This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Incident Layout dynamic section as input

Hello!
I would like to ask you how to implement a way to define the input values on the Incident Layout.

For example, I would need it in a case where I have a sub playbook and I want to give a value to one of its mandatory arguments without having to

...

szodinn by L0 Member
  • 1051 Views
  • 2 replies
  • 0 Likes

Resolved! SlackAskV2 automation

Hi all,


I'm trying out SlackAskV2 and my message is being sent to the channel successfully. I used 'Yes' and 'No' as options.

When I click the 'Yes' or 'No' buttons from the slack channel, nothing is returned to the War Room.

Now, where do I find the

...

Mapping fields to XSOAR IOCs

I'd appreicate guidance on how to update IOC fields with information extracted from an excuted playbook task. 

 

My use case centers around updating File Hash IOCs to include file signature metadata information to enable easier cleaning up of IOCs as

...

jemeche by L0 Member
  • 1087 Views
  • 3 replies
  • 0 Likes

Resolved! [Multi-Tenant] System configuration levels

in a multi tenant environment, should I forward all the system configurations to tenants or are some of them meant only for hosts?

CSP cases in particular, can be pretty confusing. CSP tells me to put a sys config on the main account and in another c

...

Rasterized content on Incident Layout

Hello!
I have a question. How can I make it so that I would like to rasterize email/url. The image that appears in the war room (which is the result of running the command) i would like to display on one layout field.

I guess I should use dynamic secti

...

szodinn by L0 Member
  • 870 Views
  • 1 replies
  • 0 Likes

Resolved! No output in action

In the "cybereason-get-sensor-id" task we manage to retrieve the sensor id for a given machine, but only in the result tab.

 

In fact, it looks like the integration doesn't return an output result, so we're not able to use the sensorId as an input fu

...

Aurelien19_0-1690534478128.png
Aurelien19_1-1690534544985.png

Custom Fetch Incidents

Hi, I want to use Exabeam integration in XSOAR but not to fetch incidents (incident responder) as it is currently set in fetch-incidents command, that is in fetch_incidents function.

The plan would be to fetch with get-notable-users command, which pr

...

MMagdic by L2 Linker
  • 962 Views
  • 1 replies
  • 0 Likes
  • 1075 Posts
  • 33 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks