This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Need better approach to solve wrong commits on Content Pack

Scenario: Two developer working on same playbook on Dev environment. For ex Playbook Name: XXX_playbook Developer A & Developer B working on XXX_playbook and both make changes independently. 'A' makes first commit on develop branch. Then, 'B' makes second commit. B assumes his changes are ready to be promoted to prod. But, 'A' not. Now, i...

sandbox environment

Hello, How can my Security Operations team access a dedicated, hands-on lab or sandbox environment to practice building playbooks and automations in Cortex XSOAR?

Cannot add Links between Tasks - messed up in browser.

Hi All, Weird one.. so recently this started and I tried chrome, firefox and edge.. all does the same.. even in private windows. i can edit a playbook, add tasks etc.. but when i try to add the 'link' between tasks, the link either disappears or shows the first 10% of the link only.. the rest just disappears and often pops a blank task instea...

PA_nts by L4 Transporter
  • 596 Views
  • 1 replies
  • 0 Likes

there any official training environments

I'm dedicated to self-learning the platform but understand the standalone Community Edition may have been discontinued. Since I am not currently a Palo Alto Networks Partner or a paying customer, what are the recommended ways for an individual to get hands-on lab or development access to XSOAR for extended learning? Are there any official trai...

Active Directory Query - Wrong info when null provided

I still consider myself fairly new to XSOAR and haven't written a lot of playbooks so maybe I'm doing this wrong, but here's my issue.When using the Active Directory Query pack's commands (the ad-get-user most recently but I believe ad-disable-account also works this way) it doesn't error when a null value is input. Instead it returns the random...

sackett by L1 Bithead
  • 966 Views
  • 3 replies
  • 0 Likes

Deduping in Playbooks

I'm confused as to how to use the DedupBy command/script in my Playbook. I have a set command that grabs all the UPNs from a list of alerts in the data. This results in the Context data of:Defender:{UPNs:[0:"user1@domain.com"1:"user2@domain.com"2:"user1@domain.com"3:"user3@domain.com"]}I'd like to Dedup this list to use later on in my Playbook b...

sackett by L1 Bithead
  • 547 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Dev to Prod - Builtin content repository

Hi, I'm looking into how we can use the built-in content repository to push content from the development to the production tenant. In this scenario, Palo Alto will handle the content repository. If I want to manage branching, is it possible to do so without using a private GitHub repository? I would appreciate any insights on this.

Resolved! Cortex XSOAR intergration with Terraform Cloud?

As Cortex XSOAR can use the API of Ansible Tower (the normal ansible does not have API so Tower is needed) to trigger playbooks (https://xsoar.pan.dev/docs/reference/integrations/ansible-tower ) for managing many kinds of devices it is interesting if there will be a native integraion with the Terraform Cloud as it also has API like Ansible Towe...

Integration issue Mail Listener v2 with O365

Dear All, I would like to seek support if anyone encounter issue Cortex XSOAR "Mail-Listener-v2" with O365? I have do allow permission and try with different IMAP and Port, but the issue still persist. Appreciate, for any advice to resolve this matter. Best Regards, Sopanha

SopanhaRoth_0-1759309346266.png
SopanhaRoth_1-1759309372281.png

[Proposing Solution] Failure to extract zip file downloaded from ThreatGrid integration command

Cisco Secure Malware Analytics (Threat Grid) v2 is an OOTB integration comes as part of Cisco Secure Malware Analytics content pack to connect with ThreatGrid(TG) platform and achieve various functionalities. Issue background: !threat-grid-sample-list integration command downloads resources for the given sample id from ThreatGrid depending on th...

XSOAR SLA Script

Hi everyone, I have a question regarding SLA tagged scripts on XSOAR. I have a field-change-triggerred script that starts an SLA timer within automation if the field is changed to certain values. This part is okay and we observe that the sla timer starts succesfully. I want to run an SLA script when breach is triggerred for this timer. I have...

Is there Any STIX format for external threat feeds via TAXII Protocol

Hi Palo Alto Community, Is there any documentation or configuration for Palo Alto NGFW that can be integrate with some external threat intelligence feed (via TAXII) to block any IoCs list? I need documentation for direct device, but if you have documentation using TIM in Cortex XSOAR, you can share to me. Now I using TIM in Cortex XSOAR to gat...

A.Faruq by L1 Bithead
  • 595 Views
  • 0 replies
  • 0 Likes
  • 1298 Posts
  • 45 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks