Auto Incidnet closure

Dear Community,

I'm looking for a way to daily automatically close all incidents with specific criteria.

I'm trying to archive that using jobs , I'm trying to create a playbook the query incidents (with specific criteria) and whatever the query o

Disable/Enable Integration via API/Playbook/Automation

Hi Guys,

I have list of integration instances that i need to disable/enable in one click.

I didn't see any function or command in the system that can do it.

There is any other way to do that?

Issue with talos integration

Dear Community,

I'm getting the following issue in Talos integration.

Error in Talos Feed Integration. Verify that the server URL parameter is correct and that you have access to the server from your host. (85)

Multiple Instances fetching VS. One instance and then claasify and post a new incident

Hi,

We've got an scenario where we are fetching mails from a mail server. When an email is received in the mail server, it applies some ruling and send it to a folder, then with XSOAR we've got N instances, one per folder and this is how we are cla

Download the previous version of XSOAR dockerimages file

How can I download the dockerimage file of the previous version of XSOAR? For example, the dockerimage file of version 6.11.

If I use command “wget https://download.demisto.com/download-params?token=xxxxxxx&email=user@paloaltonetworks.com&downloadNam

Installation of cortex SOAR offline

Dear All,

i was trying to install COrtext SOAR in an Airgap (offline)Enviorment with no internet where i was refering cortex offline installation guide, and i i could not complte the installation and stuck in uploading docker dependaci file  to which

Error Integration with Cisco ESA

Hi , 

Is there anyone else who gets this Error ? how do I solve it ?

Its updated to the latest version , The server URL , username and password are correct.

Bulk Changing Incident Status from Pending to Active

I have created an integration that produces many alerts and I have a few thousand incidents that are currently in the Pending state. The plabyook has yet to run etc. What I would like to is select the incidents from the "Incident" page and change the

Why is the severity became "unknown"?

Hello All,

I have a question, i have mapped an incident from qradar with the playbook i've created.

At first it's worked, the incident severity was "high". but later until now, the severity become "unknown".

What is the main cause of this issue?

Tha

Getting data from multiple incident contexts?

Hi!

I want to extract specific key data from context of multiple incidents. The context key I'm looking for is not under "incident". Specifically, I have many incidents of type "Phishing" and want to output the contents of "Recipient Selection.Answ

Cortex XSOAR

Morning everyone,

I hope that you are doing well

I have a little problem. We have implemented the XSOAR in our customer environment and configure th EWS O365 content pack for phishing attacks but since we do not have a case, we cannot show to the

Ingest Taxii feed into XSOAR 6.12

Hi,

I am trying to ingest our taxii feed into XSOAR 6.12 with following steps:

• installed XSOAR 6.12 on ubuntu 22.0.4 LTS
• launched the web portal, and installed TAXII Feed (1.x) pack from marketplace
• Ingest feed using "Integration Instance Settings"
  
  • T