Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Enriching context data with info from datasets

Hi, Is anyone able to guide me on how to achieve this perhaps? I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appreciated. thanks in adv

PA_nts by L4 Transporter
  • 2034 Views
  • 0 replies
  • 0 Likes

XSOAR IP Forwarding requirement

For Cortex XSOAR 6.X On-premises deployment, in server deployment / system requirements describes that IPv4 IP forwarding is required (System Requirements • Cortex XSOAR Administrator Guide • Palo Alto Networks documentation portal ). Security team is questioning if there is other possibility to deploy XSOAR by not enabling IPv4 IP Forwarding or...

M.Sylos by L0 Member
  • 1178 Views
  • 0 replies
  • 1 Likes

Any.run Cloud Sandbox Integration - Instructions not Clear

Hello LiveComm, I am attempting to establish the Any.run integration on my XSOAR. I am using the latest version and have an issue with the instance properties. Firstly, there is no "Use system proxy settings" and the instance requires URL, User, Password API Key, API Key ID. Every value here is obligatory and it is not clear how to make this wor...

Playbook trigger on all new alerts

I am trying to create a playbook that uses the ms-teams-message to send it to my teams webhook. I want the playbook to trigger and run for all new alerts. I have the trigger set now to resolution status=new, but this is not triggering for all new alerts even the ones with that status. Any ideas how to trigger on all new alerts or a better way to...

Export Incidents List >50 items

I need to export a list of (filtered) Incidents on the XSOAR Incidents page/list. If I click the "Select All Rows" checkbox at the top-left of the list, and then use the Export button, I get an xlsx file, but it only has 50 rows (which is apparently the unchangable limit of how many rows it selects. However, if I click the "Select all x,xxx item...

Firewall cortex and Windows 11

Hello, I have a question regarding the Cortex Firewall. Does the Cortex Firewall component take control of the Windows Firewall? In other words, if the Windows Firewall is active on an endpoint, will Windows Defender show that it's being managed by Cortex? Thanks.

Need better approach to solve wrong commits on Content Pack

Scenario: Two developer working on same playbook on Dev environment. For ex Playbook Name: XXX_playbook Developer A & Developer B working on XXX_playbook and both make changes independently. 'A' makes first commit on develop branch. Then, 'B' makes second commit. B assumes his changes are ready to be promoted to prod. But, 'A' not. Now, i...

sandbox environment

Hello, How can my Security Operations team access a dedicated, hands-on lab or sandbox environment to practice building playbooks and automations in Cortex XSOAR?

Cannot add Links between Tasks - messed up in browser.

Hi All, Weird one.. so recently this started and I tried chrome, firefox and edge.. all does the same.. even in private windows. i can edit a playbook, add tasks etc.. but when i try to add the 'link' between tasks, the link either disappears or shows the first 10% of the link only.. the rest just disappears and often pops a blank task instea...

PA_nts by L4 Transporter
  • 663 Views
  • 1 replies
  • 0 Likes

there any official training environments

I'm dedicated to self-learning the platform but understand the standalone Community Edition may have been discontinued. Since I am not currently a Palo Alto Networks Partner or a paying customer, what are the recommended ways for an individual to get hands-on lab or development access to XSOAR for extended learning? Are there any official trai...

Active Directory Query - Wrong info when null provided

I still consider myself fairly new to XSOAR and haven't written a lot of playbooks so maybe I'm doing this wrong, but here's my issue.When using the Active Directory Query pack's commands (the ad-get-user most recently but I believe ad-disable-account also works this way) it doesn't error when a null value is input. Instead it returns the random...

sackett by L1 Bithead
  • 1153 Views
  • 3 replies
  • 0 Likes
  • 1304 Posts
  • 45 Subscriptions