Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! Generate Investigation Summary Report

Hi

I have used the automation Generate Investigation Summary Report to generate a report of particular incident. But I am not getting full content in the report that is being generated. In war room I can see details but in the generated report inform

...

Himangi by L2 Linker
  • 767 Views
  • 1 replies
  • 0 Likes

Creating an XSOAR Incident from Splunk

Hey team,

 

We tried to push splunk alerts to XSOAR and we used the Splunk create XSOAR incident.

 

Splunk logs show that it was successful, but we do not see any incidents in XSOAR.

 

apparently 06-19-2023 16:33:01.558 +0000 INFO sendmodalert [37342

...

SAML connection error with PingID

Been fighting an integration issue for awhile now.  Was hoping someone had seen this error before.

 

Could not init SAML instance, IDPSSOURL: 'https://pid-dev.domain.com/site/SignOn.saml' is not available.

 

I was told by the tech who working on Ping

...

Resolved! XSOAR: MDE malware- Incident Enrichment

I am running error trying to pull the alert_id from a Defender incident under the sub playbook MDE Malware-Incident Enrichment -> Get full alert details using automation: 'microsoft-atp-get-alert-by-id'. 

 

Error: 

 Get full alert details: Missin
...

Disable/Enable Integration Instance via API

Can anyone provide an example of the API request they're utilizing to disable or enable an instance for an Integration via the CORE API?

 

Everything I've tried results in 400 error with this message:
"id": "errOptimisticLock",
"status": 400,
"title": "

...

mikeahrendt_0-1687536527716.png
  • 932 Posts
  • 30 Subscriptions