Crowdstrike falcon incident fetching issue

Hi team,

In the crowdstrike builtin integration instance we have included the query to fetch detections as: status:['new'], but still the alerts with False Positive status are also getting fetched in XSOAR.

Host Doesn't Appear in Main Account

Hi all,

I have a multi-tenant production and i have created a host but this host doesn't appear in the hosts in the main account.

How can i fix this problem?

Delete File from War Room

Hi everyone,

I would like to ask is it possible to permanently delete the downloaded file in War Room? My team wants to make use of the Jobs function in XSOAR to handle files, and the file should be deleted in XSOAR after handling it.

Thanks,

Eliza

GoQR.me QR Code Reader misbehaving

I have an XSOAR 8.5 instance with a playbook which makes use of the GoQR.me QR Code Reader integration.

It had been working nicely in the playbook for months, but has begun to misbehave.

In the playbook, images are extracted from a phishing email a

Access to XSOAR Community edition

Hello everybody,

after reading through some of the threads here, most people run into a similar issue as I did. 

Not receiving the URL to download - has anyone found a suitable solution? 

I used a company email, I waited a week for it to come aft

Cortex XSOAR - Community Edition Support

Post here for all of your Community Edition support questions and one of our product experts will get back to you soon! 

Non Enterprise Security Splunk users

Hi

Please share some info on how you are running your setup.

We are currently using the TA-Demisto splunk app to push the alerts to the XSOAR but having issues with excessive incidents in XSOAR being created when we use the |table in our searches a

O365 mail Graph API Integration - Best Practices

Hey all,

I was exploring O365 graph API and wondering what are some of the best practices for this integration.

One thing we came up was to IP restriction (Palo alto IP) in Microsoft side.

Are there any other condition access policies that can

Using Microsoft Authenticator MFA

Hello LiveComm,

I am working on using MFA for authentication to xsoar on a server that has Active Directory (On-Prem) SAML authentication already in use. The use case is to require the user to authenticate using the Microsoft Authenticator app. I hav

Community Edition

Hello, I have signed up for the community edition, however I have never received the download URL. Also, I signed up for the DFIR, but cannot access the slack, as the link is expired when sent.

how can I get cortex Community Edition

Hi,

I filled out the form for the community edition at https://start.paloaltonetworks.com/sign-up-for-community-edition.html. I have received a confirmation email and an email for more information I have replied.

unfortunately I get no response to use

Creating a Queue on Slack Integration

Hello all, 

I am working with Slack from the playbook level where a message summarizing an incident is sent followed by Slackask automation to ask users on a channel to confirm the information with two interactive buttons. Take note that the flow has

XSOAR Incident Re Run

soemtimes for testing purpose we need to create similar incident again but I am stuck at this phase. I have exisiting incident and i want to re run it(either manually create, duplicate and re run it or just simply re run exisitng incident, or importi