned an error Hide reason Reason The command does not exist or it is disabled enrichIndicators=${incident.details} returned an error Hide reason Reason The command does not exist o...

Resolved! Discussion: Send email to user with #xsoar link for them to upload files?

Is there a way to allow users to upload files to #xsoar incident via outlook email integration? example. Malware incident triggered from user's endpoint. soar sends an email to user stating they have detected a malware on their device. please zip the file and upload the file to xsoar using the link. Regards, Farid

mfaridsh by L0 Member
  • 1573 Views
  • 1 replies
  • 1 Likes

Use CPU% = 50 in XSOAR DEV

hi! i expermiented a rare problem in my xsoar dev, in there i have 0 jobs, 0 integration active, 0 incidents creation, 0 everything. But every 15 minutes, the cpu% increases to 50 for about 5 minutes, then to 0. The last change i've made is to configure the syslog to a host, but for this task, i followed step by step the official XSOAR documenta...

SFernandez413037_0-1724701049204.png

Phishing ML Model Issue !DBotPredictOutOfTheBoxV2

Hi All, I'm using phishing playbook and in which there is ML part but it gives me error even package is installed on xsoar.Please check error description here Command: !DBotPredictOutOfTheBoxV2 emailSubject="We’re sorry, an email was sent by mistake" emailBody="any dummy content here..." Reason Error from Scripts is : Script fail...

Single Incident/Playbook is killing the whole platform

Hi, I built a playbook to pull some nested data (~8 MB in total) which then is used in a looped subplaybook for additional data extraction.The subplaybook is relatively simple, uses for each input loop, starts with deletecontext (all=yes) and returns couple of small parameters through Outputs. It supposed to have ~600 iterations in total. Subp...

Antanas by L2 Linker
  • 869 Views
  • 1 replies
  • 0 Likes

Unique Files From File Object

Dear All, I am currently optimizing the phishing playbook and have encountered some issues with the detonation and enrichment processes that handle file objects. I noticed that duplicate files are being passed to the sub-playbooks. I attempted to use a unique function to filter out these duplicates, but it didn't work as expected. I have two fil...

TSOARSupport_0-1724837317574.png

Resolved! Integration Sentinel One <> XSOAR

Hi everyone! How are you? I have a problem with the integracion of Sentinel One from XSOAR: In Sentinel I have a few rules for some Incidents. One rule closes the incident as soon as it is discovered by the platform, that is, the incident is created on the platform and the rule that closes it is automatically executed. I can summarize the proble...

Screenshot 2024-08-22 102854.png

Resolved! Cortex XSOAR V8.7 Back Up

I'm unable to find any backup options for the cloud-based Cortex XSOAR V8.7 platform. Could you please provide any guidelines or resources on how to create a backup? My license is going to expire soon, so I need to ensure I have a proper backup in place. Cortex XSOAR #backup

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks