Creating a Playbook to Upload Indicators to Various XDR Tenants

Hello all, 

I am currently building a playbook that can pull indicators from an external MISP system and then publish them to various tenants of Cortex XDR. I have seen that there was a similar post in the past yet the solution suggested in 2022 does

How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR

Hi Team,

I have integrated the Instance Cortex XDR - IOC content pack: Cortex XDR by Palo Alto Networks

kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me.

Instance = Cortex XDR - IO

XSOAR 6.11 Content Bundle Update via API

Hello 

We have build a CICD Pipeline to manage Lists in a external Git-Repository. The reason for that is we want to have the option to let our analyst create message templates and config files in a versioned way. Also we don't want that our analyst h

Fetch Indicator Integration

Hello 

i plan to implement a custom integration which fetches IP Indicators. So far so good i was able to create the indicators with no issue. However i would like to update some fields eg. Hostname and also some custom fields like a Gridfield of V

Preprocessing rule "Link and Close" category Rule configured

Hi Team,

Preprocessing rule "Link and Close" category Rule configured : Link to oldest incident Created within the last 5 Minutes Issues on the preprocessing rule : 1. 2 incidents are created at the same time, both are closed . None of them has open

XSOAR Qradar Offense Ingestion Doubt

Hello all,

We've a situation that we would like to clarify if it's a misconfiguration or if it is an expected behaviour.

#Qradar integration is only fetching ofenses that includes specific rule ids but qradar how it works associates new events and

XSOAR Community Edition on Version 6 or 8?

Hi Good Day,

I have question regarding XSOAR Community Edition, I already request for Community Edition but while waiting for that, i have some question regarding version that community Edition use, is it version 6 or version 8?

GoQR.me QR Code Reader misbehaving

I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration.

It had been working nicely in the playbook for months, but has begun to misbehave.

In the playbook, images are extracted from a phishing email a

Query related to [HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member]

Hi Team,

I have standard customer, their requirement is

[HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member] Customer informed that existing playbook flow is XSOAR will get the group member list from 1 device, and update the member l

What is the generally accepted way to "join" two playbooks, where one runs at some point up to several days after the first on finishes

I have two master playbooks, the first which runs a set of playbooks, which initiates some external jobs. These jobs can take a number of days to complete, but if run as a small subset, may only take an hour or two.

So, after this first playbook se

Help playbook XSOAR - XDR assest and vulnerability module

Hi,

I am creating a playbook with the objective of integrating Cortex XSOAR and Cortex XDR. 

The idea is for Cortex XSOAR to query Cortex XDR , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the XDR