Cortex XSOAR Discussions

Problem to whitelist internal domains and IP's

Need help, as in Cortex XSOAR , I'm having issues adding my domains and internal networks to a whitelist
In the settings, I have two options for this, but I can't edit them.
Anyone else experiencing the same issue? My objective was to insert and exclu

...

How can I get the scores of the indicators I extract with commands?

Greetings to everyone,

With the help of an automation, I extract indicators from incoming incidents. I do this by running commands that createNewIndicator and then enrichIndicator. But these are not written to the context. I need to write them to the

...

Unable to spin up XSOAR community edition

Trying to install community edition on ubuntu ec2 instance via wget but getting 401 unauthorized error.

Any assistance on this ?

Mutli-Tenant - Playbook Sync

Hello,

Do I have to select everything individually when syncing content from main tenant to child tenants?
For example,
I will sync the playbook, I cannot see the indicent fields used in the playbook. I have to select them one by one.
How can I make i

...

Data Entry (Data collection) Issue after XSOAR 8.5 update

After the XSOAR 8.5 update, our playbook data collection tasks are having data entry issues via the keyboard. The user can enter the first character, but each successive characters needs to be "double-striked" (hit twice) to be recognized. This is

...

Resolved! ThreatConnect's reputation commands does not return correct results when no indicator found

Hi all,

I am not sure if this is a bug in ThreatConnect pack since its reputation commands does not return correct results when it could not find the indicator. The correct behavior should be https://xsoar.pan.dev/docs/integrations/dbot#unknown. Si

...

Using the Customer Service Management ServiceNow Plugin with Cortex XSOAR

Hello all,

I wanted to share the following procedure I worked through to use the existing XSOAR ServiceNow V2 Integration with the Customer Service Management plugin for ServiceNow.

This topic came up during a customer engagement and I was able to

...

Resolved! Incident Tables in Custom Layouts

I have a custom layout containing an Linked Incidents table panel. I've edited this layout/table to present specific incident fields (columns) in a defined order. First, I've noticed this does not always show changes to these columns when editing the

...

Resolved! Dynamic user input

Hi,

I was asked to display a dropdown with each element representing a script. A button next to the dropdown would execute the selected script. Each script requires different user input. Is there a way to ask the user for input based on what elemen

...

Automate Reported Phishing Email Attachments to CrowdStrike Falcon Sandbox w/ XSOAR

I was wondering how to create a playbook so when a user reports an email as phishing, to somehow have it automatically upload to the CrowdStrike Falcon Sandbox for further analysis - Basically anytime a phishing email with an attachment is submitte

...

Connecting Cortex XSOAR to Internal Cloud Hosted Panorama for Prisma Access Integration

I'm seeking assistance on securely establishing an SSH connection from Cortex XSOAR to Panorama as part of the integration Prisma Access with XSOAR. This integration aims to execute CLI commands on Panorama, which is hosted within Azure (internally).

...

Difference between "Delete" as a table action and "Delete incidents" as a permission

What is the difference between delete incidents permission and incidents table action "delete"? What are the cases where you enable one and disable the other?

Resolved! Looping A Sub-Playbook

Require some suggestions.

I am trying to loop a sub-playbook.
If the exit condition is met, everything is okay. However, if max number of iterations are reached the playbook throws and error that waiting for manual input and fails.

Anyone has any id

...

Resolved! Cortex XSOAR SSH Outbound Connection IP issue

Hello, I'm working on configuring SSH connections from Cortex XSOAR to our internal Azure-based system. To ensure secure and uninterrupted connectivity, I need to whitelist the IP address used by Cortex XSOAR for these outbound connections in our fir

...

Reopen XSOAR Incidents Bulk in XSOAR

Hello all,

I need to reopen a large amount of incidents on Xsoar. Can anyone suggest how I can do this?

I have tried to run both the built-in command and the automation to reopen from the run command button with the bulk incidents selected but to n

...

Discussions

Problem to whitelist internal domains and IP's

How can I get the scores of the indicators I extract with commands?

Unable to spin up XSOAR community edition

Mutli-Tenant - Playbook Sync

Data Entry (Data collection) Issue after XSOAR 8.5 update

Resolved! ThreatConnect's reputation commands does not return correct results when no indicator found

Using the Customer Service Management ServiceNow Plugin with Cortex XSOAR

Resolved! Incident Tables in Custom Layouts

Resolved! Dynamic user input

Automate Reported Phishing Email Attachments to CrowdStrike Falcon Sandbox w/ XSOAR

Connecting Cortex XSOAR to Internal Cloud Hosted Panorama for Prisma Access Integration

Difference between "Delete" as a table action and "Delete incidents" as a permission

Resolved! Looping A Sub-Playbook

Resolved! Cortex XSOAR SSH Outbound Connection IP issue

Reopen XSOAR Incidents Bulk in XSOAR

Do we have XQL query builder feature in XSOAR

Where is the XSAOR 8 CLI Reference?

Pre Processing Rules Logs

XSOAR CMDB - SQL issue

Cortex XSOAR - Best Practice Optimize Threat Intelligence Management (TIM)

XSOAR - Scaling for pop-up windows and drop-down menus

Ability to paste images in Incident Tasks

Re: Couldn't sort by date in bar graph widget in Dashboard

Unlock your full community experience!

Resolved! ThreatConnect's reputation commands does not return correct results when no indicator found

Resolved! Incident Tables in Custom Layouts

Resolved! Dynamic user input

Resolved! Looping A Sub-Playbook

Resolved! Cortex XSOAR SSH Outbound Connection IP issue