This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Resolved! Unable to read the file via remoteaccess with service account Cortex XSOAR ID: 4893410215349833399

Unable to read the file via remote access with service account Cortex XSOAR ID: 4893410215349833399 We created a service account with /usr/sbin/nologin in /etc/passwd but was unable to read the file in /home directory. However, we managed to read it upon changing it to /bin/bash in the said file. Kindly advise if we can read/write the file in UN...

Virus Total V3 Integration Issue

I am trying to integrate Virus total v3 in xsoar and have api key already. As you know in v3 version of virus total we cannot adjust server url so thats why I am getting issue please check and provide your useful answer Verify that the server URL parameter is correct and that you have access to the server from your host. Error Type: <reques...

Syedhkt by L2 Linker
  • 2304 Views
  • 1 replies
  • 0 Likes

Resolved! Need to know how to check how many times a specific task within a playbook has run in a month.

Hi Team, The customer has only Standard license I couldn't able to move to CS team. Your help will be appreciable. The customer have a master playbook that is run on every single case raised on the platform. This master playbook contains many tasks assembled in a flow chart that may and may not run upon the playbook being run depending on the ...

Resolved! Is there a way to launch a playbook from a button in an incident

I have a couple different use cases where I have several steps in a playbook that I would like to complete again after the playbook is complete. I basically have several steps in a playbook that I would like to have launched by a button. I am trying to avoid the lengthy process of converting the steps to a standalone script. Plus, it is much eas...

Resolved! Playbooks repository

Does anyone know and can share if there are websites or communities like this where playbooks used in Cortex XSOAR are shared? I'm not talking about code, but flowcharts etc

tlmarques by L4 Transporter
  • 2052 Views
  • 1 replies
  • 0 Likes

Issue in health check playbook under system diagnostics and health check content pack

I have installed system diagnostics and health check content pack from marketplace(using xsoar version 6.12). I have followed the steps given in this article: https://xsoar.pan.dev/docs/reference/packs/system-diagnostics-and-health-check The pack has a playbook "Health Check", I am executing that playbook by creating a manual incident. I am gett...

Himangi by L2 Linker
  • 2761 Views
  • 2 replies
  • 0 Likes

Extracting Domains Not from URL

Hello Live Comm, I am working on a use-case that allows us to extract indicators from specific reports and then pushes them to monitoring systems. We have seen that using the built-in Extract Indicator command causes domains to be extracted from URLs. Is there a way to allow only domains that are not in a URL to be extracted? I can see that you...

Unable to retrieve work_notes from Servicenow.

We have the Servicenow V2 integratoin enabled and we are able to retrieve "comments' but "work_notes" are not visible. - No errors are observed (it's just empty)- We are able to "add" work_notes from XSOAR. - We verified the permissions of the accounts being used in ServiceNow and no restrictions. - The "Use Display Value" checkbox is selected. ...

Resolved! Unable to fetch incident taks with Servicenow V2 integration.

Our company will use Servicenow "Incidents taks" to send a task to another team.Currently it is only possible to fetch "sc_tasks" which are Service Catalog tasks, however these service catalog tasks are not being used in our company. Use-case is that for example helpdesk opened a Incident and they send an "Incident task" to the SOC to help , a...

Resolved! Unable to send Slack block messages

I've been trying to send a block message from the SlackBlockBuilder automation. However, when I try to test it out via the debugger panel, it would result in an error. Spoiler (Highlight to read) Command: !SlackBlockBuilder list_name="SLACKV3_BLOCK_ASK_URLALERT" channel_id="[redacted]" persistent="false" reply="Thank you for your res...

IDarma by L0 Member
  • 3777 Views
  • 3 replies
  • 0 Likes
  • 1302 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks