This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

XSOAR - Manual Review Indicators

Hi, I have created a playbook that extracts IOC from a csv in a mail.I want to ask the analyst if they want to manually review or auto block the IOCs.If the analyst marks Manual review I want it to loop over every IOC and the analyst should mark to block or not.Anybody has an idea of how to loop over every IOC.I saved it to context under ${IOC} ...

Bar_Magnezi_0-1721193781083.png

How does EmailAskUser flow work?

I configured my playbook to execute EmailAskUser script but I don't know what is happening in the background causing the completion of the next task. Can somebody explain this behavior to me? The script isn't well documented and I was wondering the difference between email communication pack and this automation. For loading an email into an exis...

lordstark_0-1723561389650.png

Get Incident List from Microsoft 365 Defender

Hi Team, I want to get the events between the dates I give from Microsoft 356 Defender. In the ‘microsoft-365-defender-incidents-list’ command, the limit is set to maximum 100. What should I do to make the limit unlimited? The command: test_data ={’$filter": “createdTime gt 2024-03-16T06:00:00.29Z and createdTime lt 2024-07-22T09:00:00.29Z”} ex...

XSOAR File Issue

Hi All, I tried to send an attachment using the attachment ID in Exchange Web Services (EWS) for Office 365, and I was also able to see the entry ID of the file in context object. However, the structure of the entry ID is different from the standard format. I created a ZIP file from a text file and uploaded it to the context, but I'm facing an i...

Syedhkt by L2 Linker
  • 1528 Views
  • 1 replies
  • 0 Likes

Resolved! cve-2024-41110 Docker vulnerability impact XSOAR?

Who is impacted?Users of Docker Engine v19.03.x and later versions who rely on authorization plugins to make access control decisions. Who is not impacted?Users of Docker Engine v19.03.x and later versions who do not rely on authorization plugins to make access control decisions and users of all versions of Mirantis Container Runtime are not vul...

Issue in loading and pulling podman images

We are getting below error in Redhat while loading the images. Error: payload does not match any of the supported image formats: * oci: open test21.tar/index.json: not a directory * oci-archive: loading index: open /var/tmp/container_images_oci3039334482/inde x.json: no such file or directory * docker-archive: writing blob: adding layer with blo...

Evidence XSOAR

Hi everyone,Does anyone know if it's possible to paste evidence (screenshots) into an Incident using CTRL+V? I've tested it and sometimes it works, but sometimes it doesn't...Does anyone know if it's possible to create a button that allows uploading files (pictures and documents) as evidence?Cortex XSOAR

tlmarques by L4 Transporter
  • 964 Views
  • 1 replies
  • 0 Likes

Issues with Report Creation in Cortex XSOAR 6.12 Free Edition

I'm currently using the free edition of Cortex XSOAR and have encountered a couple of issues related to reports: Missing "Add New Report" Button: According to the documentation and tutorials I've followed, there should be an "Add Report" button in the reports interface. However, in my instance, this button is missing. Is this a limitation of t...

chmalla9_0-1722191186602.png
chmalla9_1-1722191219379.png
chmalla9 by L0 Member
  • 1174 Views
  • 1 replies
  • 0 Likes

Troubleshooting an XSOAR 8 on-prem installation

Hi team, I wanted to see if there is any way to troubleshoot or view debug output/logs in XSOAR 8 on-prem? I have not had much luck getting the OVA version fo deploy successfully, let alone completing the install and accessing a functional UI. I am persistently stuck at an NGINX screen trying to access the FQDN, but have no way to look at logs t...

ZIP a file XSOAR

Hi Team, I'm trying to zip a file using ZipFile Automation as a task in the playbook and after it has been zipped use the ZIP file EntryID to be sent attached in an email, I'm getting this error: 'Unable to read file with id b4841215-d627-4c36-9cb6-243199452aaf', ValueError('failed to get artifact file path, invalid file (52)\n' ZipFile Ta...

Resolved! Crowdstrike API upgradation

I recently got news that crowdstrike is going to upgrade api version so what needs to do at xsoar side in terms of integration. According to my info we just need to update the pack or what else Cortex XSOAR

Syedhkt by L2 Linker
  • 1720 Views
  • 1 replies
  • 0 Likes
  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks