Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Resolved! AWS - IAM Identity Center Integration

Hi All,

 

Thank you in advance.

 

I am facing an issue currently in integrating the AWS - IAM Identity Center Community Contribution. I am not able to find the relevant information for the integration such as Role Session Name, and Role Session durat

...

Netskope API v2 error in XSOAR

XSOAR does not parse properly the ids from Netskope. It changes the last two digits with zeros. These errors are in the official XSOAR documentation. Example:

"incident_id": 1478029261577663500

"app_session_id": 4359394467077842400

"browser_session_i

...

SanDev by L2 Linker
  • 868 Views
  • 2 replies
  • 0 Likes

Auto Incidnet closure

Dear Community,

 

I'm looking for a way to daily automatically close all incidents with specific criteria.

 

I'm trying to archive that using jobs , I'm trying to create a playbook the query incidents (with specific criteria) and whatever the query o

...

Issue with talos integration

Dear Community,

 

I'm getting the following issue in Talos integration.

 

Error
(November 26, 2023 1:29 PM)

Error in Talos Feed Integration. Verify that the server URL parameter is correct and that you have access to the server from your host. (85)

...

talos.png

Installation of cortex SOAR offline

Dear All,

i was trying to install COrtext SOAR in an Airgap (offline)Enviorment with no internet where i was refering cortex offline installation guide, and i i could not complte the installation and stuck in uploading docker dependaci file  to which

...

Why is the severity became "unknown"?

Hello All,

 

I have a question, i have mapped an incident from qradar with the playbook i've created.

At first it's worked, the incident severity was "high". but later until now, the severity become "unknown".

What is the main cause of this issue?

Tha

...

awarman by L0 Member
  • 975 Views
  • 2 replies
  • 0 Likes

Getting data from multiple incident contexts?

Hi!

 

I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answ

...

Antanas by L2 Linker
  • 997 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR 8 API - Attachment upload with entryID

The code below, creates an incident with attachment uploaded but in the incident itself, when I see the context, I dont see any file. 

Since there is no entryID for the file, I cannot read the attachment and also cannot run the playbooks. 

 

 

Any ch

...

  • 1112 Posts
  • 34 Subscriptions
Top Solution Authors
Top Liked Authors