Cortex XSOAR Discussions

Resolved! Need to know how to check how many times a specific task within a playbook has run in a month.

Hi Team,

The customer has only Standard license I couldn't able to move to CS team. Your help will be appreciable.

The customer have a master playbook that is run on every single case raised on the platform. This master playbook contains many tasks

...

Transitioning Events/Incidents Across Analysts

Does anyone mind sharing any resources or practical examples of how they're using XSOAR to transition events/incidents across multiple analysts or shifts?

Resolved! Is there a way to launch a playbook from a button in an incident

I have a couple different use cases where I have several steps in a playbook that I would like to complete again after the playbook is complete. I basically have several steps in a playbook that I would like to have launched by a button. I am trying

...

Resolved! Playbooks repository

Does anyone know and can share if there are websites or communities like this where playbooks used in Cortex XSOAR are shared? I'm not talking about code, but flowcharts etc

Issue in health check playbook under system diagnostics and health check content pack

I have installed system diagnostics and health check content pack from marketplace(using xsoar version 6.12). I have followed the steps given in this article: https://xsoar.pan.dev/docs/reference/packs/system-diagnostics-and-health-check

The pack has

...

Extracting Domains Not from URL

Hello Live Comm,

I am working on a use-case that allows us to extract indicators from specific reports and then pushes them to monitoring systems.

We have seen that using the built-in Extract Indicator command causes domains to be extracted from URL

...

Unable to retrieve work_notes from Servicenow.

We have the Servicenow V2 integratoin enabled and we are able to retrieve "comments' but "work_notes" are not visible.

- No errors are observed (it's just empty)
- We are able to "add" work_notes from XSOAR.

- We verified the permissions of the accoun

...

Resolved! Create CSP account that does not have access to xSOAR portal

Hi team,

I have a customer, who have enabled SSO login for access to their xSOAR portal. They want to disable CSP login to the XSOAR portal but maintain the account to be used for logging support tickets in CSP. Any action plan or steps please let me

...

Resolved! Unable to fetch incident taks with Servicenow V2 integration.

Our company will use Servicenow "Incidents taks" to send a task to another team.

Currently it is only possible to fetch "sc_tasks" which are Service Catalog tasks, however these service catalog tasks are not being used in our company.

Use-case is th

...

Crowdstrike falcon incident fetching issue

Hi team,

In the crowdstrike builtin integration instance we have included the query to fetch detections as: status:['new'], but still the alerts with False Positive status are also getting fetched in XSOAR.

Resolved! Unable to send Slack block messages

I've been trying to send a block message from the SlackBlockBuilder automation. However, when I try to test it out via the debugger panel, it would result in an error.

Spoiler

Command:

!SlackBlockBuilder list_name="SLACKV3_BLOCK_ASK_URLAL

...

Host Doesn't Appear in Main Account

Hi all,

I have a multi-tenant production and i have created a host but this host doesn't appear in the hosts in the main account.

How can i fix this problem?

Delete File from War Room

Hi everyone,

I would like to ask is it possible to permanently delete the downloaded file in War Room? My team wants to make use of the Jobs function in XSOAR to handle files, and the file should be deleted in XSOAR after handling it.

Thanks,

Eliza

Access to XSOAR Community edition

Hello everybody,

after reading through some of the threads here, most people run into a similar issue as I did.

Not receiving the URL to download - has anyone found a suitable solution?

I used a company email, I waited a week for it to come aft

...

O365 mail Graph API Integration - Best Practices

Hey all,

I was exploring O365 graph API and wondering what are some of the best practices for this integration.

One thing we came up was to IP restriction (Palo alto IP) in Microsoft side.

Are there any other condition access policies that can

...

Discussions

Resolved! Need to know how to check how many times a specific task within a playbook has run in a month.

Transitioning Events/Incidents Across Analysts

Resolved! Is there a way to launch a playbook from a button in an incident

Resolved! Playbooks repository

Issue in health check playbook under system diagnostics and health check content pack

Extracting Domains Not from URL

Unable to retrieve work_notes from Servicenow.

Resolved! Create CSP account that does not have access to xSOAR portal

Resolved! Unable to fetch incident taks with Servicenow V2 integration.

Crowdstrike falcon incident fetching issue

Resolved! Unable to send Slack block messages

Host Doesn't Appear in Main Account

Delete File from War Room

Access to XSOAR Community edition

O365 mail Graph API Integration - Best Practices

XSOAR Dev to Prod - Builtin content repository

Still waiting on XSOAR Community Edition + Cortex XDR lab access

Result empty after using json2html script

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Re: Creating a custom command for XSOAR marketplace integration

Re: XSOAR Dev to Prod - Builtin content repository

Re: War Room Table to Layout view

Re: delay in a playbook

Unlock your full community experience!

Resolved! Need to know how to check how many times a specific task within a playbook has run in a month.

Resolved! Is there a way to launch a playbook from a button in an incident

Resolved! Playbooks repository

Resolved! Create CSP account that does not have access to xSOAR portal

Resolved! Unable to fetch incident taks with Servicenow V2 integration.

Resolved! Unable to send Slack block messages