CrowdStrike XDR Use cases with Pala Alto Cortex

Hi Team,

Can you please suggest a few case studies where CrowdStrike XDR is integrated with Cortex SOAR and what were the areas and use cases that were implemented and helped the customer?

We wanted to present this to a management that already has

Per Month Query using Beve Query Syntax

Hi,

I am trying to take a sum of incidents over a given time, and divide this sum per month, using Beve Syntax.

I there any syntax that would give me a per-month break down?  So I can take incidents per month, and display them in a widget using a b

No remote "Content Repository" tab despite ui.version.control.show.remote = true

Hi,

I am trying to setup remote repositories, in a first step only the dev environment.

In About -> Troubleshooting I have set "ui.version.control.show.remote" to "true" (copy-pasting it from the documentation [1] and checking multiple times for ty

incidents pulling time

Hi , 
in my Qradar integration I don't have this parameter , 

I have enabled the "Long Running Instance" and still it takes too long for the incidents to be fetched.

Is there a way to manually configure the Incident Fetch Interval. 
I'm using IBM QRad

Create Slack Channel from XSOAR

I am attempting to create a Slack channel from XSOAR using the slack-create-channel command.  After a few minutes, I get the following error:
"Reason

Bug in native playbook 'QRadarFullSearch'

Hello,

XSOAR's native playbook named 'QRadarFullSearch' has a task called 'Get QRadar search results'. Everytime we run this task, it fails with the following error log:

Failed to execute qradar-get-search-results command.
Error:
Traceback (most recent c

Using "GetFailedTasks" with a relative time range of 7 or 30 days lookback

Hello all,

I am working with the task 'GetFailedTasks' withing the Integrations & Incidents Health Check playbook. When running this task within this system playbook I am only getting failed tasks from the beginning of the year and this is likely due

Drop and Update but NOT Create (Pre-Processing)

Hi,

I am trying to write some preprocessing rules to report on and update BitSight incidents. I only want to create incidents that have a grade of 'BAD' or 'WARN'. I do want to capture, however, when a given incident's grade is updated within BitSi

bitsight-company-findings-get automation

Hello,

I am attempting to use the 'bitsight-company-findings-get' command within my automation script, but I am getting an error after I run my script in the playground war room saying I'm using the invalid character '{' even though I copied the co