Cortex XSOAR Discussions

Send Automated Alert from Cortex Xsoar

HI All,

I have created a playbook in Cortex Xsoar to sent automate email when a particular incident came.

The issue is when i am getting email it was in the below format:-

Hello Team,

We have observed an alert , kindly find the alert details below

...

QR code read from an image locally

Hi!

I would like to be able to read QR codes locally. The marketplace offering does not suggest a local QR read option. What would it take to develop one, as I can generally see that Python related libraries do exist? Could I request a QR related d

...

Resolved! XSOAR Incident Workflow implementation

hi,
is there a possibility in xsoar to prevent an incident from being closed if certain conditions are not met? I would like to implement in incident workflow where one part is executed automatically and the other by the analyst, then if certain field

...

Resolved! Error "Docker timeout" while using datetime library

Hi all,

We were experiencing issues with integrations that are making use of the library "datetime"

When trying to execute this piece of code:

It returns the following error:

We've tried using different Docker images, creating our own i

...

Resolved! Use DT format inside an automation.

Hello,

We are working on an automation which calls many different lists of nested dicts. Example:

upField:

0:

field1:value1

field2: value2

1:

field1:value3

field2: value4

In a playbook it will be easy to call only field1 using this expression: ${up

...

Shorten returned values in query

I'm creating a widget so I can have a report run returning certain Managment Audit log information. One of the fields, "Management_Auditing_type" has values that are quite long that I would like to truncate. For example, have "MANAGEMENT_AUDIT_ACTI

...

Onboarding Playbook Questions

Hi, I am needing to build a playbook for onboarding new accounts into Active Directory. I do know they have some Premium Playbooks but I don't have that budget so building our own.

How do I take in to account the aspect if the username is already

...

War Room showing limited outputs

Hello,

We are executing a long playbook. This playbook started to work incorrectly. To check what was happening, we looked inside the War Room, but it only showed a limited number of outputs. In order to check more outputs, we had to scroll up inside

...

ElasticSearch Integration(insert/select/delete)

Hello, I have some questions about ElasticSearch Intergration.
This integration imports only events as incidents?
If I want to execute (run) insert/select/delete commands in ElasticSearch should I update the integration? Or did you have any other way t

...

Delete List using automation/command?

Hi All,

I wanted to delete a list using a playbook tasks, but I dont find any automation that can achieve it. It only have createList, and remove data from List

May I know any workaround for it?

Regards,

Jia Kai

Resolved! ParseExcel automation issue

hello,
using XSOAR I wanted to parse an excel from an e-mail and insert the information into a table. I created a Grid field by inserting it inside the incident, used ParseExcel inside a playbook setting as "Mapping" inside the automation to identify

...

Upgrade issue with the description of incident field

Hi community.
We have issue with the upgrade scenario of the description (tooltip) of the incident field for the Dataminr Pulse integration for XSOAR.

We have updated the description of the incident fields: Dataminr Pulse Post Link and Dataminr P

...

Resolved! How to access incidents a user is participant of

Roles field is a good way to restrict access to incidents. but in my case I just want to assign a group of people to manage an incident and not restrict the incidents to other people. In order to do that I am adding users to the incident as a team me

...

Resolved! Create clean Notes in the layout

Hello,

We'd like to create Notes in the layout. We can use the option "Mark results as note", but it shows the command executed. We'd like to show a clean note, nothing else.

"taskComplete isAutoRun=True" not working

Hello,

We are using a playbook to run again tasks which are already running. Just to reset the task. However, when the command "taskComplete isAutoRun=True" is used, it doesn't run again. How can we avoid this? Is there another option?

Discussions

Send Automated Alert from Cortex Xsoar

QR code read from an image locally

Resolved! XSOAR Incident Workflow implementation

Resolved! Error "Docker timeout" while using datetime library

Resolved! Use DT format inside an automation.

Shorten returned values in query

Onboarding Playbook Questions

War Room showing limited outputs

ElasticSearch Integration(insert/select/delete)

Delete List using automation/command?

Resolved! ParseExcel automation issue

Upgrade issue with the description of incident field

Resolved! How to access incidents a user is participant of

Resolved! Create clean Notes in the layout

"taskComplete isAutoRun=True" not working

Close an incident when all the linked incidents are closed

cve-2024-41110 Docker vulnerability impact XSOAR?

Can I test Playbooks with CLI?

On-Prem Migration to SaaS - Adding a user in Prod

On-Prem Migration to SaaS - proxy rules for MS Teams

Re: In Linked Incidents, all owners should be the same

Cortex XSOAR and Cortex XDR Integration - Fetch Incident

Create a PDF File

Re: Creating Docker images

Re: Append Multiple Ips to input

Unlock your full community experience!

Resolved! XSOAR Incident Workflow implementation

Resolved! Error "Docker timeout" while using datetime library

Resolved! Use DT format inside an automation.

Resolved! ParseExcel automation issue

Resolved! How to access incidents a user is participant of

Resolved! Create clean Notes in the layout