This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

GoQR.me QR Code Reader misbehaving

I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration. It had been working nicely in the playbook for months, but has begun to misbehave. In the playbook, images are extracted from a phishing email and stored in XSOAR, and the IDs of the images are fed through !goqr-read-qr-code-from-file entry_...

mattem by L1 Bithead
  • 4412 Views
  • 4 replies
  • 0 Likes

Query related to [HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member]

Hi Team, I have standard customer, their requirement is [HK][CCBA][232689][Finetune XSOAR playbook - Update the Group Member] Customer informed that existing playbook flow is XSOAR will get the group member list from 1 device, and update the member list, then XSOAR will deploy the updated member list to ALL Fortinet devices. Customer want to ...

What is the generally accepted way to "join" two playbooks, where one runs at some point up to several days after the first on finishes

I have two master playbooks, the first which runs a set of playbooks, which initiates some external jobs. These jobs can take a number of days to complete, but if run as a small subset, may only take an hour or two. So, after this first playbook sequence finishes I'd like to be able to create some kind of "process" that will constantly poll fo...

Help playbook XSOAR - XDR assest and vulnerability module

Hi, I am creating a playbook with the objective of integrating Cortex XSOAR and Cortex XDR. The idea is for Cortex XSOAR to query Cortex XDR , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the XDR agent. Does anyone know if this is possible? My idea is to use both solutions to achieve as muc...

tlmarques by L4 Transporter
  • 1961 Views
  • 2 replies
  • 0 Likes

Resolved! After pushing content from Dev to Prod, we are seeing lot of errors in XSOAR

Hi Team, After pushing content from Dev to Prod, we are seeing lot of errors in XSOAR. Could not create contentpack with ID 'ipinfo' and name 'ipinfo'. Contentpackmetadata with name 'Ipinfo' has the same ID 'ipinfo' as 'ipinfo' from content-pack 'ipinfo' Could not create contentpack with ID 'PAN-OS' and name 'PAN-OS by Palo Alto Networks'. C...

Append Multiple Ips to input

Hello Live Comm, We are working on a WebEx playbook where IPs need to be added to proxy profiles. However, we are encountering an issue where, if a user mentions multiple IPs, the playbook task fails to add those IPs. Could you please suggest changes that need to be made in that task, as well as its input transformers and filters? We need to fig...

Newbie question - how to write an array to a file in the context so I can send with O365 email integration

I have an array of hostnames, which I want to then turn into an attachment and then send by email using the O365 integration. If I put ${array} into the body, it will loop and send an email for each element of the array. If I do ArrayToCSV, it then just sends a comma separated line of host names. What I really want to do is create a file with ...

Parallel tasks in a playbook

I'm trying to find some useful learning resources on playbooks and I've watched the standard Youtube training videos, but I've seen some playbooks that do parallel task operations, like this and I'm trying to understand what happens when those tasks come back together - in this simple example, which are setting month and year, when will the n...

bowesmana_0-1717660805872.png

Resolved! Using dynamic names in lists in playbooks

I have a sub-playbook that checks if a list exists and if not, fetches data from an external API and saves the result to that list, the next time the playbook runs it will load it from the list rather than fetching from the external API. I want this list to be named based on the current month, but am unable to make this work as it seems I need n...

Pulling updated hash values of unwanted softwares from unit 42.

Hi Everyone, Is there any possibility within Cortex XSOAR to pull updated hash values of unwanted software from unit42? Scenario: If we have a list of hash values of unwanted software (like Team viewer for eg) and we enrich the hash indicators using unit42. Now, in future if the software is updated, could we possible fetch the updated hash v...

NidhiK by L0 Member
  • 1463 Views
  • 1 replies
  • 0 Likes

Is it possible to create a local user without email invite?

Hi team, Is it possible to create a local user without email invite? The customer is using XSOAR on-premise v6.12. They have a contractor (which does not have account in our AD) that we need to create a local user for, but I don't see the option in the UI to create users without email invitation. They do not integrate with any email serve...

  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks