This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.
About Cortex XSOAR Discussions
Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

Discussions

Start a conversation

Any.run Cloud Sandbox Integration - Instructions not Clear

Hello LiveComm, I am attempting to establish the Any.run integration on my XSOAR. I am using the latest version and have an issue with the instance properties. Firstly, there is no "Use system proxy settings" and the instance requires URL, User, Password API Key, API Key ID. Every value here is obligatory and it is not clear how to make this wor...

Playbook trigger on all new alerts

I am trying to create a playbook that uses the ms-teams-message to send it to my teams webhook. I want the playbook to trigger and run for all new alerts. I have the trigger set now to resolution status=new, but this is not triggering for all new alerts even the ones with that status. Any ideas how to trigger on all new alerts or a better way to...

Export Incidents List >50 items

I need to export a list of (filtered) Incidents on the XSOAR Incidents page/list. If I click the "Select All Rows" checkbox at the top-left of the list, and then use the Export button, I get an xlsx file, but it only has 50 rows (which is apparently the unchangable limit of how many rows it selects. However, if I click the "Select all x,xxx item...

Firewall cortex and Windows 11

Hello, I have a question regarding the Cortex Firewall. Does the Cortex Firewall component take control of the Windows Firewall? In other words, if the Windows Firewall is active on an endpoint, will Windows Defender show that it's being managed by Cortex? Thanks.

Need better approach to solve wrong commits on Content Pack

Scenario: Two developer working on same playbook on Dev environment. For ex Playbook Name: XXX_playbook Developer A & Developer B working on XXX_playbook and both make changes independently. 'A' makes first commit on develop branch. Then, 'B' makes second commit. B assumes his changes are ready to be promoted to prod. But, 'A' not. Now, i...

sandbox environment

Hello, How can my Security Operations team access a dedicated, hands-on lab or sandbox environment to practice building playbooks and automations in Cortex XSOAR?

Cannot add Links between Tasks - messed up in browser.

Hi All, Weird one.. so recently this started and I tried chrome, firefox and edge.. all does the same.. even in private windows. i can edit a playbook, add tasks etc.. but when i try to add the 'link' between tasks, the link either disappears or shows the first 10% of the link only.. the rest just disappears and often pops a blank task instea...

PA_nts by L4 Transporter
  • 635 Views
  • 1 replies
  • 0 Likes

there any official training environments

I'm dedicated to self-learning the platform but understand the standalone Community Edition may have been discontinued. Since I am not currently a Palo Alto Networks Partner or a paying customer, what are the recommended ways for an individual to get hands-on lab or development access to XSOAR for extended learning? Are there any official trai...

Active Directory Query - Wrong info when null provided

I still consider myself fairly new to XSOAR and haven't written a lot of playbooks so maybe I'm doing this wrong, but here's my issue.When using the Active Directory Query pack's commands (the ad-get-user most recently but I believe ad-disable-account also works this way) it doesn't error when a null value is input. Instead it returns the random...

sackett by L1 Bithead
  • 1072 Views
  • 3 replies
  • 0 Likes

Deduping in Playbooks

I'm confused as to how to use the DedupBy command/script in my Playbook. I have a set command that grabs all the UPNs from a list of alerts in the data. This results in the Context data of:Defender:{UPNs:[0:"user1@domain.com"1:"user2@domain.com"2:"user1@domain.com"3:"user3@domain.com"]}I'd like to Dedup this list to use later on in my Playbook b...

sackett by L1 Bithead
  • 588 Views
  • 1 replies
  • 0 Likes

Resolved! XSOAR Dev to Prod - Builtin content repository

Hi, I'm looking into how we can use the built-in content repository to push content from the development to the production tenant. In this scenario, Palo Alto will handle the content repository. If I want to manage branching, is it possible to do so without using a private GitHub repository? I would appreciate any insights on this.

Resolved! Cortex XSOAR intergration with Terraform Cloud?

As Cortex XSOAR can use the API of Ansible Tower (the normal ansible does not have API so Tower is needed) to trigger playbooks (https://xsoar.pan.dev/docs/reference/integrations/ansible-tower ) for managing many kinds of devices it is interesting if there will be a native integraion with the Terraform Cloud as it also has API like Ansible Towe...

  • 1302 Posts
  • 45 Subscriptions
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks