This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

O365 mail Graph API Integration - Best Practices

Hey all, I was exploring O365 graph API and wondering what are some of the best practices for this integration. One thing we came up was to IP restriction (Palo alto IP) in Microsoft side. Are there any other condition access policies that can be added to make sure we follow best practices, other than securing the Palo alto tenant and Micr...

Using Microsoft Authenticator MFA

Hello LiveComm, I am working on using MFA for authentication to xsoar on a server that has Active Directory (On-Prem) SAML authentication already in use. The use case is to require the user to authenticate using the Microsoft Authenticator app. I have searched around and have not found any documentation regarding this except for DUO though this ...

Community Edition

Hello, I have signed up for the community edition, however I have never received the download URL. Also, I signed up for the DFIR, but cannot access the slack, as the link is expired when sent.

loyglenn by L0 Member
  • 2385 Views
  • 2 replies
  • 0 Likes

how can I get cortex Community Edition

Hi,I filled out the form for the community edition at https://start.paloaltonetworks.com/sign-up-for-community-edition.html. I have received a confirmation email and an email for more information I have replied. unfortunately I get no response to use the Cortex / Paloalto. How can I get the cortex community edition? MP

ten4you by L0 Member
  • 6256 Views
  • 4 replies
  • 0 Likes

Creating a Queue on Slack Integration

Hello all, I am working with Slack from the playbook level where a message summarizing an incident is sent followed by Slackask automation to ask users on a channel to confirm the information with two interactive buttons. Take note that the flow has two different messages, the first is the summary using Slacknotification and the second task is ...

XSOAR Incident Re Run

soemtimes for testing purpose we need to create similar incident again but I am stuck at this phase. I have exisiting incident and i want to re run it(either manually create, duplicate and re run it or just simply re run exisitng incident, or importing it) but the question is how?. How to get this? Cortex XSOAR

Syedhkt by L2 Linker
  • 2109 Views
  • 2 replies
  • 0 Likes

XSOAR Upgradtion Issue

Cortex XSOAR 8 will have a new FQDN and IP Address in the new platform. May I know is there any existing playbook have pulled the XSOAR data, and export to third-party platform automatically? If yes, it may require to re-configure the IP Address. Cortex XSOAR

Syedhkt by L2 Linker
  • 1382 Views
  • 2 replies
  • 0 Likes

Does demisto xsoar support automatically assign tickets to analyst based on a list

Need help We have several analysts on schedule to perform ticket review bi-weekly. I have used a demisto xsoar job to generate a ticket review ticket every 2 weeks. However, how do i assign this ticket to the analyst automatically based on the shift schedule I have. For example, first is A doing the ticket review and then B doing the ticket re...

Creating a ServiceNow incident by taking the Slack user responses

Hi All, We have a requirement to create a ServiceNow ticket by taking the slack user responses. I have built a playbook which does send the SlackBlockBuilder to the specified Slack channel but the playbook runs only when an incident is attached to it.(I'm running the playbook by creating an empty incident manually in xsoar), but I want to playbo...

KHassan by L1 Bithead
  • 2009 Views
  • 2 replies
  • 0 Likes

XSOAR - GET-GPO DisplayName

Hi, I've created a playbook to analyze some alerts related to SOC and GPO, but the alerts come with ObjectGUID and I need to convert the GUID to DisplayName. In PowerShell, the command is simple: (Get-GPO -Guid "$GUID").DisplayName. I tried running this command in the war room, but it didn't work... Does anyone know how I can do this?"

tlmarques by L4 Transporter
  • 2216 Views
  • 2 replies
  • 0 Likes

Issue in enabling the "content-repository" feature.

Hi Team, I have a customer who wants to enable the "content-repository" built-in feature. They tried the below steps:1. First, they have enabled the feature successfully in DEV.2. Next, when they enabled the feature in PROD, they got an error (refer to screenshot "PROD")3. As mentioned in the above screenshot, tried to disable the feature in ou...

Phisphing feeds and enrichment

Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains, emails have been compromised or not. What do you recommend for Cortex XSOAR What feed and integration people use??I need for indicators type: URL;DOMAIN;EMAIL;FILE

tlmarques by L4 Transporter
  • 1455 Views
  • 1 replies
  • 0 Likes

Resolved! XSAOR with HA using Open search Upgrade

Hi Team, The customer uses the XSOAR in High Availability using OpenSearch. and the number of app servers is 2. So is it possible to upgrade the XSOAR not stopping the server? For ex) Stop the App server 1 and upgrade the App server 1 first, an start the App server 1 with the upgraded version, and second stop the App server 2. and upgrade th...

XSOAR Multi-Engine Deployment on CentOS7

I just had our instance migrated to 8.5. during testing we figure out that we could not update our engine using the shell program and need to do a zip deployment. The basic instructions for ZIP does not support multple engines on the same host. Here is our solution If see problems please comment xsoar create zip archive "d1_ENGINENAME".zi...

kreeves by L1 Bithead
  • 1309 Views
  • 1 replies
  • 0 Likes
  • 1300 Posts
  • 45 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks