Looking for a way to prompt user to confirm before script execution. Is there a way to prompt user to confirm (i.e, in War Room)?
Hi everyone,
I am trying to achieve the following scenario:
Send a form with data collection task, the form is closed after 4 weeks. The form asks for a hostname to contain within CrowdStrike
Every time someone answers the form, I want to contain t
...
Hi everyone,
I'd like to know if it's possible to test Playbooks via the command line interface or something similar. Currently, I always use the GUI for testing purposes, loading an incident from the debugger panel and just clicking to run. However,
...
Hello,
I am sending a command like below on the API.
!core-api-post uri="/incident/batchDelete" body="{\"filter\":{\"id\":[\"260906\"]}}"
But it does not delete the incidents I want. It does not give an error.
How to use this correctly? I want to
I would like to use a Context key Value as a variable in a task, is this possible, or how are people accomplishing this in XSOAR? Do i need to create a custom script? I saw someone else mention they were able to do something similar with Lists, but
...
hello everyone !
I'm new to XSOAR, I hope you'll be patient with me. I have created a small job in which I execute a SELECT type SQL query, the result is a series of records. Here I have some doubts:
- How can I map the result of each record in each
Hello !!
I have created an automation to execute a SQL query (SELECT), however additional fields appear in the result ("module name", "brand", etc). How can I remove these fields? My intention is to email the result of the SELECT query only the field
...
Need help, as in Cortex XSOAR , I'm having issues adding my domains and internal networks to a whitelist
In the settings, I have two options for this, but I can't edit them.
Anyone else experiencing the same issue? My objective was to insert and exclu
Greetings to everyone,
With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the
...
Trying to install community edition on ubuntu ec2 instance via wget but getting 401 unauthorized error.
Any assistance on this ?
Hello,
Do I have to select everything individually when syncing content from main tenant to child tenants?
For example,
I will sync the playbook, I cannot see the indicent fields used in the playbook. I have to select them one by one.
How can I make i
After the XSOAR 8.5 update, our playbook data collection tasks are having data entry issues via the keyboard. The user can enter the first character, but each successive characters needs to be "double-striked" (hit twice) to be recognized. This is
...
Hi all,
I am not sure if this is a bug in ThreatConnect pack since its reputation commands does not return correct results when it could not find the indicator. The correct behavior should be https://xsoar.pan.dev/docs/integrations/dbot#unknown. Si
...
Hello all,
I wanted to share the following procedure I worked through to use the existing XSOAR ServiceNow V2 Integration with the Customer Service Management plugin for ServiceNow.
This topic came up during a customer engagement and I was able to
I have a custom layout containing an Linked Incidents table panel. I've edited this layout/table to present specific incident fields (columns) in a defined order. First, I've noticed this does not always show changes to these columns when editing the
...
