This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! How XDR Sync command working in XSOAR

Hello, how the !xdr-iocs-sync firstTime="True" command working in XSOAR, It will deleted IOC list in XDR IOC rules. If i need to run the sync command any proper format to run before those. I want to upload or sync 100 no's of IP's or Domain names with XDR. whether can able upload via sync command. Guide for the above queries. Regards, ...

cV V by L2 Linker
  • 1865 Views
  • 2 replies
  • 0 Likes

Resolved! Integration/Content Packs Update Issue

Hi All, I have some integrations/Content Packs and they need to be updated but when ever I tried to update from update button on market place, it gives me error "Unavailable docker image...." how to tackle this issue and what are possible best ways to fix this Cortex XSOAR

Syedhkt by L2 Linker
  • 1587 Views
  • 1 replies
  • 0 Likes

Non Enterprise Security Splunk users

Hi Please share some info on how you are running your setup. We are currently using the TA-Demisto splunk app to push the alerts to the XSOAR but having issues with excessive incidents in XSOAR being created when we use the |table in our searches and havent been able to figure this out. Thanks in advance for tips and tricks on this subject.

Extracting Incident Files from the Server Side or Through API

I have a functionality question regarding Incident Files, for example, images. I have uploaded images as both "Files" and "Media" on the XSOAR incident through the war room. Can these files be accessed from the DB or Linux side? Take note that this is not for a specific incident but rather a functionality access question. If not possible does th...

Playbook to upload IOCs to Cortex XDR

Hello,We are working in an integration between XSOAR and XDR.We want to upload IOCs from a given file to XDR, we have seen that Cortex XDR - IOC integration allows a synchronization of IOCs but what we want is a manual push of new IOCs to XDR, not to sync them. We don't understand the given commands of the integration and need to understand how ...

Creating a Playbook to Upload Indicators to Various XDR Tenants

Hello all, I am currently building a playbook that can pull indicators from an external MISP system and then publish them to various tenants of Cortex XDR. I have seen that there was a similar post in the past yet the solution suggested in 2022 does not appear to work as expected. In regards to available automation scripts I am using the task c...

michaelsysec242_0-1692889022972.png

How to push Bulk IOC list in file format to Cortex XDR (IP address,Malicious URLS,Malicious Hashes ) via from XSOAR

Hi Team, I have integrated the Instance Cortex XDR - IOC content pack: Cortex XDR by Palo Alto Networks kindly help me, below which command to push bulk update IOC indicators to Cortex XDR if am wrong kindly guide me. Instance = Cortex XDR - IOC Cortex XDR-IOC xdr-iocs-create-sync-file Creates the sync file for the manual process...

cV V by L2 Linker
  • 2966 Views
  • 2 replies
  • 0 Likes

XSOAR 6.11 Content Bundle Update via API

Hello We have build a CICD Pipeline to manage Lists in a external Git-Repository. The reason for that is we want to have the option to let our analyst create message templates and config files in a versioned way. Also we don't want that our analyst have to handle the deployment of that files. Until now the external repo was relativly small and ...

JBoehm_0-1719908025087.png
JBoehm by L1 Bithead
  • 1688 Views
  • 2 replies
  • 0 Likes

Fetch Indicator Integration

Hello i plan to implement a custom integration which fetches IP Indicators. So far so good i was able to create the indicators with no issue. However i would like to update some fields eg. Hostname and also some custom fields like a Gridfield of Vulnerabilities. But for some reason i can't update any field by side the verdict. Thats my func...

JBoehm by L1 Bithead
  • 1772 Views
  • 2 replies
  • 0 Likes

Preprocessing rule "Link and Close" category Rule configured

Hi Team, Preprocessing rule "Link and Close" category Rule configured : Link to oldest incident Created within the last 5 Minutes Issues on the preprocessing rule : 1. 2 incidents are created at the same time, both are closed . None of them has open incident and other one as linked incident 2. For the one's that are linked, they are not accessib...

XSOAR Qradar Offense Ingestion Doubt

Hello all, We've a situation that we would like to clarify if it's a misconfiguration or if it is an expected behaviour.#Qradar integration is only fetching ofenses that includes specific rule ids but qradar how it works associates new events and new rules while we do not close the offense.This causes that for example, the rule that triggere...

DSilva8 by L0 Member
  • 1324 Views
  • 1 replies
  • 0 Likes

Resolved! Remove file types from the context data

We have been building a playbook to decrypt all encrypted attachments and detonate in a wildfire and Mimecast sanbox using their integrations. I am struggling currently to remove jpegs and pngs from the context data so they are not being sent to the sandbox for detonation. I have a condition that loops through all the files after pulling them do...

Resolved! Cortex XDR integration with XSOAR - Module facing error Script failed to run: Error

Hi Everyone, we are integrating the XDR with XSOAR we are facing script error. Kindly find below attached error message of advanced test full report and screenshot of kindly guide us. Executed: test-moduleInstance Cortex XDR - IR_instance_1b262b3c8-5968-43c8-8c7b-c94d9a62a249Arguments {}Start time 2024-06-13T11:27:29.47131302Z Exception m...

cV V by L2 Linker
  • 4786 Views
  • 4 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks