Cortex XSOAR Discussions

XSOAR + Threat Intelligence

Hi, All!

I am working on integrating more threat intelligence into our XSOAR platform. Our latest efforts have been integrating other free sources of IOCs (AlienVault, Abuse.ch, etc...) and then we are going to work that into playbooks to create lo

...

User Restriction and permission

Hi,

using XSOAR I came across some issues related to user permissions and audit logs to have an account of the various activities performed on the platform:

- Is it possible to restrict user permission to execute scripts/commands only via field chang

...

XSOAR - Error in XDR Automation

Hi,

When i am trying to execute the automation xdr-get-incident-extra-data (Cortex XDR - IR) in playbook, i am getting an error as shown in the screenshot below. What could be the reason? Kindly help,

Thanks,

Nithin

Pulling Calendar Invites from Inbox - EWS O365 Integration

We are using the EWS O365 integration to monitor an Exchange Online inbox. Any emails that hit the inbox get an incident created, and a Playbook handles things from there. This is working just fine but the problem I'm having is that it is ignoring ca

...

How to send command (like !send-mail) between two tenants?

Hi all,I have two tenants. One of them is called A and one is called B. I have Mail integration on tenant B. How can I run "!send-mail to= example[@]example[.]com subject=Hello body=Hello body" from tenant A to tenant B? Is it done with demisto.inter

...

xdr-get-incident command date time dispute

Hello everyone,

I have a script that need to get incidents from server.

incidents = execute_command(

"xdr-get-incidents",

{

"lte_creation_time": last_creation_time.split("+")[0],

"gte_creati

...

MITRE ATT&CK Framework

Hi ,
Is there a way to automate the process of mapping every incident to its MITRE Technique ,
or it should be manual for every incident ?

Resolved! Unblock IP

Hi,

I have been using Panorama integration to block the IP. Is there any way where I can unblock the IP or remove the IP from address group of Panorama.

Resolved! XQL Query for CVE counts in XDR per endpoint_name

does anyone have a xql query that will return endpoint_names with and associated CVE count?

Extracting IOC from threat Intel Email

Hi everyone. I am new to this industry and I am looking for guidance on how to extract IOC from threat intel email body in Xsoar Playbook. Hoping if someone can help out. Thank you.

Resolved! Your session has expired. Logint to continue.

XSOAR server based community edition is always asking me my admin cred. It happens every 10 seconds. How can I remediate this issue ? Thanks in advance.

False Positives Microsoft Teams Large Upload

Hey,

I need your help.

We are receiving alerts "XDR Incident 945 - 'Large upload (generic)' generated by #XDR Analytics detected...

Basically, this appears when the user makes a call, shares documents, or shares their screen (using Microsoft Teams)

...

CrowdStrike XDR Use cases with Pala Alto Cortex

Hi Team,

Can you please suggest a few case studies where CrowdStrike XDR is integrated with Cortex SOAR and what were the areas and use cases that were implemented and helped the customer?

We wanted to present this to a management that already has

...

Resolved! Playbook waiting for a manual Set task

Hello community,

I have some playbooks that are responsible for closing incidents in the various sources (XDR, QRadar, XSOAR, JIRA, ...) once I enter a reason or reason for them to be closed.

I have done this using a "Set" automation that wa

...

Per Month Query using Beve Query Syntax

Hi,

I am trying to take a sum of incidents over a given time, and divide this sum per month, using Beve Syntax.

I there any syntax that would give me a per-month break down? So I can take incidents per month, and display them in a widget using a b

...

Cortex XSOAR Discussions

Discussions

XSOAR + Threat Intelligence

User Restriction and permission

XSOAR - Error in XDR Automation

Pulling Calendar Invites from Inbox - EWS O365 Integration

How to send command (like !send-mail) between two tenants?

xdr-get-incident command date time dispute

MITRE ATT&CK Framework

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Extracting IOC from threat Intel Email

Resolved! Your session has expired. Logint to continue.

False Positives Microsoft Teams Large Upload

CrowdStrike XDR Use cases with Pala Alto Cortex

Resolved! Playbook waiting for a manual Set task

Per Month Query using Beve Query Syntax

Extrahop Reveal X Integration - Stop fetching of Hidden Detections possible?

Default Field Mapping in QRadar Content Pack 2.5.7 on XSOAR 6.12

Field Change Script To System Fields

How to Copy Incident Files from Linked Incidents

Can XSOAR disk space vary automatically?

Missing button scripts from content packs

Re: Editing custom content via XSOAR UI and local PC

Is there a way to obtain Cortex XSOAR community edition

Re: Missing button scripts from content packs

Re: Extracting fields from Context/JSON in Playbook

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Resolved! Your session has expired. Logint to continue.

Resolved! Playbook waiting for a manual Set task