Cortex XSOAR Discussions

xdr-get-incident command date time dispute

Hello everyone,

I have a script that need to get incidents from server.

incidents = execute_command(

"xdr-get-incidents",

{

"lte_creation_time": last_creation_time.split("+")[0],

"gte_creati

...

MITRE ATT&CK Framework

Hi ,
Is there a way to automate the process of mapping every incident to its MITRE Technique ,
or it should be manual for every incident ?

Resolved! Unblock IP

Hi,

I have been using Panorama integration to block the IP. Is there any way where I can unblock the IP or remove the IP from address group of Panorama.

Resolved! XQL Query for CVE counts in XDR per endpoint_name

does anyone have a xql query that will return endpoint_names with and associated CVE count?

Extracting IOC from threat Intel Email

Hi everyone. I am new to this industry and I am looking for guidance on how to extract IOC from threat intel email body in Xsoar Playbook. Hoping if someone can help out. Thank you.

Resolved! Your session has expired. Logint to continue.

XSOAR server based community edition is always asking me my admin cred. It happens every 10 seconds. How can I remediate this issue ? Thanks in advance.

False Positives Microsoft Teams Large Upload

Hey,

I need your help.

We are receiving alerts "XDR Incident 945 - 'Large upload (generic)' generated by #XDR Analytics detected...

Basically, this appears when the user makes a call, shares documents, or shares their screen (using Microsoft Teams)

...

CrowdStrike XDR Use cases with Pala Alto Cortex

Hi Team,

Can you please suggest a few case studies where CrowdStrike XDR is integrated with Cortex SOAR and what were the areas and use cases that were implemented and helped the customer?

We wanted to present this to a management that already has

...

Resolved! Playbook waiting for a manual Set task

Hello community,

I have some playbooks that are responsible for closing incidents in the various sources (XDR, QRadar, XSOAR, JIRA, ...) once I enter a reason or reason for them to be closed.

I have done this using a "Set" automation that wa

...

Per Month Query using Beve Query Syntax

Hi,

I am trying to take a sum of incidents over a given time, and divide this sum per month, using Beve Syntax.

I there any syntax that would give me a per-month break down? So I can take incidents per month, and display them in a widget using a b

...

No remote "Content Repository" tab despite ui.version.control.show.remote = true

Hi,

I am trying to setup remote repositories, in a first step only the dev environment.

In About -> Troubleshooting I have set "ui.version.control.show.remote" to "true" (copy-pasting it from the documentation [1] and checking multiple times for ty

...

incidents pulling time

Hi ,
in my Qradar integration I don't have this parameter ,

I have enabled the "Long Running Instance" and still it takes too long for the incidents to be fetched.

Is there a way to manually configure the Incident Fetch Interval.
I'm using IBM QRad

...

Hi, I am trying to create a custom widget that calculate follwing (Total Incident+ Total Command Execution) with date paramters adjusted by widget. I tried to implement this with JSON method and Automation Script but unable to get the solution. Can y

...

Resolved! Mapping labels "message" to Incident Context without Regex

Kind of similar to the below link:

LIVEcommunity - Cortex XSOAR Context Issue - LIVEcommunity - 437729 (paloaltonetworks.com)

I've tried mapping content from the Abnormal Security integration and from the Syslog v2 integration. The Abnormal Securit

...

Create Slack Channel from XSOAR

I am attempting to create a Slack channel from XSOAR using the slack-create-channel command. After a few minutes, I get the following error:
"Reason

Error from SlackV3 is : Script failed to run: Timeout Error: Docker code script failed due to timeo

...

Cortex XSOAR Discussions

Discussions

xdr-get-incident command date time dispute

MITRE ATT&CK Framework

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Extracting IOC from threat Intel Email

Resolved! Your session has expired. Logint to continue.

False Positives Microsoft Teams Large Upload

CrowdStrike XDR Use cases with Pala Alto Cortex

Resolved! Playbook waiting for a manual Set task

Per Month Query using Beve Query Syntax

No remote "Content Repository" tab despite ui.version.control.show.remote = true

incidents pulling time

Resolved! Custom Widget Xsoar

Resolved! Mapping labels "message" to Incident Context without Regex

Create Slack Channel from XSOAR

A Few Quick Questions About the Community Edition

How to work on File Content collected from Azure blob in Playbook

Powershell Modules in Xsoar Cloud

Azure Active Directory users - Incorrect padding

XSOAR 8 + Export Data to On-premise for Retention Compliance

Re: XSOAR - Transform Language

How can i trigger playbook once Indicator has beed added?

Re: How to work on File Content collected from Azure blob in Playbook

Re: How to work on File Content collected from Azure blob in Playbook

Re: Powershell Modules in Xsoar Cloud

Unlock your full community experience!

Cortex XSOAR Discussions

Resolved! Unblock IP

Resolved! XQL Query for CVE counts in XDR per endpoint_name

Resolved! Your session has expired. Logint to continue.

Resolved! Playbook waiting for a manual Set task

Resolved! Custom Widget Xsoar

Resolved! Mapping labels "message" to Incident Context without Regex