Cortex XSOAR Discussions

Resolved! Automation to query incident team from current and linked incidents

Hi,

TLDR: How can i write an automation that returns the incident team of multiple investigation ids (1,2,[...]) without needing to run the automation manually in each investigation.

I want to create an automation to send an E-Mail to all users in

...

GetIndicatorsByQuery command

Hi all,

Does anyone knows how to retrieve the firstSeen/creation date of an indicator using the GetIndicatorsByQuery command?

These are the only fields I know that can be returned so far but none of them is the firstSeen/creationDate of the indic

...

I am working on integrating more threat intelligence into our XSOAR platform. Our latest efforts have been integrating other free sources of IOCs (AlienVault, Abuse.ch, etc...) and then we are going to work that into playbooks to create lo

...

User Restriction and permission

Hi,

using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:

- Is it possible to restrict user permission to execute scripts/commands only via field chang

...

XSOAR - Error in XDR Automation

Hi,

When i am trying to execute the automation xdr-get-incident-extra-data (Cortex XDR - IR) in playbook, i am getting an error as shown in the screenshot below. What could be the reason? Kindly help,

Thanks,

Nithin

Pulling Calendar Invites from Inbox - EWS O365 Integration

We are using the EWS O365 integration to monitor an Exchange Online inbox. Any emails that hit the inbox get an incident created, and a Playbook handles things from there. This is working just fine but the problem I'm having is that it is ignoring ca

...

How to send command (like !send-mail) between two tenants?

Hi all,I have two tenants. One of them is called A and one is called B. I have Mail integration on tenant B. How can I run "!send-mail to= example[@]example[.]com subject=Hello body=Hello body" from tenant A to tenant B? Is it done with demisto.inter

...

xdr-get-incident command date time dispute

Hello everyone,

I have a script that need to get incidents from server.

incidents = execute_command(

"xdr-get-incidents",

{

"lte_creation_time": last_creation_time.split("+")[0],

"gte_creati

...

MITRE ATT&CK Framework

Hi ,
Is there a way to automate the process of mapping every incident to its MITRE Technique ,
or it should be manual for every incident ?

Resolved! Unblock IP

Hi,

I have been using Panorama integration to block the IP. Is there any way where I can unblock the IP or remove the IP from address group of Panorama.

Resolved! XQL Query for CVE counts in XDR per endpoint_name

does anyone have a xql query that will return endpoint_names with and associated CVE count?

Extracting IOC from threat Intel Email

Hi everyone. I am new to this industry and I am looking for guidance on how to extract IOC from threat intel email body in Xsoar Playbook. Hoping if someone can help out. Thank you.

Resolved! Your session has expired. Logint to continue.

XSOAR server based community edition is always asking me my admin cred. It happens every 10 seconds. How can I remediate this issue ? Thanks in advance.

False Positives Microsoft Teams Large Upload

Hey,

I need your help.

We are receiving alerts "XDR Incident 945 - 'Large upload (generic)' generated by #XDR Analytics detected...

Basically, this appears when the user makes a call, shares documents, or shares their screen (using Microsoft Teams)

...

Resolved! How to change colors of an incident field in the incidents tab under the table view

Hi Everyone,

In Cortex XSOAR, do you know how I can change the color of an incident field, such as 'severity,' so that it will display a color per its severity in the Incidents tab under the table view? It should look something like this:

If severi

...

Discussions

Resolved! Automation to query incident team from current and linked incidents

GetIndicatorsByQuery command

XSOAR + Threat Intelligence

User Restriction and permission

XSOAR - Error in XDR Automation

Pulling Calendar Invites from Inbox - EWS O365 Integration

How to send command (like !send-mail) between two tenants?

xdr-get-incident command date time dispute

MITRE ATT&CK Framework

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Extracting IOC from threat Intel Email

Resolved! Your session has expired. Logint to continue.

False Positives Microsoft Teams Large Upload

Resolved! How to change colors of an incident field in the incidents tab under the table view

How to Copy Incident Files from Linked Incidents

Can XSOAR disk space vary automatically?

Assign incident to new owner

unable to push the content from dev to prod

JSON Sample Incident Generator

XSOAR Feature Request

ServiceNow Developer looking for ideas

Re: How to prevent IOCs and Incident Cases from being created when running playbooks

Unlock your full community experience!

Resolved! Automation to query incident team from current and linked incidents

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Resolved! Your session has expired. Logint to continue.

Resolved! How to change colors of an incident field in the incidents tab under the table view