Non Enterprise Security Splunk users

Hi

Please share some info on how you are running your setup.

We are currently using the TA-Demisto splunk app to push the alerts to the XSOAR but having issues with excessive incidents in XSOAR being created when we use the |table in our searches a

Extracting Incident Files from the Server Side or Through API

I have a functionality question regarding Incident Files, for example, images. I have uploaded images as both "Files" and "Media" on the XSOAR incident through the war room. Can these files be accessed from the DB or Linux side? Take note that this i

Playbook to upload IOCs to Cortex XDR

Hello,

We are working in an integration between XSOAR and XDR.
We want to upload IOCs from a given file to XDR, we have seen that Cortex XDR - IOC integration allows a synchronization of IOCs but what we want is a manual push of new IOCs to XDR, not to

Creating a Playbook to Upload Indicators to Various XDR Tenants

Hello all, 

I am currently building a playbook that can pull indicators from an external MISP system and then publish them to various tenants of Cortex XDR. I have seen that there was a similar post in the past yet the solution suggested in 2022 does

How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR

Hi Team,

I have integrated the Instance Cortex XDR - IOC content pack: Cortex XDR by Palo Alto Networks

kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me.

Instance = Cortex XDR - IO

XSOAR 6.11 Content Bundle Update via API

Hello 

We have build a CICD Pipeline to manage Lists in a external Git-Repository. The reason for that is we want to have the option to let our analyst create message templates and config files in a versioned way. Also we don't want that our analyst h

Fetch Indicator Integration

Hello 

i plan to implement a custom integration which fetches IP Indicators. So far so good i was able to create the indicators with no issue. However i would like to update some fields eg. Hostname and also some custom fields like a Gridfield of V

Preprocessing rule "Link and Close" category Rule configured

Hi Team,

Preprocessing rule "Link and Close" category Rule configured : Link to oldest incident Created within the last 5 Minutes Issues on the preprocessing rule : 1. 2 incidents are created at the same time, both are closed . None of them has open

XSOAR Qradar Offense Ingestion Doubt

Hello all,

We've a situation that we would like to clarify if it's a misconfiguration or if it is an expected behaviour.

#Qradar integration is only fetching ofenses that includes specific rule ids but qradar how it works associates new events and

XSOAR Community Edition on Version 6 or 8?

Hi Good Day,

I have question regarding XSOAR Community Edition, I already request for Community Edition but while waiting for that, i have some question regarding version that community Edition use, is it version 6 or version 8?

GoQR.me QR Code Reader misbehaving

I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration.

It had been working nicely in the playbook for months, but has begun to misbehave.

In the playbook, images are extracted from a phishing email a

Query related to [HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member]

Hi Team,

I have standard customer, their requirement is

[HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member] Customer informed that existing playbook flow is XSOAR will get the group member list from 1 device, and update the member l