Does anyone mind sharing any resources or practical examples of how they're using XSOAR to transition events/incidents across multiple analysts or shifts?
I have a couple different use cases where I have several steps in a playbook that I would like to complete again after the playbook is complete. I basically have several steps in a playbook that I would like to have launched by a button. I am trying to avoid the lengthy process of converting the steps to a standalone script. Plus, it is much eas...
Does anyone know and can share if there are websites or communities like this where playbooks used in Cortex XSOAR are shared? I'm not talking about code, but flowcharts etc
I have installed system diagnostics and health check content pack from marketplace(using xsoar version 6.12). I have followed the steps given in this article: https://xsoar.pan.dev/docs/reference/packs/system-diagnostics-and-health-check The pack has a playbook "Health Check", I am executing that playbook by creating a manual incident. I am gett...
Hello Live Comm, I am working on a use-case that allows us to extract indicators from specific reports and then pushes them to monitoring systems. We have seen that using the built-in Extract Indicator command causes domains to be extracted from URLs. Is there a way to allow only domains that are not in a URL to be extracted? I can see that you...
We have the Servicenow V2 integratoin enabled and we are able to retrieve "comments' but "work_notes" are not visible. - No errors are observed (it's just empty)- We are able to "add" work_notes from XSOAR. - We verified the permissions of the accounts being used in ServiceNow and no restrictions. - The "Use Display Value" checkbox is selected. ...
Hi team, I have a customer, who have enabled SSO login for access to their xSOAR portal. They want to disable CSP login to the XSOAR portal but maintain the account to be used for logging support tickets in CSP. Any action plan or steps please let me know.
Our company will use Servicenow "Incidents taks" to send a task to another team.Currently it is only possible to fetch "sc_tasks" which are Service Catalog tasks, however these service catalog tasks are not being used in our company. Use-case is that for example helpdesk opened a Incident and they send an "Incident task" to the SOC to help , a...
Hi team, In the crowdstrike builtin integration instance we have included the query to fetch detections as: status:['new'], but still the alerts with False Positive status are also getting fetched in XSOAR.
I've been trying to send a block message from the SlackBlockBuilder automation. However, when I try to test it out via the debugger panel, it would result in an error. Spoiler (Highlight to read) Command: !SlackBlockBuilder list_name="SLACKV3_BLOCK_ASK_URLALERT" channel_id="[redacted]" persistent="false" reply="Thank you for your res...
Hi all, I have a multi-tenant production and i have created a host but this host doesn't appear in the hosts in the main account. How can i fix this problem?
Hi everyone, I would like to ask is it possible to permanently delete the downloaded file in War Room? My team wants to make use of the Jobs function in XSOAR to handle files, and the file should be deleted in XSOAR after handling it.Thanks,Eliza
Hello everybody, after reading through some of the threads here, most people run into a similar issue as I did. Not receiving the URL to download - has anyone found a suitable solution? I used a company email, I waited a week for it to come after the approval - yet nothing came, does anyone have the link for me? Thanks in advance.
Hey all, I was exploring O365 graph API and wondering what are some of the best practices for this integration. One thing we came up was to IP restriction (Palo alto IP) in Microsoft side. Are there any other condition access policies that can be added to make sure we follow best practices, other than securing the Palo alto tenant and Micr...
Hello LiveComm, I am working on using MFA for authentication to xsoar on a server that has Active Directory (On-Prem) SAML authentication already in use. The use case is to require the user to authenticate using the Microsoft Authenticator app. I have searched around and have not found any documentation regarding this except for DUO though this ...
| Subject | Likes |
|---|---|
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
