This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Command Line syntax question

How do I combine commands on the #XSOAR command line? If one command wants a list, I would like to call a list, not enumerate it on the command line. For example, the RandomElementFromList works like this: !RandomElementFromList count=1 value="banana, orange, potato" may randomly respond with "orange". Easy Peazy. getList works like this:...

BRowe_23 by L1 Bithead
  • 2253 Views
  • 3 replies
  • 0 Likes

Help with Cortex XSOAR API

Hi everyone, I'm currently working with XSOAR API, and I'd like to get some help in this way. I gotta gather all the data from a specific dashboard. I know that there is one API endpoint that I can use for it but, the documentation does not explain properly how to use each endpoint in XSOAR, and I can't do any request correctly. For example,...

SergioPalacios_0-1724228708500.png

JavaScript vs Python scripts

Hi everyone, Lately, I was wondering about Python and JavaScript performance in terms of computational speed and XSOAR resource use. I'd like to work as efficient as possible and that's the reason I'd like to ask for the XSOAR community thoughts. I'm currently working with Python 3.11.9 (main, Aug 2 2024, 14:46:25) [GCC 13.2.1 20240309] (I d...

Cortex XSOAR DNS resolving issue

Hi all, I am trying to integrate Cortex XDR with Cortex XSOAR. I have configured api key and other settings . But sometimes this integration works, sometimes do not, because of DNS resolving issue. I dont think it is our DNS servers problem, because when i nslookup same domain from command line (where xsoar is installed) resolution is success...

Resolved! How to configure proxy certificate in XSOAR server

What is the configuration path to update proxy certificate in XSOAR server? Is it the same as "Apply the Certificate to Cortex XSOAR" explained in the link below? https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.11/Cortex-XSOAR-Administrator-Guide/Install-or-Renew-a-Custom-Certificate#:~:text=Apply%20the%20Certificate%20to,sudo%20servi...

gnakhede by L1 Bithead
  • 1406 Views
  • 1 replies
  • 0 Likes

MT out of sync issue

Hi Team, One of my customer accounts in multi-tenant setup appear to be out-of-sync despite successfully syncing. I have synced accounts from the Main Account UI using both the 'Sync all accounts' and 'Sync' individually selected accounts . The content appears to have propagated, however, when clicking 'Sync' subsequent times, there are many it...

XSOAR removes roles from a user - Licensing issues?

Hi team, I currently have 6 users configured in XSOAR (including the admin user). However, we only have 5 licenses contracted. The "admin" user has the admin role.The remaining users are assigned the analyst role.Incident: I have noticed that, from time to time, XSOAR removes the role of an analyst user for no apparent reason. Questions: Is it p...

jcajam by L0 Member
  • 895 Views
  • 1 replies
  • 0 Likes

Questions regarding the operation of Cortex Xsoar

Hi Team, I have some questions regarding the operation of Cortex Xsoar and need assistance 1. I bought a license for 5 users. Does that mean you can only create 5 users or only 5 users can be active at the same time? 2. How to classify incident ingress from ibm qradar 3. Can I use 2 nested DT query sessions? ${subplaybook-${CurrentPlayBookID...

Log bundle extraction issue with System Diagnostics and Health Check

Hi All, Is there anyone faced below issues with the content pack "System Diagnostics and Health Check" (#System Diagnostics and Health Check | Cortex XSOAR (pan.dev)) while running the main playbook 'Health Check > Health Check - Collect Log Bundle'. 1. The main playbook 'Health Check' successfully invokes sub-playbook 'Health Check - Collect...

Arpan_C by L1 Bithead
  • 3619 Views
  • 6 replies
  • 0 Likes

XSOAR Login error when using aws load balancer

Hello This is AWS environment.I installed XSOAR 6.12 on Private EC2.Since it is not accessible from the outside, I created a Public Subnet, connected a Load Balancer, and specified the Private EC2 where XSOAR is installed in the target group. The Load Balancer DNS address uses the default value.(ex. ***-*****-**-1*********.ap-northeast-2.elb.ama...

CrowdStrike Next-Gen SIEM

Hi all, How can i fetch the alert generated by CrowdStrike Next-Gen SIEM to SOAR? Here, are the alerts generated by queries created or like Email, Cloud category. #XSOAR #CrowdStrike #Next-GenSIEM

XSOAR - Manual Review Indicators

Hi, I have created a playbook that extracts IOC from a csv in a mail.I want to ask the analyst if they want to manually review or auto block the IOCs.If the analyst marks Manual review I want it to loop over every IOC and the analyst should mark to block or not.Anybody has an idea of how to loop over every IOC.I saved it to context under ${IOC} ...

Bar_Magnezi_0-1721193781083.png

How does EmailAskUser flow work?

I configured my playbook to execute EmailAskUser script but I don't know what is happening in the background causing the completion of the next task. Can somebody explain this behavior to me? The script isn't well documented and I was wondering the difference between email communication pack and this automation. For loading an email into an exis...

lordstark_0-1723561389650.png
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks