Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Uploading report via demisto api post request

Hello everyone,

 

I am trying to upload json file to create report. Despite I tried tons of way I couldn't send the body properly. demisto-api-post request need multipart/form-data content type. Is there any way to send raw json properly?

 

Here is m

...

Paint markdown table cells or rows

Hello,

We use markdown tables to show the analysts' incident data. We use them for manual tasks in details as in layouts. We'd like to paint those cells where the data shown is critical. For example, on a markdown table where some hashes are detonate

...

Josep by L4 Transporter
  • 4439 Views
  • 3 replies
  • 0 Likes

XSOAR Threat intel IOC Ingestion to Splunk

Hi,

 

We have created EDL query to ingest IOC to the SPLUNK from XSOAR Threat intel management Platform.

 

We have to know that Refresh List will work  and how to get all IOC via EDL query from XSAOR

 

Kindly share any best practice any one implement

...

Resolved! Create widget for bioc and ioc rule numbers

Hello everyone,

 

I am trying to get numbers of bioc and ioc rules from our xdr integration. I want to create a widget to see that how many ioc and bioc rules added week by week. Do anyone have idea for this?

 

Thanks in advance.

 

Cortex XDR Cortex

...

query(group) indicators by domain name

If I have a tenant/account that has incidents.

some of those incidents have indicators / entities tied to abc.com or xyz.com

Is there a way to query for, show me all the incidents that have hostnames or account names that end in abc.com?

Wasn't having l

...

JoshBoyd by L2 Linker
  • 812 Views
  • 1 replies
  • 0 Likes

Resolved! Generating reports through automation

Hi everyone,

 

In our environment, we are supposed to generate reports through playbooks since we want to be able to customize the template according to the incident type. Executing the report is simple but downloading is not that simple.

 

I am foll

...

Move War Room Entries section

Hi all!
I want to move this section to a different tab in the layout. How do I do that?

I've tried using the War Room Entries section to the tab where I wanted it to be, but the filter 'URL Enrichment' is not listed. Any tips?

 

Thanks!

Screenshot 2023-08-11 at 12.43.01 PM.png

Cortex XSOAR Deployment

I want to ask for the Cortex XSOAR installation which is a free trial, can it only be installed on premise or can it be done on a cloud basis? because after I requested a free trial for cortex XSOAR they directed it to install on premise


Resolved! Playbook Args

Hi all, 

I want to get an argument from user when playbook running. Actually, the first method I can think of is as below. But can you give a more user-friendly example?

Ekran görüntüsü 2023-08-10 163821.png

Resolved! XSOAR Shift Management and Incident Assignment

I've read a little about the Shift Management function.

Does this allow for intelligence to auto-assign incidents?

Example:
5 people on shift, based on threshold of SLA, auto-assign incident round robin style to the analyst that are in the queue?

Is ther

...

JoshBoyd by L2 Linker
  • 1548 Views
  • 2 replies
  • 0 Likes
  • 1076 Posts
  • 33 Subscriptions
Top Solution Authors
Top Liked Authors