This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Playbook to upload IOCs to Cortex XDR

Hello,We are working in an integration between XSOAR and XDR.We want to upload IOCs from a given file to XDR, we have seen that Cortex XDR - IOC integration allows a synchronization of IOCs but what we want is a manual push of new IOCs to XDR, not to sync them. We don't understand the given commands of the integration and need to understand how ...

Creating a Playbook to Upload Indicators to Various XDR Tenants

Hello all, I am currently building a playbook that can pull indicators from an external MISP system and then publish them to various tenants of Cortex XDR. I have seen that there was a similar post in the past yet the solution suggested in 2022 does not appear to work as expected. In regards to available automation scripts I am using the task c...

michaelsysec242_0-1692889022972.png

How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR

Hi Team, I have integrated the Instance Cortex XDR - IOC content pack: Cortex XDR by Palo Alto Networks kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me. Instance = Cortex XDR - IOC Cortex XDR-IOC xdr-iocs-create-sync-file Creates the sync file for the manual process...

cV V by L2 Linker
  • 2806 Views
  • 2 replies
  • 0 Likes

XSOAR 6.11 Content Bundle Update via API

Hello We have build a CICD Pipeline to manage Lists in a external Git-Repository. The reason for that is we want to have the option to let our analyst create message templates and config files in a versioned way. Also we don't want that our analyst have to handle the deployment of that files. Until now the external repo was relativly small and ...

JBoehm_0-1719908025087.png
JBoehm by L1 Bithead
  • 1602 Views
  • 2 replies
  • 0 Likes

Fetch Indicator Integration

Hello i plan to implement a custom integration which fetches IP Indicators. So far so good i was able to create the indicators with no issue. However i would like to update some fields eg. Hostname and also some custom fields like a Gridfield of Vulnerabilities. But for some reason i can't update any field by side the verdict. Thats my func...

JBoehm by L1 Bithead
  • 1663 Views
  • 2 replies
  • 0 Likes

Preprocessing rule "Link and Close" category Rule configured

Hi Team, Preprocessing rule "Link and Close" category Rule configured : Link to oldest incident Created within the last 5 Minutes Issues on the preprocessing rule : 1. 2 incidents are created at the same time, both are closed . None of them has open incident and other one as linked incident 2. For the one's that are linked, they are not accessib...

XSOAR Qradar Offense Ingestion Doubt

Hello all, We've a situation that we would like to clarify if it's a misconfiguration or if it is an expected behaviour.#Qradar integration is only fetching ofenses that includes specific rule ids but qradar how it works associates new events and new rules while we do not close the offense.This causes that for example, the rule that triggere...

DSilva8 by L0 Member
  • 1265 Views
  • 1 replies
  • 0 Likes

Resolved! Remove file types from the context data

We have been building a playbook to decrypt all encrypted attachments and detonate in a wildfire and Mimecast sanbox using their integrations. I am struggling currently to remove jpegs and pngs from the context data so they are not being sent to the sandbox for detonation. I have a condition that loops through all the files after pulling them do...

Resolved! Cortex XDR integration with XSOAR - Module facing error Script failed to run: Error

Hi Everyone, we are integrating the XDR with XSOAR we are facing script error. Kindly find below attached error message of advanced test full report and screenshot of kindly guide us. Executed: test-moduleInstance Cortex XDR - IR_instance_1b262b3c8-5968-43c8-8c7b-c94d9a62a249Arguments {}Start time 2024-06-13T11:27:29.47131302Z Exception m...

cV V by L2 Linker
  • 4525 Views
  • 4 replies
  • 0 Likes

GoQR.me QR Code Reader misbehaving

I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration. It had been working nicely in the playbook for months, but has begun to misbehave. In the playbook, images are extracted from a phishing email and stored in XSOAR, and the IDs of the images are fed through !goqr-read-qr-code-from-file entry_...

mattem by L1 Bithead
  • 4064 Views
  • 4 replies
  • 0 Likes

Query related to [HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member]

Hi Team, I have standard customer, their requirement is [HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member] Customer informed that existing playbook flow is XSOAR will get the group member list from 1 device, and update the member list, then XSOAR will deploy the updated member list to ALL Fortinet devices. Customer want to ...

What is the generally accepted way to "join" two playbooks, where one runs at some point up to several days after the first on finishes

I have two master playbooks, the first which runs a set of playbooks, which initiates some external jobs. These jobs can take a number of days to complete, but if run as a small subset, may only take an hour or two. So, after this first playbook sequence finishes I'd like to be able to create some kind of "process" that will constantly poll fo...

  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks