Chronicle Errors for a while now -

!gcb-list-detections alert_state="ALERTING" page_size="100" detection_for_all_versions="False" list_basis="CREATED_TIME" start_time="2023-07-17T14:52:46.000Z" end_time="2023-07-17T14:57:46.894Z" retry-count="2" retry-interval="30" is returning "Faile

Integration of "Malware Investigation And Response" Playbook

I am writing to request support for migrating from the old playbook (Endpoint Malware Investigation - Generic) to the new playbook (Malware Investigation & Response Incident handler) and I have only the Standard Success support.

Additionally, I would

Is it normal for the main account to hang when syncing 30 tenants at a time

Hi everyone,

This issue started to happen recently, I am not running anything on the main server and I didn't have any issues on that account so far . Syncing all the account however hangs the main server. I am considering either adding more resour

Issues after upgrading XSOAR

Hello wonderful people,

I just upgraded XSOAR from version 6.9 to version 6.11 in a live environment.

The upgrade was successful but "I got failed to migrate podman containers" after the upgrade.

Also after all, whenever I try to pull data from

Cannot start demisto service after changing certificates.

Hello folks,

I followed the steps here to change the GUI certs to new self-signed certificates, but the service doesn't come back up.

I found below error in server tail.

error Could not load scheduled jobs [error 'database not open'] (source: /

Able to get time when a user opens an XSOAR incident for the first time?

Hi, I would like to get this context key/value as I need it to track SLAs. Is there a way to do so, rather than manually configuring a button in my playbook workflow to call the `!GetTime` script? Thank you.

Automation to Print output and set tag in warroom

Trying to create an automation to print output in the warroom, which works. 

print(handover) 

Only thing is how can I give a tag automatically to the output in the warroom. 

I want to give the tag "Handover" to this output for example. 

Does an

What is everyone doing with their TIM license?

Hi everyone,

I am running a multi tenant version of XSOAR, this version doesn't come with TIM so I don't have access to full screen view for indicators. So far I have been extracting indicators with an automation and verdicts for those indicators a

Facing service now integration issue across all US tenants.

Hi , need support to get clarification on the below error , we are facing this service now integration issue accross US region almost 5 plus tenants,
So need some help to fix this issue as we were unable to create any ticket using snow as we were faci

Creating an XSOAR Incident from Splunk

Hey team,

We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident.

Splunk logs show that it was successful, but we do not see any incidents in XSOAR.

apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [37342